Everywhere Enterprise: How to Protect Your Data from Leaky Apps Like TikTok
TikTok, a short-form video app owned by Chinese company ByteDance, has soared in popularity amid the pandemic. Today, TikTok boasts over 100 million monthly active users in the U.S., up nearly 800% from Jan. 2018. At the same time, TikTok has continued to raise security concerns over how it gathers and stores user data.
For background, ByteDance first raised concerns when it acquired Musical.ly, a Chinese app that had established a strong U.S. user base, in a nearly $1 billion deal that didn’t undergo foreign investment review back in 2017. ByteDance then relaunched Musical.ly as TikTok in 2018 and migrated Musical.ly users over to TikTok accounts as part of the company’s strategy to break into the U.S. market.
Many lawmakers and government officials now fear that ByteDance is passing on the data it collects from Americans, including location data, private chat messages, and browsing and search histories, to China’s government. These concerns are rooted in the fact that China’s 2017 national intelligence law contains broad language that requires Chinese companies to support, assist and cooperate with intelligence gathering operations, if asked.
As a result, many companies, countries and organizations have banned TikTok. And most recently, President Trump has threatened to ban TikTok if its U.S. operations are not sold to a U.S.-based company by Sept. 15. So, does TikTok truly present a security risk? And, if so, how can organizations protect their data?
It’s clear that TikTok collects significant amounts of personal information, which could easily be used by hackers or nation states to target corporate networks. To prevent corporate data leakage, organizations should adopt a zero trust security approach to ensure that only trusted devices, apps and users can access enterprise resources. MobileIron’s unified endpoint management (UEM) solution ensures that a device is known and trusted, before granting access to a corporate network.
Organizations should also deploy mobile threat protection on all devices that are used to access corporate data and establish more granular control over their mobile app configuration policies. With MobileIron Threat Defense (MTD), organizations can configure and enforce security policies across devices, including policies that ban TikTok on managed devices.
MTD provides insight into which apps are installed on users’ devices, and leverages threat assessment scores, as well as explanations of risks and implications to determine which compliance actions (if any, and in what order) should be taken. This continuous app visibility and evaluation is more important than ever before in today’s remote work environment.
Two weeks ago, I discussed how easy it is for kids to download applications, including leaky applications like TikTok, onto their parents’ corporate-issued and BYO devices, putting corporate data at risk. MTD enables organizations to quickly identify apps that pose security and privacy threats and disallow those apps. MTD can allow or deny apps based upon app risk scoring, app behaviors, domains, certificates, shared code, and network communications. MTD can also quickly uncover mobile apps that violate an organization’s compliance policies and take necessary corrective actions.
The COVID-19 pandemic has greatly accelerated the Everywhere Enterprise model of work – in which employees, IT infrastructures and customers are everywhere. The ability of employees to work from anywhere has also amplified the changing threat landscape and heightened the risk of mobile devices leaking corporate data. Moving forward, every company needs to rethink its security strategy to focus on the technology at the center of the Everywhere Enterprise: mobile devices.