IndigoCube has announced that Godfrey Kutumela, a leading industry security expert, has been appointed to head up its security division. Ziaan Hattingh, MD of IndigoCube, says the division will be focusing its efforts primarily on the large installed base of SAP in South Africa’s corporate sector.

“One of SAP’s many strengths is its flexibility: because companies can access its source code, they can customise it to suit their business and strategy. However, customisation creates new vulnerabilities that need to be urgently addressed, and that is what we intend to do,” Hattingh says. “Godfrey has the deep security knowledge and experience—not forgetting leadership and acumen—to make IndigoCube synonymous with SAP security.”

Kutumela says he is excited by the potential of this niche market. “CIOs are becoming progressively more concerned about security as their core business systems are exposed to employees, customers and business partners
outside the corporate firewall,” he says. “We are also seeing more and more SAP systems connected to the Internet and to production systems as the Internet of things expands.”

International benchmarking data shows that 95% of all customised SAP systems are vulnerable to system outages, cyber-attacks and fraud. According to this data, an average customised SAP system comprises 2,2-million lines of ABAP code with 1 critical security or compliance issue, 1,2 critical performance issues and 2,4 critical robustness issues per 1 000 lines of code.

“In other words, a typical customised SAP system has over 2 000 security or compliance issues, over 2 000 critical performance issues and over 4 000 critical robustness issues in its code,” Kutumela calculates. “All of this means that businesses are not benefiting fully from the power of their hardware, experience unnecessary downtime, risk data corruption and are vulnerable to hacking.”

Kutumela reveals that IndigoCube has been appointed an implementation partner for the Virtual Forge SAP security tools.

Virtual Forge’s CodeProfiler and SystemProfiler tools are designed to identify the quality and security issues introduced by customised ABAP development and system configuration settings. They are highly automated to provide reliable, speedy and cost-effective protection.

Virtual Forge is a SAP Certified Partner, and Gartner has placed it within the Magic Quadrant for Application Security Testing. Together, IndigoCube and Virtual Forge offer a unique combination of security technology and expertise to uncover and prioritise the resolution of security gaps in SAP systems for the South African market.

“We are positioning ourselves as a specialist consulting and integration strategic partner in the security, compliance and quality space,” says Kutumela. “Our offering covers the entire SAP systems landscape, and includes consulting, technology provision through to installation, support and managed services. Customers with stable SAP environments are likely to purchase our solution as a managed service, whereas those with more dynamic environments might prefer purchasing it outright. Our mission is to help transform organizations to protect effectively business-critical processes, information and assets managed by SAP systems.”