Data Security at luckycloud
Server Infrastructure and Data Security at luckycloud
Our server infrastructure is entirely owned by luckycloud GmbH and is located in ISO-27001 BSI certified and highly available data centers in Germany. luckycloud creates, manages, and maintains the IT infrastructure completely independently. Other companies do not have access to the infrastructure or user data. All servers operate together as a cluster. Due to a special architecture, there is no Single Point of Failure (SPOF). The server infrastructure can be horizontally scaled as needed.
Additionally, all data is transferred in real-time to a geo-redundant backup infrastructure for disaster recovery. This high-availability setup ensures that the systems remain available despite potential system failures and attacks. Server activities are continuously monitored and optimized, just like the firewall, which is regularly adjusted to potential threats.
An IP and port-based firewall automatically blocks unauthorized and unknown access. We also employ DDOS protection and the latest technologies to intercept potential attacks early.
Our data centers have a generously dimensioned power supply and are supplied by two independent 10 kV Vattenfall lines. Despite the very good power supply, a battery-supported UPS with connected diesel generators is available for emergencies. Maintenance contracts with diesel suppliers are as standard as a management plan for the fire department.
All rooms are fully air-conditioned. The air conditioning units control both the room temperature and humidity. There is proactive optical, thermal, and chemical fire detection and gas extinguishing.
Server Storage
All data is stored in a highly available SDS cluster. Software-Defined Storage is a highly available, distributed, and robust file system that is completely based on open-source. SDS is a distributed file system across multiple nodes, hence it is also referred to as an SDS cluster. In an SDS cluster, there are always multiple roles taken on by individual nodes. SDS was developed for the use of highly scalable object, block, and file-based storage in a unified system.
Failover Protection – Separate Data Centers
User requests are directed to the luckycloud data backend via highly available load balancers. The backend servers work together as a cluster and receive connections from the load balancer depending on the load. Through a floating IP setup, there is no Single Point of Failure (SPOF). The backend servers operate "stateless" and can be horizontally scaled as needed.
Additionally, the data is transferred in real-time to a geo-redundant backup infrastructure (NFS cluster) and can be accessed directly in a disaster scenario. A simplified representation can be found below under the point "High-Availability luckycloud Data Backend Cluster."
Authentication and Security Systems
There are various ways to authenticate access to the infrastructure.
- Username and Password: A minimum of 8 characters, uppercase and lowercase letters, and a special character are required.
- Single Sign-on (SSO): Open Authorization (OAuth) is an open protocol that allows standardized, secure API authorization for all desktop, web, and mobile applications.
- Two-Factor Authentication (2FA): Two or multi-factor authentication is a recognized and recommended method for securing remote access to cloud services and web applications. Two-factor authentication is only referred to when two different factors from the areas of possession, knowledge, and being are used for login.
- Remote Wipe: Remote data deletion on lost laptops or smartphones via Remote Wipe.
Important Facts and Certifications
- The luckycloud infrastructure is located in ISO-27001 BSI certified and highly available data centers in Germany.
- The power supply is provided via independent 10 kV level from two substations.
- Separate UPS systems with A/B supply.
- Redundantly designed emergency power systems with diesel generators.
- The power is 100% sourced from renewable energies.
- Fire protection system with a comprehensive argon extinguishing system.
- Own 24/7 security personnel on site.
- HA Carrier Internet mix up to 10 Gbit and direct connection to BCIX and ECIX.
- Maximum security with access controls, standardized security processes, and various ISO certifications.
- TÜV SÜD – TIER III certification: TÜV SÜD certified data centers according to the TIER classification corresponding to TIA-942.
- ISO 9001 (Data Center Operation): technical facility management for highly available data centers.
- ISO 9001 (Data Center Security): planning, construction, and maintenance of security systems as well as the conception and execution of security services including operating an emergency call service center with an intervention center.
- ISO 27001 (BSI): based on IT baseline protection, Federal Office for Information Security (BSI).
- ISO 50001: Energy management – requirements with guidance for use.
