"There is always going to be a state of dynamic tension between innovation and control," the cross-bench peer told the opening keynote session of Infosecurity Europe 2011 in London.
"Anyone who does not like rapid change should not be working in information security because the environment is constantly changing and it is extremely challenging to stay on the leading edge," he said.
The most important task for information security representatives in all organisations, he says, is to decide what data needs to be secure and put multi-layered defences around that.
Organisations should be looking for ways of using all the latest devices while retaining control over sensitive data by, for example, sandboxing it within any device, he says.
It should not be about locking down devices to such an extent that they cannot be used, because the whole point of employees bringing their own kit to work is to be able to be more flexible and more efficient by being able to work anywhere.
Lord Erroll believes that people should not look to the government to legislate around these things, but rather to the IT and security industry to work together to enable this new way of working in a secure way.
However, he says, it is not only about the technology. As ever, with innovation and consumerisation, organisations should be improving user awareness and behaviour and business processes as much as putting the security controls in place.
"We live in an interesting world, and change through innovation creates opportunities, but we need greater collaboration by all stakeholders to be able to make use of that innovation in a secure way," said Lord Erroll.
This story was first published by Computer Weekly