IBM Guardium Data Protection Review

Saves us time monitoring and protecting a vast environment


What is our primary use case?

We are monitoring about 1500 or more applications, we have 150 million customers and their PHI/PII data in the repository. We have to protect that data. That is a big challenge because it's a vast environment that we have to protect. That is one of the prime use cases which caused us to select this product.

Initially, we had some challenges, but as we talked with IBM and they provided some good support on it, now we are evolving pretty well. Certainly, everything is not perfect yet, but we are moving into that direction. We are far better than we were two years back.

How has it helped my organization?

We use Guardium to support security initiatives and compliance policies within the organization. For example, an audit comes in once every three months or six months. In that case they ask specific questions and they say, "Hey, just check the box if you are doing this stuff or not," and we are providing them all the evidence that we have collected through Guardium.

It helps comply with industry regulations. It's basically the same thing. If somebody wants to know if we are protecting their data or not and, if yes, how? And they ask us to present the definitions of what we are doing, we just go and get the reports that are required. Let's say for a particular application, it says "This database was down last night, who did it, and how?" we provide all that kind of information.

The solution has definitely saved us time, because if you want to monitor this kind of vast environment of different products, it's going to take a lot of time. Let's say one database server has 100 database instances running on it; I don't need to install 100 data instances, I just need to install on the one database server and that will cover all of my instances on that particular database. 

In terms of saving money, today, if you want to monitor and protect your environment, you have to spend money. So, that's not a question.

What is most valuable?

In terms of advanced features, we are using the Database Activity Monitoring and the Vulnerability Assessment as well. Now we are thinking of using the GDPR because that's going to be a compliance as well. So some but not all of them.

What needs improvement?

Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications. So that, let's say my one of my application owners has Tableau and wants to directly report on that; if I can just pick and see that report with one click, that would help.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's stable. When I used this product back in 2007 it was challenging, but now it's it's stable.

What do I think about the scalability of the solution?

The scalability is not that easy to use because, you need a lot of knowledge about it, on data security; basically you need to know where your sensitive data is. We tried to use Guardium for that, to find out with the Discovery feature, but it didn't work, because we had a lot of irregular data. We found it ourselves, but Guardium is protecting it; so that's good for us.

How is customer service and technical support?

I would say eight and a half out of 10. I've been in this Guardium stuff for the last 10 to 11 years. I have worked with IBM throughout that time. It has improved, but still it is eight and a half out of 10.

How was the initial setup?

It was pretty straightforward.

What other advice do I have?

I would definitely recommend it. It's easy to use and it can save a lot of headaches, by just implementing it and being able to ask at the time of audit. When it comes to audits, every company wants to be safe.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email