In a parntership with Ciena, Deutsche Telekom Global Carrier newly launched Encrypted Lambda service. The Encrypted Lambda service encrypts data on hardware located at the client’s site and protects it over Layer 1, the physical layer, while it is transmitted. This sets it apart from conventional solutions by allowing for larger data volumes with higher performance, lower costs and faster speeds.
The Encrypted Lambda service features high-performance Layer 1 encryption service with ultra-low latency and scalable bandwidth.
Encrypted Lambda is a hardware-based encryption solution ideal for optical fiber networks. It enables traffic throughput up to 200G over short and long distances while maintaining high performance. To ensure maximum data protection, security parameters are managed by the customer only.
The Encrypted Lambda service is depolyed with Ciena’s WaveLogic Encryption solution, enabling Deutsche Telekom Global Carrier to deliver always-on, proven inflight encryption combined with market-leading performance to its customers where ever they need it.
Deutsche Telekom Global Carrier's Encrypted Lambda solution is truly an innovation. Traditional encryption services, which are software based over Layer 3 or 4, make encryption CPU intensive, slower and expensive. Because utilizing software requires more servers, adds latency and needs superior set-up and management capabilities.

Clients that would most benefit from the Encrypted Lambda service are those needing to convey very large amounts of confidential data very quickly. An example would be companies within the financial or healthcare areas which require secure wire-speed data transmission over long distances. Transactions must happen within milliseconds in this industry, where millions are at risk of being lost when connections are too slow.
Using Deutsche Telekom Global Carrier's Encrypted Lambda service, client benifit from:
- Secure control: keys and certificates are allocated through the dedicated encryption hardware with a built-in crypto server.
- Dedicated connectivity: encryption hardware is deployed at the customer’s location and implemented only for the customer’s connectivity service.
- Data immunity: encryption cannot be disabled. In case of keys mismatch or validity timeouts, the customer receives an alarm.
- Ironclad protection: encryption is based on two distinct sets of keys with fast rotation intervals which does not impact performance and ensures maximum security.