The quick answer: security doesn’t necessarily fit into a specific place in the architecture because it’s so critical at every step (or at least, it should be critical at every step). It’s important that the hardware, connectivity, cloud software, and user interface all be secure. Each point represents a potential access point for a malicious third-party.
For example, the Mirai botnet attack that took place ~month ago was insecure hardware that was hacked and used to take down large portions of the Internet. So poor security doesn’t just harm individuals, it can harm all of us.
I’d be happy to write a longer post with more detail, please let me know if you’d be interested! And if you are, do you have any more specific questions related to security in IoT that you’d like me to dig into?