Colt Encryption for Wave Services

Download PDF

Colt Encryption for Wave Services - Helping you meet the security challenge

Colt Optical Encryption: lock security into your network

Optical encryption is implemented as an embedded feature enhancement for both Colt Wave and Colt Private Wave services, which means that it’s ‘always on’ in the optical core network and all traffic will be encrypted regardless of the type or source. FIPS-certified and NIST complaint AES-256 encryption, coupled with standards-based authentication mechanisms such as X.509 digital certificates and Elliptic Curve Cryptography (ECC) algorithms, means the Colt solution is at the forefront of encryption technology.

When used with Wave, data can be encrypted across the extensive coverage footprint that the Colt IQ Network provides – Europe, Asia and between continents including North America. Deployment and configuration options are flexible so as to
support essential corporate requirements such as customer control and management of the encryption keys and physical control and security of the encryption hardware.

As a feature enhancement of Private Wave, the benefits of a private optical solution – the highest level of security and operational separacy based on customer-dedicated infrastructure – are extended to include encrypted services.

The encryption option is available for the standard optical interfaces and coverage options supported by the Colt Wave and Colt Private Wave products, such as 10GBASE LAN-PHY and 100Gbps LR4.

The Security Challenge

The expansion in the volume of sensitive information being stored and transmitted by many organisations shows no sign of abating, whilst the Internet and cloud computing present new challenges. This has led to new risks, whilst data breaches –
both accidental and malicious – have grown in frequency, severity and business impact.

Security breaches impact network availability, which results in disruption to normal business activity and significant business cost. A loss of customers affects revenues directly and reputational damage can seriously affect the customer retention and growth prospects of a business.

Physically securing networks can be extremely challenging, and even if a rack or room can be secured, data itself must traverse
disparate systems and locations.

In Europe, the General Data Protection Regulation (GDPR) came into effect in May 2018, requiring all companies that process personal data to comply with its provisions or face stiff penalties in the event of a data breach. And in the US, 47 states now have laws requiring notification of data breaches involving personal information. 29 states have laws that explicitly require entities to destroy, dispose, or make personal information unreadable/undecipherable. As global regulators increasingly address the pressing need for information security, businesses need to adopt a coherent and holistic strategy across their technology infrastructure.

Flexibility and compliance

Colt’s optical encryption solution provides the necessary flexibility to allow customers to implement and comply with specific security policies and requirements. Customers can have secure and exclusive access to the encryption configuration and for
management of their encryption keys. The encryption hardware is customer-dedicated, and can be located in the customer’s own secured rack environment to ensure compliance with their broader corporate security strategy.

Our services have been recognised with a string of Metro Ethernet Forum awards for 12 years, including Best Wholesale Service
Provider of the Year, Best Retail Service Provider of the Year and the Award for Service Innovation. Our optical Ethernet services are MEF CE 2.0 certified.

Technical (Using a Ciena-based platform)

  • NIST compliant Advanced Encryption Standard (AES) -256
  • FIPS compliant (140-2 or above)
  • Integration with existing enterprise Public Key Infrastructures using X.509 certificate-based authentication
  • Support for RSA or ECC digital certificates and algorithms
  • Diffie-Hellman secured key negotiation (including Elliptic Curve Cryptography)
  • Full data throughput at up to 100Gbps
  • Optical Ethernet, Fibre Channel, WAN PHY, SDH/SONET and OTU presentations
  • Enhanced security features – two distinct key sets for authentication and data encryption functions
  • Fast encryption key rotation interval of just seconds
  • Secure authentication and key management via an integrated management tool

Benefits at a glance

  • Best-in-class encryption: FIPS-certified AES-256 encryption with standards-based authentication mechanisms such as X.509 digital certificates.

  • ‘Always on’: encryption is inherent to the service, being embedded in the optical hardware for maximum security and scalability

  • Wire-speed performance: Operating at Layer 1 of the OSI stack, optical encryption is efficient and guarantees 100% throughput without latency degradation

  • Cost efficient: An embedded optical hardware solution is more scalable and cost effective than one based on multiple external client-level devices

  • Unlimited bandwidth: bandwidth options from 1Gbps to 100Gbps, with support for all major optical presentations including Ethernet, Fibre Channel, OTU2 and OTU4

  • Coverage where it’s needed: Colt’s Wave Services provide optical encryption without constraint. They are available across the IQ Network on a metro, national and international basis.

  • Secure key management: customers can manage their own encryption keys and configuration according to their own standards.

  • Flexible deployment: Colt’s optical encryption hardware is dedicated to the customer, and can be located in the customer’s secured environment in order to meet their corporate security policies

Colt Consultancy Services

View Datasheet