Everywhere Enterprise: How to Protect Your Data from Leaky Apps Like TikTok

TikTok, a short-form video app owned by Chinese company ByteDance, has soared in popularity amid the pandemic. Today, TikTok boasts over 100 million monthly active users in the U.S., up nearly 800% from Jan. 2018. At the same time, TikTok has continued to raise security concerns over how it gathers and stores user data.

For background, ByteDance first raised concerns when it acquired Musical.ly, a Chinese app that had established a strong U.S. user base, in a nearly $1 billion deal that didn’t undergo foreign investment review back in 2017. ByteDance then relaunched Musical.ly as TikTok in 2018 and migrated Musical.ly users over to TikTok accounts as part of the company’s strategy to break into the U.S. market.

Many lawmakers and government officials now fear that ByteDance is passing on the data it collects from Americans, including location data, private chat messages, and browsing and search histories, to China’s government. These concerns are rooted in the fact that China’s 2017 national intelligence law contains broad language that requires Chinese companies to support, assist and cooperate with intelligence gathering operations, if asked.

As a result, many companies, countries and organizations have banned TikTok. And most recently, President Trump has threatened to ban TikTok if its U.S. operations are not sold to a U.S.-based company by Sept. 15. So, does TikTok truly present a security risk? And, if so, how can organizations protect their data?

It’s clear that TikTok collects significant amounts of personal information, which could easily be used by hackers or nation states to target corporate networks. To prevent corporate data leakage, organizations should adopt a zero trust security approach to ensure that only trusted devices, apps and users can access enterprise resources. MobileIron’s unified endpoint management (UEM) solution ensures that a device is known and trusted, before granting access to a corporate network.

Organizations should also deploy mobile threat protection on all devices that are used to access corporate data and establish more granular control over their mobile app configuration policies. With MobileIron Threat Defense (MTD), organizations can configure and enforce security policies across devices, including policies that ban TikTok on managed devices.

MTD provides insight into which apps are installed on users’ devices, and leverages threat assessment scores, as well as explanations of risks and implications to determine which compliance actions (if any, and in what order) should be taken. This continuous app visibility and evaluation is more important than ever before in today’s remote work environment.

Two weeks ago, I discussed how easy it is for kids to download applications, including leaky applications like TikTok, onto their parents’ corporate-issued and BYO devices, putting corporate data at risk. MTD enables organizations to quickly identify apps that pose security and privacy threats and disallow those apps. MTD can allow or deny apps based upon app risk scoring, app behaviors, domains, certificates, shared code, and network communications. MTD can also quickly uncover mobile apps that violate an organization’s compliance policies and take necessary corrective actions.

The COVID-19 pandemic has greatly accelerated the Everywhere Enterprise model of work – in which employees, IT infrastructures and customers are everywhere. The ability of employees to work from anywhere has also amplified the changing threat landscape and heightened the risk of mobile devices leaking corporate data. Moving forward, every company needs to rethink its security strategy to focus on the technology at the center of the Everywhere Enterprise: mobile devices.

To learn more, contact a MobileIron sales representative. And be sure to listen to the full MobileIron Musings episode with Alex below and subscribe for more.

Alex Mosher

Alex Mosher

Global Vice President of Solutions

About the author

Alex Mosher, is Global Vice President, Solutions, at MobileIron. In his role, Mosher is responsible for MobileIron’s go-to-market plan and aligning mobile, security, and cloud solution strategy with execution.

Before joining MobileIron he spent 12 years at CA Technologies – responsible for CA's $1.4B+ cybersecurity business strategy and go-to-market plan. In his last role with CA Technologies, Alex was a global vice president responsible for all sales and go-to-market integration of CA's $612 million acquisition of Veracode, which was sold to Thoma Bravo just 16 months later for $965M.

Today, Alex leads a global team that works to develop and implement action plans that enable customers to take control of security, identities, access, and information across platforms and devices. As a 20-year information technology industry veteran, he has amassed hands-on experience in virtually every aspect of the business, including sales and marketing, development, and deployment services.