Product Brief: IBM Guardium

IBM Product Briefing 

Guardium

Guardium products come in several variations that cover specific focused roles, since they are all broadly security devices it makes good sense to keep the functionality limited to a single role.

Product names relevant to this briefing include IBM Integration, IBM Security Guardium. 

IBM knowledge centre.

Guardium for File and Database Encryption

IBM Security™ Guardium® Data Encryption consists of an integrated suite of products built on a common infrastructure. For encryption at the file and database level, Guardium offers Guardium for File and Database Encryption, Guardium for File and Database Encryption with Live Data Transformation, and Guardium for Container Data Encryption. Guardium for File and Database Encryption encrypts data-at-rest with centralised key management, privileged user access control, and detailed data access audit logging that can help organisations address compliance reporting. It helps protect structured databases, unstructured files, and linked cloud storage accessible from systems on-premises, across multiple cloud environments, and even within big data and container implementations.

Why do you need it?

If your data is breached, you need a last line of defence that places protection as close to your data as possible and still enables authorised users to perform their jobs. Obscure sensitive data with flexible encryption solutions that safeguard data on-premises, in a single cloud, multiple clouds or hybrid environments. File and database encryption capabilities help you maintain control of sensitive data, enforce access policies and map to compliance requirements.

Guardium for Key Management

The IBM Security™ Guardium® portfolio consists of three separate key manager solutions: Guardium Key Lifecycle Manager (GKLM, formerly SKLM), Guardium for Cloud Key Management (GCKM), and Guardium for Data Encryption Management (GDKM). GCKM and GDKM are part of the IBM Security Guardium Data Encryption suite of products that come from our OEM partnership with Thales. GKLM is IBM Security owned and originated. Together, these solutions provide key management and orchestration for encrypted data on-premise and in the cloud. The key management solutions centralise, simplify and automate the encryption key management process to help minimise risk and reduce operational costs of encryption key management.

Why do you need it?

Encrypting (ciphering) data continues to be rapidly adopted for security, privacy, confidentiality and other reasons. Managing keys with a consistent, automated and easy tool is a must. Guardium key management solutions are well positioned to help any and all customers with their key management tasks. They can manage encryption keys in the cloud and on-premises. No competitor is better positioned to support key management for both IBM encrypting devices and non-IBM encrypting devices.

Guardium Insights

IBM Security™ Guardium Insights simplifies your organisation’s Data Security architecture and enables access to long-term data security and compliance data. It provides security teams with risk-based views and alerts, as well as advanced analytics based on proprietary ML technology to uncover hidden threats. Guardium Insights gives security professionals the ability to quickly create data security and audit reports, monitor activity in on-premise and DBaaS sources, and take action from a central location.

Understand and prioritise – Gather monitoring insights related to DBaaS and Guardium Data Protection-integrated sources to centralise, analyse and quickly uncover hidden threats and make more informed risk-based decisions.

Analyse potential data at risk – Efficiently store data security and audit related data over long-time horizons and streamline existing data security architecture to help data security teams work more effectively.

Identify and respond – Monitor and protect across the environment, leverage new ML advanced analytics, dynamically protect data, and create reports from a central location.

Why do you need it?

In today’s information age, there are constant threats to business-critical data. You must proactively address potential data security risks and manage ever-changing regulatory and industry requirements. These threats can affect intellectual property; strategic plans; financial data; or information about customers, associates and suppliers. If this data gets into the wrong hands, it could impact your company’s business processes, operations and competitive position. But without a clear view of organisations’ information assets and the potential vulnerabilities and risk they face throughout their lifecycle, implementing effective data measures can be a challenge.

Guardium Data Protection

IBM Security™ Guardium® offers organisations comprehensive visibility, actionable insights and real-time controls to help you comply with regulations, preserve privacy and secure your sensitive data — no matter where it is stored.

Does your security team know where your sensitive data resides, who has access to it or the best way to protect it? Without the right tools and resources, you might struggle to mitigate threats or address new compliance mandates, while strategic technology initiatives – such as moving data to the cloud – can fall flat. IBM Security™ Guardium® can help you take a smarter, more adaptive approach to protecting critical data wherever it resides.

Key capabilities and use cases:

• Automatically discover and classify sensitive data
• Identify data at risk and get remediation recommendations
• Monitor access and protect data
• Simplify security and compliance reporting
• Use contextual insights and analytics
• Vulnerability assessment scans
• Get a business perspective on data risk

Why do you need it?

Does your security team know where your sensitive data resides, who has access to it or the best way to protect it? Without the right tools and resources, you might struggle to mitigate threats or address new compliance mandates, while strategic technology initiatives – such as moving data to the cloud – can fall flat. IBM Security Guardium can help you take a smarter, more adaptive approach to protecting critical data wherever it resides.

Guardium for Application Encryption

IBM Security™ Guardium® for Application Encryption streamlines the process of adding encryption into existing applications, delivering standards-based APIs that power high performance cryptographic and key management operations. When encryption occurs at the application level, data is encrypted across multiple (including disk, file, and database) layers. Guardium for Application Encryption delivers key management, signing, and encryption services, enabling comprehensive protection of files, database fields, big data selections, and so on. The solution is FIPS 140-2 Level-1 certified, based on the PKCS#11 standard, and fully documented with a range of practical, use-case based extensions to the standard. It supports Windows®, Linux®, and Teradata environments (available through Guardium for Teradata Encryption).

Why do you need it?

Guardium for Application Encryption simplifies the process of adding key management and encryption to applications. Developers use RESTful APIs, Java®, .NET, or C libraries to implement PKCS#11 standards-based solutions. With the application encryption solution, customers can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.

Guardium for Tokenisation

IBM Security™ Guardium® for Tokenisation dramatically reduces the cost and effort required to comply with security policies and regulatory mandates. This solution provides data tokenisation and dynamic display security, safeguarding and anonymising sensitive assets. It allows users to leverage cloud, big data, and outsourced models more fully – without increased risk.

Why do you need it?

Guardium for Tokenisation helps customers to reduce the scope of compliance by dynamically masking sensitive data and replacing data with tokens. Tokenised data helps customers to maintain control and compliance when moving data to the cloud or big data environments. Guardium for Tokenisation can be deployed globally without concerns about token synchronisation or performance – server clustering enables easy scalability.