Additional considerations for device security
In general, the security of the wireless portion of a cellular network connection is provided by the network according to 3GPP standards. However, without taking appropriate precautions measures to secure the device itself, an attacker may be able to hijack a device and force it to behave in ways that are disruptive to a network, undoing all of the steps taken above.
While specific recommendations for implementing device security are out of the scope of these guidelines, additional care should be taken to test security measures and validate that devices are sufficiently protected from abuse or misuse.
These measures may include using embedded SIM (eSIM) modules in order to thwart SIM theft and unauthorized SIM usage, employing of X.509 certificates or strong password practices to prevent a single compromised device from exposing an entire fleet, and implementing signature verification for FOTA updates in order to block an attacker from installing malicious code.
Which measures are appropriate will depend on your device, application, and use case, however as a start you may like to refer to these existing guidelines:
Besides cellular network security and device security, internet, cloud, or other IP infrastructure security is also an important part of designing and implementing a robust application.
Soracom also provides several services which aide in improving and simplifying IP network security, from automatically encrypting data before it is sent over the internet, to building an isolated network to connect to your private cloud or datacenter.