CHICAGO & JACKSONVILLE, Fla. (June 26, 2024) – Today, TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users’ data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors for USDS.
This new collaboration builds on TikTok USDS’ ongoing partnership with Oracle. In May 2022, TikTok created a new organization called TikTok U.S. Data Security (TikTok USDS) as part of its ongoing Project Texas Plan. This special purpose subsidiary is staffed by U.S.-based employees (with some exceptions in the U.K. and Australia to provide global coverage). USDS controls access to protected U.S. user data, content recommendation, and moderation systems in the secure Oracle Cloud. This structure brings heightened focus and governance to TikTok’s operations in the U.S. including data protection policies and content assurance protocols to keep U.S. users and their data safe and ensure users have an authentic experience on TikTok.
Expanding on this established focus, HaystackID and OnDefend with additional support from Mandiant Consulting will serve as the Independent Security Inspectors for USDS. This collaboration is designed to ensure the security and integrity of the TikTok app, its source code, user information, and the U.S. platform as a whole, highlighting TikTok USDS’s commitment to meeting stringent cybersecurity standards.
HaystackID is a specialized data services company solving business data challenges related to legal, compliance, regulatory, and cyber events. OnDefend is a trusted cybersecurity service provider helping organizations prepare for and defend against real-world threats. Mandiant Consulting is recognized by enterprises, governments, and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cybersecurity.
The Independent Security Inspectors will identify potential security risks to U.S. users through technical security testing and validation of the TikTok U.S. platform. This will be a continuous initiative, not a point in time assessment, as TikTok’s ability to deliver a seamless experience to its users is achieved through a sophisticated architecture involving hundreds of thousands of microservices.
“Through Project Texas, TikTok USDS is already well ahead of any peer companies in terms of how we secure users’ data and by providing unparalleled transparency by making our source code available to a third-party for review,” said Andy Bonillo, Head of TikTok-U.S. Data Security. “Keeping our users’ data safe involves constantly innovating and looking around corners for new threats. The partnership we’re announcing today will further our ability to anticipate and prevent emerging and sophisticated cybersecurity threats.”
“Supporting TikTok USDS in their critical mission to safeguard digital security marks a consequential affirmation of our efforts to enhance the cybersecurity standards and data protection efforts of our clients,” said Hal Brooks, CEO of HaystackID. “Our role as Independent Security Inspector is to provide comprehensive support in reinforcing TikTok USDS’s initiatives to maintain the highest levels of digital integrity. We are excited about the opportunity and look forward to contributing to this initiative with national security implications.”
Chris Freedman, CEO of OnDefend, discussed the proactive strategy implemented in this collaboration: “Our advanced security testing team, in conjunction with our proprietary Breach and Attack Simulation platform, BlindSPOT, will play a crucial role in identifying and addressing vulnerabilities within the TikTok application and network infrastructure. Moreover, our rigorous application and network penetration testing standards aim to ensure that the platform’s security strictly complies with national and global cybersecurity standards, identifying potential vulnerabilities while reinforcing trust and safety in the digital ecosystem.”
Price McDonald, Senior Manager, Mandiant Consulting added, “In this effort, our team is focused on providing security assessment services. Continuous penetration testing enables organizations to proactively manage their cyber risk in a rapidly changing threat landscape. This provides a number of benefits including early vulnerability detection, a reduced attack surface, and improved efficiency in responding to threats.”
Shawn Belovich, Senior Vice President of Digital Forensics and Cyber Incident Response at HaystackID and former Deputy Chief Information Security Officer at the White House, addressed the initiative’s alignment with national security priorities. “In my previous role at the White House, I had the opportunity to gain a comprehensive understanding of the intricacies of national security and data protection. I look forward to leveraging this experience. We are intensely focused on ensuring TikTok USDS’s infrastructure is not only secure but also in strict adherence to the heightened standards of cybersecurity and national security compliance directives.”
###
About HaystackID®
HaystackID solves complex data challenges related to legal, compliance, regulatory, and cyber events. Core offerings include Global Advisory, Data Discovery Intelligence, HaystackID Core® Platform, and AI-enhanced Global Managed Review powered by its proprietary platform, ReviewRight®. Repeatedly recognized as one of the world’s most trusted legal industry providers by prestigious publishers such as Chambers, Gartner, IDC, and Legaltech News, HaystackID implements innovative cyber discovery, enterprise solutions, and legal and compliance offerings to leading companies and legal practices around the world. HaystackID offers highly curated and customized offerings while prioritizing security, privacy, and integrity. For more information about how HaystackID can help solve unique legal enterprise needs, please visit HaystackID.com
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/