Best way to secure DPMA on the internet?

Hi,

Would like to hear how folks are solving the issue of security when it comes to having DPMA exposed to the internet.

The setup we have is asterisk in the cloud and all devices on local networks behind NAT.

I would like to use the DPMA on the Digium endpoints, but how do you best secure the DPMA so that not everyone with the IP address of the server can jump on?

A Public/privat key stucture would be nice