I'm not sure what you mean by "persuaded", since unless the IoT device has its own cellular connection, it can't prevent being passed through a consumer-controlled device. Do you have such a device right now that is being bypassed? Because if the answer is no, that's your real problem.
The problem with IoT is that the 'I' expands to "Internet" instead of "Intranet". A device should not be rendered useless because it can't connect to manufacturer's servers. The cloud is a good value-add option, but should not be considered a primary and required element.
The other thing is that most of those devices are gimmicks, toys - a good device intended to be useful should embrace interoperability - devices working alone have only a fraction the of potential of devices working together[0].
As for bypassing your device, at some point a "clever" entrepreneur will discover SSL and certificate pinning, and then you'll be SOL.
[0] - that's why e.g. I recently shelled out and got myself Hues. It's not the cheapest option, but it's reliable, works perfectly well over LAN, has a decent API exposing pretty much all possible functionality and then some over said LAN, no cloud registration or other bullshit. Also I kind of trust Phillips not to burn my house down with crappy manufacturing.
Sure, but with any device that's doing security correctly right now, the only thing you get to control is whether you let it connect to the service it wants to use or not. It's not like you can re-target it connection and choose which types of calls make it through and which don't. And at that point you might as well just choose to not plug it in to the network (or give it your wifi credentials or whatever).
