I want to keep my devices secure. This means: Let me control them.
DRM / Remote Control are hard to defend, but *I* don't want to manage the milk carton chip which tells the refrigerator it's empty. I could manage it, being a technical person, but the majority of people don't even have that option.
So what are we going to do?
Don't require them to phone home, or to be connected beyond my local network if I don't want.
The milk carton will be restricted to talking to the refrigerator, but *I* don't want to manage a refrigerator. You want "things" to only talk locally and any external communication to go through a server you manage? That sounds reasonable at first, but it's not more secure: a milk carton with an encrypted/steno-graphed/timed communication is not something people can fight against. That milk carton is not going to be open or have an API, it'll be opaque hardware that's constantly changing. I can hear the corporate excuses already: "Some of the older cartons had an error that leaked info, but they'll be gone in two weeks."
Unless I control what software is run, and what it talks to, then there can be no security for my "internet of things".
Is there "no security" for you're Banks network? Security doesn't mean control.