Security Strategies

Level 3 Beefs Up Optical Security

Level 3 Communications today announced an encrypted wave service that adds encryption at the optical layer for more secure connections into the cloud and the data center. On the surface, it seems such services are not all that common today. (See Level 3 Offers Encrypted Wave Service.)

What the new service offers is customer-controlled encryption of information at the optical level, using Advanced Encryption Standard (AES) 256-bit encryption with dynamic key exchange, and customer control of encryption keys through Level 3 Communications Inc. (NYSE: LVLT)'s MyLevel3 portal and a Level 3-provided key management system. What it prevents is the ability for attacks to get at data by diverting traffic or fiber tapping, says Paul Savill, senior vice president of core products for Level 3.

"A lot of folks don't think about having to protect traffic that goes through an optical network because they think it is not hackable, but that actually isn't the case," he comments in an interview. "There has been a number of situations where institutions, hackers or governments have tapped fiber optical lines and intercepted those optical circuits and pulled down critical information from that."

Encrypting optical traffic in transit to cloud services or to corporate data centers protects that data in transit from being stolen, he notes. "Even if somebody taps into the circuit and tries to intercept and read what is being transmitted over that circuit, they can't decoded,"he says.

Data is encrypted at the optical level at the originating end of the traffic and decrypted at the customer premises on the other end, Savill says. That encryption happens at the card level of the optical gear, at a physically secure location such as a data center or corporate headquarters, where Level 3 takes the 10Gbit/s, 40Gbits/s or 100Gbit/s signal and applies the encryption to it. The traffic can then go anywhere on Level 3 network's globally, and is decrypted on the receiving end.

"It is entirely secure from where we take the circuit to where we deliver the circuit," Savill says. "This has become more important to our enterprise customers, who have requested this service from us and we have been doing it on a customized basis. This rollout is our standardization of that product so it is available to anybody who wants to buy it, across North America, across Europe and across our subsea systems."

The service will soon also be available across Latin America as well, he said.

Learn more about security in the virtualization era with Light Reading at the NFV & Carrier SDN event in Denver. There's still time to register for this exclusive opportunity to learn from and network with industry experts – communications service providers get in free!

Wavelength encryption technology has been around for a couple of years now, and is in use by other network operators. But there have been few announcements like Level 3's -- Lightower rolled one out earlier this year, and Telstra was known to be testing one in 2016.

Savill says Level 3's service is differentiated from whatever else might be out there.

"We have some key competitive differentiators, the biggest one being our management system," he says. Instead of requiring enterprises to use a special vendor portal for encrypted wave management and to manage each wave separately with an individual log-in for each, Level 3 lets them log into the MyLevel3 portal and go through two layers of security passwords to get to the management system for all the encrypted waves the enterprise has purchased.

That additional layer of security uses a softkey that is provided only for authorized users of the management system, identified when the service is originated, Savill explains.

"The Level 3 technicians themselves are unable to access the service once it is turned up and handed over to the customer," he adds, without a physical reboot of the security system.

Enterprises typically start using a service like this for more critical information but over time, "I think it is going to be more and more adopted as a default standard for building optical backbones within enterprises," he said.

The service is being added just ahead of what is expected to be the closure of Level 3's acquisition by CenturyLink, which will make the latter second only to AT&T in providing enterprise services, Savill notes. Security offerings such as this one will continue to gain in importance.

— Carol Wilson, Editor-at-Large, Light Reading

danielcawrey 9/19/2017 | 6:11:46 PM
Data Encrypted data at the optical level does have use cases. I would assume that one of them would be for security purposes. Surely national security already uses this, along with the military. 
Sign In