Encryption solutions to secure your data and your business.

IBM Security Guardium Data Encryption consists of an integrated suite of products built on a common infrastructure. These highly-scalable solutions provide encryption, tokenization, data masking and key management capabilities to help protect and control access to databases, files and containers across the hybrid multicloud—securing assets residing in cloud, virtual, big data and on-premise environments. Securely encrypting file and database data with such functionalities as tokenization, data masking and key rotation can help organizations address compliance with government and industry regulations, including GDPR, CCPA, PCI DSS and HIPAA.


Compliance-ready capabilities

Guardium Data Encryption's capabilities—such as data access audit logging, tokenization, data masking and key management—help meet regulations such as HIPAA, CCPA or GDPR.

Simplified operations and reduced costs

Guardium Data Encryption's solutions centralize access controls and key management for a variety of encryption environments, providing operational savings and reducing multiple vendor sourcing.

Protects data across environments

Guardium data encryption is deployable on-premise and across hybrid multicloud environments, securing your data wherever it resides.

Guardium Data Encryption can help meet a variety of business needs, including:

Integrated and centrally managed encryption solutions

Guardium Data Encryption is composed of a modular set of data security products that can be deployed individually or in combination to provide encryption, tokenization and key management services. The solutions are centrally managed through the Data Security Manager, which sets platform policy for all GDE products and manages encryption keys.

Encryption for files, databases, containers and applications

Guardium Data Encryption helps security teams protect sensitive data across the organization, offering capabilities for protecting and controlling access to databases, files, applications and containers. It can help protect assets residing in cloud, virtual, big data and physical environments.

Encryption key storage, rotation and lifecycle management

Centralized management from the Data Security Manager facilitates the storage, rotation and lifecycle of all your encryption keys for KMIP-compatible data repositories and databases, such as Oracle, VMWare, or SQL. Additionally, Guardium Data Encryption's Bring Your Own Key (BYOK) allows customers to own and control the keys to their encrypted data stored on multiple cloud service providers.

Management of user access policies

Guardium Data Encryption allows for granular user access control. Specific policies can be applied to users and groups, with controls that include access by process, file type and time of day, among other parameters. Access controls for all Guardium Data Encryption products are managed centrally from the Data Security Manager.

Tokenization and data masking

Obscure data at rest with format-preserving tokenization, which protects data without altering database schema. Use dynamic data masking to obscure specific parts of a data field to protect data in use. Tokenization methods and data masking policies are controlled through a centralized graphical user interface.

Support for regulatory compliance efforts

Strong data encryption, robust user access policies and key management capabilities designed to help you address compliance with industry and government regulations such as HIPAA, PCI DSS, CCPA and GDPR.

Cloud key orchestration