Over 20 billion Internet of Things devices are set to come online by 2020. Protecting such a large number of underpowered, UI-less, network-connected devices will require a new security paradigm. We argue that solutions dependent on vendor cooperation such as secure coding and platform changes are unlikely to provide adequate defenses for the majority of devices. Similarly, regulation approaches face a number implementation challenges which limit their effectiveness. As part of the new paradigm, we propose IDIoT, a network security policy enforcement framework for IoT devices. IDIoT prevents widespread network attacks by restricting IoT devices to only their necessary network behavior. IDIoT is simple and effective, building on decades of tried-and-true network security principles without requiring changes to the devices or cloud infrastructure.