- VdS-C according to VdS 2153 (FRA1): Emergency call and service control center (NSL) with VdS recognized intervention center (IS).
How do I activate Two-Factor Authentication?
Activate Two-Factor Authentication via your Customer Dashboard
- Log in with your credentials via our website into your customer dashboard.
- Scroll down to the "Security" section.
- Next to the option to change your password, you will find the button "Activate Two-Factor Authentication" at the bottom right. Download a suitable app for your mobile device, such as FreeOTP+ for Android (Google Play Store).
- You will now be prompted to enter your password to configure two-factor authentication. You can do this, for example, with FreeOTP+ for Android (Google Play Store).
- Open an app with a scan function and scan the displayed QR code on your PC or another secondary device.
- Tap on the respective user entry within the app to display the token. The displayed token is valid for approximately 30 seconds. Enter this in the corresponding field under the QR code. Click on "Next Page" to activate two-factor authentication.
Now you are doubly secured against account theft – every time you log into luckycloud Storage, you will be asked for your password and a token.
You can also deactivate this function as needed.
Activate Two-Factor Authentication via luckycloud Storage
- Depending on which luckycloud service you are using, log in to one of the following options:
a. One/Teams: sync.luckycloud.de or directly via our website
b. Business: https://storage.luckycloud.de
c. Enterprise (Plus): your created cloud domain
- Go to the profile settings (top right next to your profile picture) and click on the "Settings" option in the drop-down menu.
- Once in the profile settings, select "Two-Factor Authentication" from the menu on the right.
- Click on the "Activate Two-Factor Authentication" button. Open an app with a scan function and scan the displayed QR code on your PC or another secondary device.
- Tap on the respective user entry within the app to display the token. The displayed token is valid for approximately 30 seconds. Enter this in the corresponding field under the QR code. Then click on "Next Page" to activate two-factor authentication.
Two-Factor Authentication for luckycloud Mail
- Please log in with your credentials in the Webmailer.
- Go to the profile settings (gear icon at the bottom left) and click on the menu item "Two-Factor Authentication".
- Here you can configure two-factor authentication via the "activate" button.
- A QR code will be displayed to you.
- Download a suitable app for your mobile device, such as FreeOTP+ for Android (Google Play Store).
- Open the app with a scan function and scan the displayed QR code on your PC or another secondary device.
- Click on "Test", to the right of the "Activate Two-Factor Authentication" field.
- Tap on the user entry within the app to display the token. The displayed token is valid for approximately 30 seconds.
- Now enter the token in the field and click on the "Test" button:
"Test" button turns gray: Test was successful.
"Test" button turns red: Test was not successful. Please delete the respective entry in the app and repeat the steps.
- Close the small window with "x".
- Check the box for "Activate Two-Factor Authentication" and click on "Done".
Now you are doubly secured against account theft – every time you log into luckycloud Mail, you will be asked for your password and a token.
You can also deactivate this function as needed.
How can I protect myself from device theft?
In the cloud, your data is securely encrypted. But what about your local data? Are these also sufficiently protected?
Secure Passwords
You've probably heard this before, but a secure password makes a big difference – this applies not only to your user password at luckycloud. You should also adequately protect your device accounts. Here are some tips:
- The longer a password, the better.
- Use numbers, symbols, uppercase and lowercase letters.
- Create mnemonic devices to better remember your password.
- Or: Use a password manager, such as KeePass.
Sufficiently Encrypt Devices or Hardware
To be protected in the event of theft, burglary, or loss, you should have sensitive data locally on your laptop/PC and also encrypt your hard drive. There are tools on the market like Bitlocker or VeraCrypt that can encrypt your local hard drive.
If you use such a tool and work with the sync client, you must disable the automatic start of the sync client when restarting the PC/laptop. Upon restart, the data must first be decrypted locally. After that, you can start the sync client and use it as usual.
Touch ID/Face Recognition/Movement Lock for Mobile Devices
Use Touch ID, face recognition, or movement lock on your mobile device for additional security.
Remote Wipe Function
Remote Wipe: Remote data deletion on lost laptops or smartphones via Remote Wipe.