Larry Harrington: How ERP Security Enables Audit and Compliance

By:

September 16, 2019

As the former Chair of the Institute of Internal Auditors and Former Chief Audit Executive for Raytheon Company, Larry Harrington discusses how ERP security enables the audit and compliance process within organizations, aligning CISOs with the internal audit team and maintaining compliance 24/7. “Today, ERP systems are so complicated… it’s really important to look at security from a different perspective,” Harrington explains. “How do we do a continuous auditing process so we make sure that all the crown jewels are protected 365 days a year.” Check out the rest of the video below!

Tags, , , ,
About the Author
Mariano Nunez

Mariano Nunez

CEO & Co-founder

As CEO and Co-Founder of Onapsis, Mariano drives the strategic direction of the company. Under his leadership, Onapsis has become one of the fastest-growing technology and cybersecurity companies in the world. With 20+ years of experience in the cybersecurity industry, both as an executive and as a cyber security expert, Mariano was the first to publicly present on cybersecurity risks affecting ERP platforms and how to mitigate them at major conferences such as RSA, Black Hat and SANS. Mariano’s contributions to the cybersecurity community include developing the first open-source SAP and ERP Penetration Testing frameworks, and uncovering critical zero-day vulnerabilities in SAP, Oracle, IBM, and Microsoft applications. Mariano’s insights are regularly featured in major media outlets such as CNN, Reuters, Wall Street Journal, Nasdaq, Fortune and The New York Times.

More about this author
Back To Blog

Further Reading

Blog

How to Execute an SAP Incident Response Strategy: The Step-by-Step Playbook

Most Security Operations Centers (SOCs) operate with a dangerous blind spot. While they have mature playbooks for isolating infected endpoints or blocking malicious IPs at the firewall, they often lack a specific protocol for the organization’s most critical asset: the ERP system. This gap is existential. You cannot simply “pull the plug” on a production…

Read More
Blog

The Dangers of AI in Custom Code: How to Secure Your SAP Landscape

The evolution of AI has revolutionized the velocity of modern software development bringing unprecedented efficiencies. But at the same time, it introduces new security and compliance risks to your custom code that can be catastrophic if left unaddressed. The era of slow, manual code review is over. To survive the sheer volume of AI-generated content,…

Read More
Blog

How to Build an SAP Threat Intelligence Program in 2026

Traditional perimeter-based defenses were designed for a different era. In today’s landscape, threat actors weaponize vulnerabilities within a critical 72-hour exploit window following disclosure. This speed means that relying solely on monthly patching cycles leaves business-critical applications exposed to attack long before fixes can be implemented. To secure the digital core in 2026, organizations must…

Read More