On endpoint protection, I just wish the vendors wouldn't leave ports open on everything. As much as I prefer local control to cloud control for IoT, the idea of having to make an authenticated cloud connection before a local one could help. Some sort of certificate or other zero trusty method to make sure that the devices truly know who each other are would be great. I know it would cost money, but is some standard were developed, it could be cheap and effective. Maybe a little less magical, since it wouldn't "just work", but it also would be less likely to "just be pwned".