I'm digging this illustration of IoT security architecture zones, courtesy of Microsoft docs.

The beauty of it all is the simple (but effective) principles:

• Segment the solution
• Minimize the impact of lower-trust zones against higher-trust zones
• Assume that as data traverses zones, it could be subject to threats from STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of Privilege).