Jim Young/Reuters
After she left the State Department in 2013, Clinton - now under fire for using a personal email account for work-related correspondences while serving as America's top diplomat - hired at least three separate firms to manage different aspects of her server.
The firms included Platte River Networks, a Denver-based firm that hosted her server; SECNAP, which sold her a firewall program known as CloudJacket SMB to detect hackers; and Datto, Inc., a cloud storage company that backed up Clinton's emails in case her server crashed.
The companies, which are relatively unknown, have been described by some cyber security experts as odd choices for such a high-level public figure.
"I've never heard of SECNAP or CloudJacket SMB, which says a lot right there," Michael Borohovski, CEO and founder of TinFoil Security, told Business Insider. "But the 'SMB' in 'CloudJacket SMB' means Small Medium Business, which Hillary Clinton is not."
"She was evidently using the cheapest plan of this tool, which is a run-of-the-mill firewall to begin with," Borohovski added. "If you're Secretary of State, or running for President, I wouldn't recommend it."
Joe Loomis, CEO of CyberSponse, hadn't heard of SECNAP or its threat monitoring tool, either.
"It's pretty shocking," Loomis told BI. "Why entrust this small, unknown company with protecting the data of a former Secretary of State?"
Joshua Roberts/Reuters
Clinton's unusual email system was originally set up by a staffer during Clinton's 2008 presidential campaign, replacing a server used by her husband, former President Bill Clinton.
Facing criticism earlier this year for her use of the server, Clinton handed over about 30,000 work-related emails for the State Department to make public and deleted about 31,000 emails she says were personal.
Facing mounting criticism over her use of the server while she served as Secretary of State, Clinton handed over the server to the FBI in August and defended herself earlier this month on Meet The Press by saying she was unfamiliar with the server's "technical aspects."
She added that she "was not that focused" on the server, which she left in the hands of experts when it came to security.
NBC/screengrab
"There's only so much I can control," she said. "I can't control the technical aspects of it. I'm not by any means a technical expert. I relied on people who were."
But because Clinton made a conscious decision to bypass the State Department's server - and the millions the government has spent to protect it - in favor of her own risky setup, her ignorance of the technological particulars a poor excuse, Loomis said.
"The fact that Clinton chose to use her personal email instead of a .gov account shows that she obviously doesn't understand security," Loomis added. "What she did is like inviting spies over to dinner - every device connected to the internet is an opportunity for them to collect intelligence."
"This world is full of cyber warfare, and your computer is a part of that warzone."
'Potential negligence'
Brian Snyder/Reuters
But Platte River, which has housed Clinton's server since 2013, told Politico last week that Datto "was never supposed to have a cloud."
In response to the controversy, McChord posted a statement on Datto's website ensuring clients that "the privacy and security of our customers' data is paramount ... Datto, by virtue of our channel model, does not generally know who our end users are or have the ability to access their data stored in our cloud."
And while cloud storage itself is not inherently dangerous, extra steps should be taken to secure the data of any high profile client, which makes it important for the company to know who it is serving.
"Anytime you hear the words 'cloud storage,' that means it's a single monolithic technology that tens of thousands of people have access to, so you're at the behest of all those different access points," Chris Drake, founder and CEO of the cloud storage firm Armor, said in an interview.
"That's why we focus on adding security around each and every environment individually. If it's highly sensitive data, you don't use shared services.
"If the company did not have a level of security that matched or exceeded the type of information it was storing, this could be potential negligence."
Borohovski echoed this sentiment.
"I don't know if Datto encrypted Clinton's data, but I can almost guarantee it's not done by default," he said. "If we had the Secretary of State as a customer, we'd be siphoning the data off to a separate cloud that's not comingled with other customers.
"Is it inherently insecure to have emails in a cloud? No, they're already on the internet," Borohovski added. "Is it insecure for her to have stored them with a company no one has ever heard of? Probably."
'Total amateur hour'
US Government photo
Reports that hackers in China, South Korea, Germany, and Russia tried to break into Clinton's server have raised questions about the kind of security precautions the 2016 presidential candidate and her team took to safeguard the sensitive information that sometimes passed through her inbox.
It is unlikely that the attacks on Clinton's server were targeted at her directly: The attempts discovered were basic phishing scams disguised as speeding tickets, the AP reported, and rather unsophisticated.
But the malicious emails highlight the fact that Clinton's server was at least vulnerable.
And according to a new AP investigation, the way Clinton's server was connected to the internet - via a Microsoft remote desktop service that permitted remote access connections without additional protective measures - made it particularly vulnerable to hackers, which is something her security experts should have known.
AP/Charles Dharapak
"That's total amateur hour," Marc Maiffret, Chief Technology Officer at BeyondTrust, told AP. "Real enterprise-class security, with teams dedicated to these things, would not do this."
And if malicious state actors did know that Clinton was running a private email server and they tried to hack it, "then it's almost a sure thing that they were successful," Borohovski said.
"It's possible Clinton's server was breached before she even sent her first email," Borohovski said.
"She probably didn't mean to put government at risk, but she ended up doing it by running an external mail server that was secured with questionable resources."