IBM Guardium® Key Lifecycle Manager is software for encryption key creation, storage, backup and management. It is part of the IBM Guardium family of data security software.

IBM Guardium Key Lifecycle Manager is an encryption key management tool that centralizes, simplifies and automates the key management process. It offers robust and security-rich key storage, key serving and key lifecycle management for self-encrypting applications and solutions by using interoperability protocols, including KMIP, IPP and REST, and interfaces such as PKCS#11. Guardium Key Lifecycle Manager helps clients meet regulations such as PCI DSS, Sarbanes-Oxley and HIPAA by providing access control, key rotation and other automated key lifecycle management processes.

Features

• **Efficient and simplified key management: **Guardium Key Lifecycle Manager enables you to manage the lifecycle of keys by automating the creation, import, distribution and backup of keys. It enables key generation and distribution from a centralized location and groups devices into separate domains for simpler key management. It also supports role-based access control of administrative accounts.
• **Delivers secured key management: **The solution provides cryptographically proven, end-to-end security for key serving. It offers automated replication for high-availability deployments, supports Federal Information Processing Standard (FIPS) 140-2 Level 1, and offers users the option to use FIPS 140-2 Level 3 validated hardware to enhance key security.
• **Enables quick assessment and investigation of digital certificate statuses: **Guardium Key Lifecycle Manager’s Certificate Vision dashboard provides deep insight into the health and status of your digital certificates. Users can quickly assess the expiration of managed certificates from a central location and drill down by category for greater detail. By contextualizing digital certificates, users can better understand their status, risk, expiration dates and other factors that influence network security.
• **Speeds up implementation: **The solution reduces operating costs, accelerates implementation and enables interoperability with wizard-based assistance. It enables administrators to quickly configure integration with KMIP, IPP or REST-compatible devices, as well as Oracle TDE databases, and provides an administration welcome page that delivers critical notices. It offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys.

Benefits

• **Centralized, transparent key management: **Provides centralized, simplified, and transparent key management through the secure storage of key material and the serving of keys at the time of use.
• **Simple, secure integration: **Offers simple, secure integration with supported protocols, including KMIP, IPP and REST, and interfaces such as PKCS#11.
• **Lower costs: **Reduces key management costs by automating the assignment and rotation of keys.
• **Flexible deployment: **Offers multiple deployment options, including on bare-metal servers, as a virtual machine or as a container.