IOT Hub and Device Prov. Service Security
current documentaiton does not provide much details about how to secure IOT HUB/Device provisioning service by adding api layer (NGINX) on top of core paas services.
Is device connecting using X.509 CA certificates to IOT HUB/DPS is enough secure? do we need to add extra gateway layer on top of these PAAS services?