Level 3 is looking to alleviate a potential access point for enterprise data security breaches: the optical transport network.

The company this week unveiled an encryption option for its Wavelength optical transport platform that uses physical boxes to ensure secure connectivity for data in transit. This includes transport across all optical fiber connections and both physical and cloud locations.

The product includes the installation of optical transmission boxes at both ends of the transport medium. These boxes include software to both encrypt and decrypt data.

The technology uses Advanced Encryption Standard (AES) 256-bit encryption. Additional security is provided by a dynamic key exchange and hitless key rotation.

While Level 3 handles the deployment and maintenance of the boxes, it is left out of the loop in terms of having access to what’s traveling within. Only the enterprise has the encryption key to gain access to the data. Management is provided through a single user interface and a Level 3-provided key management system.

Chris McReynolds, SVP for core product management at Level 3, explained this removes the need for enterprises to purchase additional encryption equipment to access the encrypted data being transported between key customer locations.

The user interface can also allow enterprises to manage bandwidth demand between 10 Gb/s and 100 Gb/s.

McReynolds said the product caters to evolving security needs at enterprises, with a growing need to protect data at all layers and at rest.

“Most data attacks have been happening at rest, but there is also a risk for data in transport,” McReynolds said. “We have equipment at both locations. It encrypts data once it enters the transport medium and all the way through until it comes out.”

McReynolds said some current solutions attempt to tackle this issue by securing data at the application layer. However, he notes that attempting to encapsulate what could be hundreds of applications across an enterprise could lead to some being missed and providing a backdoor into an enterprise.

“With this product, even if you were to miss just one application, you would still be covered,” McReynolds said.

The encryption is currently available for connectivity across North America and Europe. McReynolds said Level 3 is set to roll out support later this year in Latin America.

Connections into Google’s Cloud Platform (GCP) and Amazon Web Services (AWS) are supported. McReynolds said Microsoft Azure is currently not supported as the computing giant does not allow anyone to insert a physical box into their cloud environment.

The encryption product is delivered as a service, with Level 3 taking control over deployment, management, and maintenance of the equipment.

Level 3 is currently in the process of begin acquired by regional telecommunications provider CenturyLink for $34 billion inclusive of debt.