There are 4 main measures taken to keep the data safe and reduce vulnerability to DDOS attacks.
Access to the pods
Local access to the pods is completely shut down to prevent access, except from the cloud. SSH, Telnet, HTTP/S and other entry ports are disabled for all shipped products. This prevents hackers from trying to gain access to the device and exploit it for attacks. Botnet DDOS is mainly due to IoT vendors not locking down local access to the device. Access to the device was gained through a local login with a known default password.
Encrypted Transmission to Cloud
Data sent from the pod to the cloud is encrypted via TLS. Each pod has a unique TLS connection with the cloud to prevent access in route.
Access to Data in the Cloud
The cloud database is separated from the customer facing API server with a VPN connection, making it more difficult for anyone to access the data. The database is kept in the same Amazon cloud environment, not a 3rd party location, so access to the data is only permitted via VPN.
Reliability in failover
Our API and pod control server is located in Amazon, which is largely protected from DDOS attacks. Of course, they can still happen. We saw this last year when several national websites were down for awhile. While operating in Router Mode, if the pods lose connection to the cloud, they will operate in their last known state. The Wi-Fi will operate normally, but it will not have the ability to adapt to changes. New devices can join, traffic will flow normally, etc. But if a new Pod is plugged in it must wait for the cloud to initialize it to join the network. If operating in bridge mode and the outage lasts longer than ten minutes, Wi-Fi connectivity will be lost until the pods can reconnect to the cloud.