Feature spotlights

Integrated and centrally managed encryption solutions

Guardium Data Encryption is composed of a modular set of data security products that can be deployed individually or in combination to provide encryption, tokenization and key management services. The solutions are centrally managed through the Data Security Manager, which sets platform policy for all GDE products and manages encryption keys.

Encryption for files, databases, containers and applications

Guardium Data Encryption helps security teams protect sensitive data across the organization, offering capabilities for protecting and controlling access to databases, files, applications and containers. It can help protect assets residing in cloud, virtual, big data and physical environments.

Encryption key storage, rotation and lifecycle management

Centralized management from the Data Security Manager facilitates the storage, rotation and lifecycle of all your encryption keys for KMIP-compatible data repositories and databases, such as Oracle, VMWare, or SQL. Additionally, Guardium Data Encryption's Bring Your Own Key (BYOK) allows customers to own and control the keys to their encrypted data stored on multiple cloud service providers.

Management of user access policies

Guardium Data Encryption allows for granular user access control. Specific policies can be applied to users and groups, with controls that include access by process, file type and time of day, among other parameters. Access controls for all Guardium Data Encryption products are managed centrally from the Data Security Manager.

Tokenization and data masking

Obscure data at rest with format-preserving tokenization, which protects data without altering database schema. Use dynamic data masking to obscure specific parts of a data field to protect data in use. Tokenization methods and data masking policies are controlled through a centralized graphical user interface.

Support for regulatory compliance efforts

Strong data encryption, robust user access policies and key management capabilities designed to help you address compliance with industry and government regulations such as HIPAA, PCI DSS, CCPA and GDPR.

Cloud key orchestration

Customers who leverage the native cryptographic capabilities of AWS, Azure, SalesForce.com, and IBM can now control and manage the encryption keys for those environments simultaneously from a single interface. Optional integration with an on-premise hardware security module also helps to ensure that the anchor of trust is in hardware and under physical control of the customer at all times.

IBM Security Guardium Data Encryption Datasheet

How customers use it

  • Image of data center

    Encrypt your sensitive data, wherever it resides


    Enterprises are moving to the cloud to stay competitive, but not all are comfortable moving their sensitive data to the cloud, opting to keep their most sensitive data on premise. They need a solution that protects their data across environments.


    Users can deploy Guardium Data Encryption to encrypt their most sensitive information across hybrid multicloud environments, so that their data stays secure, whether its stored on premise or in private or public clouds.

  • Image of man managing encryption keys.

    Orchestrate and control encryption keys across multiple clouds


    When adopting the native encryption capabilities of the different cloud service providers, customers want to be able to create, control and manage the encryption keys used by their cloud service providers.


    Guardium Data Encryption puts customers in control of the generation, management and distribution of encryption keys, allowing them easily to bring their own keys (BYOK) to the cloud simultaneously across multiple could service providers from a single user interface.

  • Image of two men discussing policy-compliant access controls.

    Address compliance with industry and government regulations


    Encrypting personally identifiable information is a requirement of many industry and government regulations. Failure to comply with regulations can result in significant fines and reputational and financial losses.


    Guardium Data Encryption offers user access controls and encryption capabilities that can help you address many industry compliance and data privacy standards such as PCI-DSS and HIPAA, as well as government regulations like GDPR and CCPA.