IBM® Multi-Cloud Data Encryption

Data-at-Rest Protection

IBM® Multi-Cloud Data Encryption

IBM MDE serves as the last line of defense for the data itself using a data-centric protection model, without impeding normal operations for authorized users. MDE allows you to manage data protection across the globe for your private, public, and hybrid-cloud environments in multiple languages, from a single console.

With data access controls including access monitoring, sophisticated encryption and integrated key management, MDE delivers the scalability and flexibility you need to protect your most sensitive workloads.

It’s easy-to-use, agent-based deployment model helps protect data-at-rest on servers running Linux, Windows or AIX, Linux Network File Systems and S3 object storage.

Multi-Cloud Data Encryption Key Features

Integrated software solution for the global enterprise

  • Built from ground-up on REST APIs and open standards for ease of integration and orchestration
  • Protects data-at-rest on Linux, Windows or AIX servers, Network File Systems and S3 object storage
  • Easy to use data protection for on-prem, private, public or hybrid clouds – from a central console
  • Supports multiple languages. Global admins can manage data protection in local language

Multiple security features in a single product

  • Integrated encryption, data access policies, access logging and integrated key management
  • Data access is “deny by default” with role-based and privileged assess management
  • Multi-layer key management – keep control of your keys, even if data is in the public cloud
  • AES-256 encryption and key management are certified FIPS 140-2

Helps support data protection requirements in global compliance mandates

  • Physical data protection. Render unreadable for unauthorized users
  • Physical data destruction. Verify data and all copies of data are no longer accessible
  • Policy-based access management. Commonly role-based, with privileged access restrictions
  • Key lifecycle management. Client controlled ability to create, update and revoke
  • Data access monitoring. Access logs for analysis and reporting

The Value of Integration

Part of the larger IBM Security data protection portfolio, MDE is integrated with other IBM Data Security products such as QRadar SIEM, Cloud Object Storage, Spectrum Protect, Security Key Lifecycle Manager and Data Risk Manager to provide a complete data protection solution and strengthen your overall data security posture.

  • IBM Security Key Lifecycle Manager (SKLM) gives the option to store keys separately from the MDE access/encryption console. This separates the key management administration from the encryption administration, when the complete separation of duties is required.
  • IBM QRadar® and MDE apps available on the IBM Security App Exchange, makes it easy to track all data access to MDE encrypted data, be alerted of unauthorized user access attempts and have a complete audit to show that while an unauthorized user may have “breached the perimeter and reached a server, the data was never accessed.
  • IBM Data Risk Manager (DRM) can output information to MDE as to what critical data needs to be encrypted and pulls data from MDE to show what data is protected by MDE to show the C-suite where full protection has been implemented.
White Paper
Demo Videos