AWS/GCP/Twilio/etc IoT or almost any other managed IoT service is going to be good for securing devices by only making outbound connections instead of accepting inbound ones. This reduces the attack surface to 'taking over an AWS account', ie. the Ubiquiti hack, which is better than regular IoT devices which have random UPnP-broadcasted open ports and, if they don't have reliable automatic updates, means vulnerability become the next target of a 0.0.0.0/0 network scan.
Generally it involves some answer that doesn't wait till the device and backend are nearly complete. Security shouldn't be the last step of your equation.
Snark aside, there are lots of white papers on x509 provision of devices, including IoT devices. Go read them.
On the plus side everyone who comes across this subthread will have it in mind the next time a friend talks about this great IoT idea they have. Better culture starts at the bottom with one person sharing a thought with another.
You've gone off on several people now who got the exact same impression rather than accept maybe you're not a flawless communicator. You can't expect more charitable reads from others if you're not willing to be the first to give others the benefit of the doubt. This lashing out is definitely not going to convince people you thought about security in advance.
You broke the HN guidelines badly in this thread. We ban accounts that do that. The rules apply regardless of whether other users are breaking them, how bad their comments are, or how bad you feel they are. We've also had to ask you not to break the site guidelines before.
I really don't appreciate this response. Perhaps I've been overly brief about the background of the product's development, but a lot of effort has been put into security. I've read lots of documents about x509 provisioning. I am curious what people here are doing. Telling me to go read white papers is garbage response.
