TikTok's Commitment to Security and Future Challenges

By Roland Cloutier, TikTok Chief Information Security Officer

As someone who has dedicated my entire adult life to addressing the most complex security challenges in the industry, I am pleased to see that the wider community is now taking these issues as seriously as those of us who work on them every day. It is encouraging to see people asking tough questions of internet companies. Since its inception, TikTok has been committed to protecting our users and establishing a strong security team. However, we recognize that ensuring the security of a global community of users is an ongoing effort. We must continuously strive to improve and adapt to meet the evolving challenges.

This requires us to look both backwards and forwards. Looking back means reevaluating security practices that may have been effective when the platform was smaller but may no longer be suitable for our current scale. Companies can run into trouble when they assume that systems, technologies, policies, and practices that were once sufficient will remain effective indefinitely. This is rarely the case. Companies change, threats change, and security practices must evolve to avoid falling behind.

Looking forward means anticipating the future security needs of our community. This is not an easy task. Six months ago, no one could have predicted that programs like #HappyAtHome would be viewed billions of times as a tool to help people cope with the COVID-19 pandemic, or that TikTok would become a platform not only for playful videos but also for crucial content from health organizations. My team is fully focused on developing our advanced security infrastructure, designing relevant programs, and collaborating with the broader industry to enhance our capabilities and lead as our sector continues to evolve.

With these goals in mind, since I joined TikTok, my team and I have been conducting a comprehensive review of TikTok's security, infrastructure, and practices. We are testing current practices and actively seeking to anticipate our future needs. I am excited to embark on this new challenge and I appreciate the company's clear commitment to prioritizing security. Allow me to highlight a few areas where we will be focusing:

We are collaborating with leading cybersecurity firms to accelerate our efforts in advancing and validating our adherence to globally recognized security control standards such as NIST CSF, ISO 27001, and SOC2.
Transparency is the cornerstone of our next-generation security programs at TikTok. We are working diligently to earn the trust of our community. Our Cyber Defense, Security Assurance, and Data Protection programs will be prominently featured in our recently announced Transparency Center. Similar to our industry peers, we are committed to minimizing the number of employees with access to user data and the scenarios in which data access is enabled. While we already have measures in place to protect user data, we will continue to focus on implementing new technologies and programs that prioritize global data residency, data movement, and data storage access protections worldwide. Our goal is to minimize data access across regions, ensuring that employees in the APAC region, including China, have minimal access to user data from the EU and US. Just as we hope to continue practicing thorough handwashing long after the COVID-19 crisis, we will persist in advancing the protection and privacy of your data. Together, we can learn valuable lessons from this crisis and build a better, more secure future for all.