IBM Guardium Data Encryption provides encryption capabilities to help you safeguard on-premises structured and unstructured data and comply with industry and regulatory requirements. This software performs encryption and decryption operations with minimal performance impact and requires no changes to databases, applications or networks. To protect and encrypt sensitive data in Cloud and hybrid environments, IBM also provides IBM Multi-Cloud Data Encryption.

IBM Guardium Data Encryption offers protection for sensitive data on premises, including:

  • Transparent, rapid implementation—requires no changes to applications, the underlying database or hardware infrastructure
  • Centralized key and policy management—delivers a unified management system to help simplify data security management
  • Compliance-ready capabilities—provide granular auditing and reporting to help you meet data governance requirements such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), Sarbanes–Oxley (SOX), and PCI Data Security Standard (PCI DSS)

Transparent, rapid implementation

  • Performs encryption and decryption above the file system or logical volume layer so it is transparent to users, applications, databases and storage subsystems
  • Performs encryption and decryption above the file system or logical volume layer so it is transparent to users, applications, databases and storage subsystems
  • Requires no coding or modification to applications or databases
  • Protects both structured and unstructured data
  • Provides scalability for large and complex environments including thousands of systems and files. IBM Guardium Data Encryption also scales to help protect data in new computing models like cloud and big-data environments
  • Provides extensible protection to log files, configuration files and other database output

Centralized key and policy management

  • Provides a secure, centralized key management for self-encrypting devices
  • Supports multi-cloud encryption, network devices, and flash storage
  • Enables consistent and common best practices for managing the protection of structured and unstructured data
  • Supports established data classification and acceptable use policies
  • Provides an organized, secure management to keep data private and compliant

Compliance-ready capabilities

  • Enforces separation of duties by supporting separate database management system (DBMS) and security administration
  • Provides granular and configurable auditing and reporting of access requests to protected data, as well as changes to policies and keys
  • Provides audit management to reduce audit scope
  • Scales in heterogeneous environments
  • Tokenization support and provides encryption for databases and big data platforms, files and folders, applications, and cloud and hybrid environments
  • Integrates with existing security information and event management (SIEM) solutions