How to Keep Your Software and Identity Secure: STARWEST 2015 Interview with Mike Benkovich

[interview]

Jennifer Bonine: So you can identify it and quickly deal with it, versus ignoring it.

Mike Benkovich: Try to, yeah.

Jennifer Bonine: From a mobile perspective, because mobile is huge, and you said kind of component-based, and leaving things more open so things can get in, and you can plug into a lot of different options with the Internet of Things and everyone talking about how you have to leave everything open. What is that creating for challenges, obviously for people like you who are more on the build side? I want to keep it open, but at the same time I don't want it vulnerable.

Mike Benkovich: Right. If you look at all the different devices that are out there, it used to be, you go to work, you log in with your work PC, and your work PC has all the work data. You go home, you have your home machine, and the two never meet. Now people are bringing their own device, they're connecting up at Starbucks some, you know, anywhere coffeehouse.

Jennifer Bonine: Anywhere.

Mike Benkovich: They're downloading and working with all of these things. How can you protect that stuff, and make sure that ... It is interesting that the types of exploits that have come across on the mobile devices hasn't been worse than what we've seen so far.

Jennifer Bonine: Really?

Mike Benkovich: I feel like we've been lucky going along to this point, where there's an incredible number of devices out there, and making sure that when you do those transports, when you're putting the data services out, that you are starting out with this security in mind and really building from the ground up on, "How do I keep that?" It's sort of like, you build a system, and as long as you've architected it with that in mind, it's easy to extend it, but adding it after the fact ... There's a process called threat modeling, where you can sit down and identify all the different locations where information is coming and going, and the thing about this is it's not saying, "We're going to try to remove every possible threat or exploit that's out there." But, it documents it.

Jennifer Bonine: At least you know where the potential ones are.

Mike Benkovich: Right, and you say, "Here's all the assets I've got; here's the places where it's being read from and written to; here's where it's stored." Then you make a list of all of those things, and you list out the types of exploits that could happen on it. It's actually a methodical process, and you end up with a spreadsheet that's got a list of all these things, and it's got a score; you multiply it out and say, "Here's the ones that are most likely to be exploited, little impact but multiplied by a billion users, okay, that's bad."

Jennifer Bonine: That would be a great thing for people to have, because it's data. It says, "Here's your potential risk." I think a lot of people just get scared in the unknown, of, "Well, I don't know, it's scary." Then they're like, "But I don't know how scary, really." It helps you quantify the level of what you're dealing with.

We are out of time. It goes so quick. This is such a great topic. If people want to get a hold of you after this, or have more questions—because I'm sure we probably just piqued their interest on a lot of these items—what's the best way to contact you?

Mike Benkovich: I've got a website called benkotips.com, and you can follow me on Twitter @mbenko, and you can also send me an email, mike@benko.com. Look at that, I just gave out my email address.

Jennifer Bonine: I know, right?

Mike Benkovich: If you have questions or whatever, I've got presentations, I've got notes, I've got links.

Jennifer Bonine: That would be great.

Mike Benkovich: All kinds of stuff on benkotips.

Jennifer Bonine: Perfect.

Mike Benkovich: Downloads, too. Presentations, and information, and I'd be glad to help out.

Jennifer Bonine: Awesome. For all of you out there listening, that's how you're going to find Mike and be able to get more information on what we just scratched the surface on here today. Thanks, Mike.

Mike Benkovich: Great to meet you.

Jennifer Bonine: I appreciate it.

Mike BenkovichMike Benkovich brings it all—energy, laughter, and a contagious passion for coding—with him. In a career that has taken him from minion to business owner, from database administrator to developer, from author to evangelist, Mike has seen it all. In more than twenty-five years of working in the technology industry, he has been part of the latest waves to sweep the industry. Whether delivering MSDN events live or webcast presentations, on the developer resource site BenkoTips or his blog, Mike brings enthusiasm for tools and an energy for the search to find a better way. Follow Mike on Twitter @mbenko.

About the author

Upcoming Events

Oct 01
Oct 15
Nov 05
Nov 14