5 Settings and Features For Securing Your Soracom Account
Getting started with Soracom can be exciting! As you learn about our various services and product offerings, you will grow to understand how much Soracom can simplify and expedite your IoT deployment. Yet before you get too far into development, it is important to consider that your Soracom account contains a large amount of sensitive and private data and that using these services may require storing additional data, such as cloud service credentials, in your account.
In this blog, we will introduce some settings that new customers should take advantage of to improve their Soracom account’s security and overall user experience.
Customize Your Billing Alert
As most Soracom services and SIM cards operate on a pay-as-you-go model with no upper spending limit, tracking your usage is a vital part of preventing unexpectedly large bills. The billing alert feature will allow you to trigger a customized email to your primary account email when your monthly bill exceeds a user-defined amount in USD.
You can find more information about billing alerts in our documentation here.
Add Additional Email Addresses
The Soracom User Console, Soracom’s web-based management screen, uses your email address as your login ID. If you lose access to this “primary” email address, you will not be able to log in or receive a Password Reset email, potentially leaving you locked out of your account permanently.
To mitigate this risk, we suggest configuring a “recovery” email address for your account. A recovery email address is an email address that Soracom will use to contact you for account recovery if you cannot access your primary email address used for login.
In addition to the recovery email address, you can also set up “billing” addresses for team members involved in accounting and “support” addresses for those who have technical contact with Soracom’s support staff.
You can find more information about email settings in our documentation here.
Enable Multi-Factor Authentication
Multi-factor authentication (MFA) enhances security by requiring users to provide two or more verification factors to gain access to a resource, such as an application, online account, or a VPN. It significantly reduces the risk of unauthorized access because even if one factor (like a password) is compromised, an attacker still needs to bypass the additional layers of security. MFA is crucial in protecting sensitive data and systems from increasingly sophisticated cyber attacks, making it harder for unauthorized users to gain access based on compromised credentials alone.
Due to the sensitive nature of the data contained within your Soracom account, it is always recommended that MFA be enabled to increase account security. When enabling MFA, you will receive a QR code that can be scanned with an authenticator app such as Google Authenticator. Your authenticator app will then provide you with a six-digit code (which changes every minute) that will be required on each login to the Soracom User Console to confirm the user’s identity. MFA can also be utilized through password managers such as 1password, allowing multiple users to access the same MFA codes for login.
Soracom Multi-Factor Authentication mechanism uses the RFC 6238 specification.
You can find more information about MFA settings in our documentation here.
Create Soracom Access Management Users
The Principle of Least Privilege states that, for security, administrators should only allow users to access the bare minimum privileges needed to perform their intended work – and that these privileges should be revoked as soon as they are no longer needed.
The Soracom Access Management (SAM) Users feature was created to help our customers uphold this principle. It allows administrators to create additional users for your Soracom account and enables each user to have their own permission sets and login credentials.
For example, users from your technical department may be configured to only access SIM management actions, while your accounting department may have read-only access to billing and payment information. Users can even be created for cloud services to allow them to programmatically access and manage your account. Several starter templates are available to help expedite the creation of user permission sets, as well.
You can find more information about SAM Users in our documentation here.
Regularly Check Your Audit Logs
When using Soracom in a multi-user organization, you may want to periodically check for indications of unauthorized access or to see when or how a certain action was performed. Audit Logs provide detailed information about calls to the Soracom API performed against your Soracom account, including access to the User Console and Soracom CLI usage.
When combined with the previously discussed Soracom Access Management (SAM) feature, Audit Logs can be used to check the behavior of SAM users.
Audit Logs includes a free tier and an enterprise tier with more advanced logging capabilities, an extended retention period, and filtering options.
You can find more information about Audit Logs in our documentation here.
Conclusion
We hope that this overview of essential settings and features for new Soracom users was helpful in understanding how you can enhance both your security and user experience. Customizing billing alerts, adding multiple email addresses for different purposes, enabling multi-factor authentication, creating Soracom Access Management users, and utilizing audit logs are all critical steps in managing your Soracom account effectively. Each feature contributes to a more secure, organized, and efficient deployment, ensuring users maintain control over their accounts while safeguarding sensitive data.
By following these suggestions, you can significantly improve the overall security posture of your Soracom account and optimize its functionality for your specific needs. Remember to refer to the provided documentation for more detailed information on each feature, and embrace these practices to get the most out of your Soracom experience!
This article is based on an original piece by Kohei “Max” Matsushita. It has been translated and edited for a Western audience.
………………
Got a question for Soracom? Whether you’re an existing customer, interested in learning more about our product and services, or want to learn about our Partner program – we’d love to hear from you