Data security at luckycloud

Server infrastructure and data security at luckycloud

Our server infrastructure is completely owned by luckycloud GmbH, is ISO-27001 BSI certified and located in highly available data centers in Germany. luckycloud creates, manages and maintains the IT infrastructure itself. Other companies have no access to the infrastructure our user data. The servers all work together as clusters. Due to a special architecture there is no Single Point of Failure (SPOF). The server infrastructure can be scaled horizontally as required. In addition, all data is transferred in real time to a georedunante backup infrastructure in the event of a disaster. This high-availability setup ensures that the systems are always available despite possible system failures and attacks. The server activities are continuously monitored and optimized - just like the firewall, which is regularly adapted to possible threats. An IP- and port-based firewall automatically blocks unauthorized and unknown access and intercepts potential attacks at an early stage using DDOS protection and state-of-the-art technologies. Our data centers have a generously dimensioned power supply and are supplied by two independent 10 KV Vattenfall lines. Despite the very good power supply, a battery-supported UPS with connected diesel generators is available for emergencies. Maintenance contracts with diesel suppliers are just as self-evident as a management plan for the fire brigade. All rooms are fully air-conditioned. The air conditioners control both room temperature and humidity. There is a proactive, optical, thermal and chemical early fire detection and gas extinguishing system.

Server storage

All data is stored in a highly accessible Ceph cluster. Ceph is a highly available, distributed and robust file system, which is completely based on open source. Ceph is a distributed file system over several nodes, therefore it is also called a Ceph cluster. In a Ceph cluster there are always several roles, which are taken over by single nodes. Ceph was developed for the use of highly scalable object-, block- and file-based storage in a unified system.

Failure protection - separate data centers

User requests are forwarded to the luckycloud data backend via the high-availability load balancers. The backend servers work together as clusters and receive connections from the load balancer depending on the load. Due to a floating IP setup there is no Single Point of Failure (SPOF). The backend servers are stateless and can be scaled horizontally as required.

In addition, the data is transferred in real time to a geo-redundant backup infrastructure (NFS cluster) and can be accessed directly from there in the event of a disaster. A simplified description can be found below under "High Availability luckycloud Data Backend Clusters".

Authentication and security systems

There are several ways to authenticate for access to the infrastructure.

  • Username and password: At least 8 characters, upper and lower case and a special character are required.
  • Single Sign-on (SSO): Open Authorization (OAuth) is an open protocol that allows standardized, secure API authorization for all desktop, web, and mobile applications.
  • Two Factor Authentication (2FA): Two or multi-factor authentication is a recognized and recommended method for securing remote access to cloud services and Web applications. Two-factor authentication is only used when two different factors from the areas of having, knowing and being are used for login.
  • Remote Wipe: Remote data deletion on lost laptops or smartphones by means of Remote Wipe.

important facts and certifications

  • luckycloud's infrastructure is located in ISO-27001 BSI certified and highly available data center
  • The power is supplied via an independent 10 kV level from two Berlin substations.
  • Separate UPS systems with A/B supply
  • Redundantly designed power backup systems with diesel generators
  • 100% of the electricity is generated from renewable energies
  • Fire protection system with comprehensive argon extinguishing system
  • Own 24/7 security personnel on site
  • HA Carrier Internet-Mix up to 10Gbit and direct connection to BCIX and ECIX
  • Maximum security with access controls, standardized security processes and various ISO certifications
  • TÜV SÜD - TIER III test certificate: TÜV SÜD certified data centers according to TIER classification TIA-942
  • ISO 9001 (computer center operation): Technical facility management for high-availability data centers
  • ISO 9001 (computer centre security): planning, installation and maintenance of security systems as well as conceptual design and implementation of security services including operation of an emergency call service control centre with intervention centre
  • ISO 27001 (BSI): Based on IT-Grundschutz, Federal Office for Information Security (BSI).
  • ISO 50001: Energy management - requirements with instructions for use
  • VdS-C according to VdS 2153 (FRA1): Emergency call and service control centre (NSL) with VdS approved intervention centre (IS)

How do I enable two-factor authentication?

2-factor authentication for luckyStorage

  1. please log in under www.storage.luckycloud.de with your login data.
  2. Go to the profile settings and click on "Activate two-factor authentication ". A QR code will now be displayed.
  3. Download a suitable app for your mobile device. For example:
  4. Open the app with scan function and scan the displayed QR code on your PC/second device.
  5. Tap on the respective user entry within the app to display the token. The displayed Token is valid for approx. 30 seconds. Enter it in the corresponding field below the OR code and click on "Next page " to activate the 2 factor authentication.

Now you are protected against account theft - every time you log in to luckyStorage you will be asked for your login password and a token.

You can deactivate this function as required.

2-factor authentication for luckyMail

  1. please log in under www.mail.luckycloud.de with your login data.
  2. go to the profile settings and then to Security.
  3. click on "Configure two-factor authentication " and then on "Activate ". A QR code will be displayed.
  4. Download a suitable app for your mobile device. For example:
  5. Open the app with scan function and scan the displayed QR code on your PC/second device.
  6. Click "test ", to the right of "Enable two-factor authentication".
  7. Tap on the user mail entry within the app to view the token. The displayed Token is valid for about 30 seconds.
  8. Now enter the token in the field and click on the "Test " button:
    • The "Test" button turns grey: Test was successful.
    • Test" button turns red: Test was not successful. Please delete the respective entry in the app and repeat steps 5 - 10.
  9. Close the small window with "x ".
  10. Check "Activate two factor authentication " and click "Done ".

Now you are protected against account theft - every time you log in to luckyMail you will be asked for your login password and a token.

You can deactivate this function as required.

How can I protect myself from device theft?

In the cloud, your data is already securely encrypted. But what about your local data? Are they sufficiently protected?

Secure passwords

It's certainly not the first time you've heard this, but a secure password makes a difference - not just your luckycloud user password. You should also protect your device accounts. Here are some tips:

  • The longer a password, the better
  • Work with numbers, symbols, upper and lower case letters.
  • Use memory hooks to remember it better
  • Or: Use a password manager (e.g. Keepass)

Encrypt devices or hardware sufficiently

To be secure in the event of theft, burglary or loss, you should have sensitive data locally on your laptop/PC and encrypt your hard drive as well. There are tools on the market such as Bitlocker or VeraCrypt that encrypt your local hard drive.

If you use such a tool and work with the Sync Client, you have to disable the automatic start of the Sync Client when restarting the PC/laptop. When restarting, the data must first be decrypted locally. After that you can start the Sync-Client and use it as usual.

Touch-ID/ motion lock for mobile devices

Use the touch ID or motion lock on your mobile device to provide additional security.

Remote Wipe Function

Remote Wipe: Remote data deletion on lost laptops or smartphones using Remote Wipe.