IBM Guardium Data Encryption: Product Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of top 10 enterprise encryption solutions.

Company Description

IBM has been a stalwart of the technology world for more than a century. The Guardium product has been in existence since 2002, and was acquired by IBM in 2009. The company trades as IBM on the New York Stock Exchange (NYSE).

Product Description

IBM Guardium Data Encryption provides encryption capabilities to safeguard on-premises structured and unstructured data. It performs encryption and decryption operations with minimal performance impact and requires no changes to databases, applications or networks. Features include centralized key and policy management, compliance-ready, and granular encryption of files and folders, as well as volumes of data, each protected under its own encryption key.

On the key management side, it uses standard key exchange protocols for integration with self-encrypting storage, applications and databases. In addition, it provides a clear and immutable audit trail, and separates the functions of key and data management.

IBM also provides several related data encryption solutions, including IBM Guardium Data Encryption (for on-premises data encryption), IBM Guardium Data Encryption for IMS and DB2 (for mainframe environments), IBM Security Key Lifecycle Manager (to securely distribute keys across complex encryption landscapes, including on-premises and cloud environments), and most recently, IBM Multi-Cloud Data Encryption (for cloud and hybrid environments), said Rick Robinson, Senior Offering Manager, IBM Data Security.


IBM encryption products leverage inherent platform capabilities (as in the case of Guardium for IP Multimedia System and DB2) as well as agents (as with Guardium Data Encryption and Multi-Cloud Data Encryption). For agent-based solutions, it supports agents on common Linux and Windows distributions as well as AIX.

Markets and Use Cases

IBM’s data encryption offerings play strongly in compliance use cases. It is seeing particular interest from companies using encryption to help with the new General Data Protection Regulation (GDPR) regulation, as well as those using data encryption to protect data as it’s moved to the cloud and handled and managed by 3rd party cloud service providers.

Applicable Metrics

Users can expect overhead to perform encryption in the 3% to 5% range.

Security Qualifications

All encryption and key management solutions comply with Federal Information Processing Standards (FIPS), including FIPS-140-2 certified cryptographic modules. In all cases, the products support deployment models that align with enterprise requirements to satisfy the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), PCI Data Security Standard (PCI DSS), and other regulatory requirements. As well as FIPS, key management follows industry standards such as OASIS (KMIP), and NIST SPs (SP800-131A, -57, and -88).


All IBM encryption offerings provide REST APIs for automated provisioning, and the broader Guardium portfolio (such as IBM Guardium Data Protection for Databases and IBM Guardium Data Protection for Big Data) supports real-time monitoring and automated analytics to identify normal data access patterns and suspect data access patterns that may be flagged and alerted on (or blocked outright), depending on the policies set up by the organization. IBM’s encryption capabilities may be deployed by themselves or together with the other Guardium capabilities (such as vulnerability assessment, file activity monitoring and data activity monitoring).

Standalone or Suite

IBM sells encryption on its own, and as part of bigger data security efforts that include other Guardium capabilities.


All products are delivered as embedded solutions (in the case of the mainframe) or software with external virtual or software appliances.


IBM licenses Guardium data encryption based on the quantity of servers in which the file encryption software agents installed. As users require greater capacity for their enterprise, they roll out more servers. Each of those servers requires an encryption agent to encrypt the files on the servers. It licenses based on the quantity of servers that are deployed with agents. Furthermore, IBM offers perpetual licensing as well as fixed-term licensing models.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis