In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards and resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, that is, a security agent, to support security functions as IoT resources for the security requirements of all protocol layers including multiple applications on an IoT device. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strengthen IoT security by edge computing.