Level 3 is taking its growing security capabilities to its optical wavelength service line that protects business customers' data traveling between locations, a growing network vulnerability for multisite businesses.
As a protocol-agnostic solution, enterprises don’t need to invest in additional encryption equipment to leverage encrypted waves between key customer locations or as a secure connection to a communications service provider.
Paul Savill, SVP of Core Products for Level 3, told FierceTelecom that despite seeing businesses putting data on private optical connections, hackers are starting to target optical network connections and data in transit between business locations.
“A lot of the hacks we have seen in the news have been with data in rest where it is sitting inside a corporate firewall in a database and a hacker is able to access it directly from there,” Savill said. “The data in transit is another weak spot because it does not require the hacker to get behind the firewall or security defenses. Hackers can actually intercept that information while it’s being moved from one place to another by tapping the network itself.”
Demand from its customers and a raft of security breaches on submarine and long-haul fiber networks drove Level 3 to provide this service.
While more service providers have been offering business customers private optical connections, hackers still are finding ways to intercept data.
“There have been cases where governments have tapped submarine cable or fiber optic transmission systems and grabbing the data being moved from one place to another,” Savill said.
Initially offered to its financial customers, Level 3 is now standardizing the optical encryption wavelength offering across its entire customer base.
The encrypted wave services are available across Level 3’s footprint in Europe and North America. Level 3 plans to offer the service in Latin America at the beginning of 2018.
Next-gen encryption
Setting apart Level 3’s service from the competition is the way it encrypts traffic. The service provider will equip specialized optical transmission equipment at the customer premises which include interfaces for encryption and decryption.
At the customer premises, the physical network equipment is deployed in the data center and the headquarters location.
“The physical equipment that delivers that optical circuit is in a physically secure location on each end,” Savill said. “When the signal gets handed to the customer, it is decrypted and then hits the equipment edge that’s when the optical encryption protocol kicks in and if the signal gets hacked, the criminals won’t be able to break it.”
Offering encryption for business’ critical and sensitive data, Level 3 encrypted waves use Advanced Encryption Standard (AES) 256-bit encryption, which is known as the gold standard in encryption algorithms.
“AES 256 K encryption is considered the best in the world,” Savill said. “We’re rolling this out with as good an encryption you can get on an optical link.”
Flexible speeds, management options
Enterprises can manage their growing bandwidth demands by leveraging Level 3’s encrypted waves in bandwidths ranging from 10 Gbps to 100 Gbps.
Level 3 can also offer 40G and a variety of SAN protocols that operate at 10G or higher.
“The point of the speed variety is that it can operate at a number of different interface types,” Savill said.
Through the MyLevel3 portal, customers can maintain complete access and control. The service incorporates dynamic key exchange and hitless key rotation for additional layers of security.
“The customer can log into a portal and can link over to their circuits they are buying from us that use the encryption technology,” Savill said. “There’s another layer on top of that that requires them to enter in a passcode provided on demand.”
Unlike other services, Level 3 says its service allows customers to manage every optical circuit they have bought.
“The way a lot of other companies have rolled this out require a business to go to a different website and get access to one service,” Savill said. “If you wanted to manage a different optical wavelength, you would have to log out and put in a different pass code.”
Level 3 also enables customers to assign access to certain employees. The service provider will give a business the special keys to make sure it is authenticating to these assigned employees.
At the same time, Level 3 technicians have to have special access to turn encryption on and off.
“Customers that are really concerned with security can rest assured that not even Level 3 techs can get in and intercept the data once the customer has turned on the encryption with the keys,” Savill said. “The only way our technicians can get access to the system once it’s is enabled for the customer is to unplug the cards on the device, which reboots the whole security process.”