# ENCRYPTION FOR WAVE SERVICES

#### COLT OPTICAL ENCRYPTION: LOCK SECURITY INTO YOUR NETWORK

Optical encryption is implemented as an embedded feature enhancement for both Colt Wave and Colt Private Wave services, which means that it’s ‘always on’ in the optical core network and all traffic will be encrypted regardless of the type or source. FIPS-certified and NIST compliant AES-256 encryption, coupled with standards-based authentication mechanisms such as X.509 digital certificates and Elliptic Curve Cryptography (ECC) algorithms, means the Colt solution is at the forefront of encryption technology.

When used with Wave, data can be encrypted across the extensive coverage footprint that the Colt IQ Network provides – Europe, Asia and between continents including North America. Deployment and configuration options are flexible so as to support essential corporate requirements such as customer control and management of the encryption keys and physical control and security of the encryption hardware.

As a feature enhancement of Private Wave, the benefits of a private optical solution – the highest level of security and operational separacy based on customer-dedicated infrastructure – are extended to include encrypted services.

The encryption option is available for the standard optical interfaces and coverage options supported by the Colt Wave and Colt Private Wave products, such as 10GBASE LAN-PHY and 100Gbps LR4.

#### THE SECURITY CHALLENGE

The expansion in the volume of sensitive information being stored and transmitted by many organisations shows no sign of abating, whilst the Internet and cloud computing present new challenges. This has led to new risks, whilst data breaches – both accidental and malicious – have grown in frequency, severity and business impact.

Security breaches impact network availability, which results in disruption to normal business activity and significant business cost. A loss of customers affects revenues directly and reputational damage can seriously affect the customer retention and growth prospects of a business.

Physically securing networks can be extremely challenging, and even if a rack or room can be secured, data itself must traverse disparate systems and locations.

In Europe, the General Data Protection Regulation (GDPR) came into effect in May 2018, requiring all companies that process personal data to comply with its provisions or face stiff penalties in the event of a data breach. And in the US, 47 states now have laws requiring notification of data breaches involving personal information. 29 states have laws that explicitly require entities to destroy, dispose, or make personal information unreadable/undecipherable. As global regulators increasingly address the pressing need for information security, businesses need to adopt a coherent and holistic strategy across their technology infrastructure.

#### FLEXIBILITY AND COMPLIANCE

Colt’s optical encryption solution provides the necessary flexibility to allow customers to implement and comply with specific security policies and requirements. Customers can have secure and exclusive access to the encryption configuration and for management of their encryption keys. The encryption hardware is customer-dedicated, and can be located in the customer’s own secured rack environment to ensure compliance with their broader corporate security strategy.

Our services have been recognised with a string of Metro Ethernet Forum awards for 12 years, including Best Wholesale Service Provider of the Year, Best Retail Service Provider of the Year and the Award for Service Innovation. Our optical Ethernet services are MEF CE 2.0 certified.

#### TECHNICAL (USING A CIENA-BASED PLATFORM)

* NIST compliant Advanced Encryption Standard (AES) -256
* FIPS compliant (140-2 or above)
* Integration with existing enterprise Public Key Infrastructures using X.509 certificate-based authentication
* Support for RSA or ECC digital certificates and algorithms
* Diffie-Hellman secured key negotiation (including Elliptic Curve Cryptography)
* Full data throughput at up to 100Gbps
* Optical Ethernet, Fibre Channel, WAN PHY, SDH/SONET and OTU presentations
* Enhanced security features – two distinct key sets for authentication and data encryption functions
* Fast encryption key rotation interval of just seconds
* Secure authentication and key management via an integrated management tool

## BENEFITS AT A GLANCE

* #### BEST-IN-CLASS ENCRYPTION

  FIPS-certified AES-256 encryption with standards based authentication mechanisms such as X.509 digital certificates.
* #### ALWAYS ON

  Encryption is inherent to the service, being embedded in the optical hardware for maximum security and scalability.
* #### WIRE-SPEED PERFORMANCE

  Operating at Layer 1 of the OSI stack, optical encryption is efficient and guarantees 100% throughput without latency degradation.
* #### COST EFFICIENT

  An embedded optical hardware solution is more scalable and cost effective than one based on multiple external client-level devices.
* #### UNLIMITED BANDWIDTH

  Bandwidth options from 1Gbps to 100Gbps, with support for all major optical presentations including Ethernet, Fibre Channel, OTU2 and OTU4.
* #### COVERAGE WHERE IT’S NEEDED

  Colt’s Wave Services provide optical encryption without constraint. They are available across the IQ Network on a metro, national and international basis.
* #### SECURE KEY MANAGEMENT

  Customers can manage their own encryption keys and configuration according to their own standards.
* #### FLEXIBLE DEPLOYMENT

  Colt’s optical encryption hardware is dedicated to the customer, and can be located in the customer’s secured environment in order to meet their corporate security policies.

### COLT CONSULTANCY SERVICES

<a href="https://www.colt.net/datasheet/colt-consultancy-services/" class="button primary">View Datasheet</a>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.colt.net/datasheets/networking/encryption-for-wave-services.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.