IETF made everything possible, but has unfortunately been somewhat abandoned, or at least isn't functioning as a mooring-of-sanity as it used to. In some ways, this is inevitable, since the e-world is big enough that even a small company can do its own thing, and still succeed big.
This matters for IoT, since most cloud-enabled IoT devices do totally random things: poke through firewalls with UPNP, shove your private data into some random website, potentially over insecure protocols. (Or protocols that could be secure, but are implemented poorly or are simply in need of an update.) At some level, the problem is really that the easy path, for any given cloud vendor, is to set up their own cloud infrastructure (though it might be layered on Amazon, etc). This is bad for the customer because what happens when the company crashes, or gets bought and dissolved, or when the company just decides to stop supporting the device?
IETF should be thinking along the lines of a *local* data hub that you own, that your devices talk to over a simpler, standard protocol. Not that security can be ignored just because traffic is local, but an extra level of indirection makes all the difference in hardware as well as software. Whether that local hub is intelligent, whether it has storage - open question. And maybe devices need to fall back to trying to talk to the external cloud. But customers will eventually realize that they should want their own data to at least potentially be under their own control, not inherently subject to the vagaries of some whispy, transient external cloud. You don't want your fire alarm dependent on random external sites, or your internet-enabled door locks, or your thermostat, etc.