Company announces new partnership with HaystackID and OnDefend to further security of the TikTok U.S. platform and app

Today, TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users' data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors (ISIs) for USDS. 

This new collaboration builds on TikTok USDS' ongoing partnership with Oracle. In May 2022, TikTok created a new organization called TikTok U.S. Data Security (TikTok USDS) as part of its ongoing Project Texas Plan. This special purpose subsidiary is staffed by U.S.-based employees (with some exceptions in the U.K. and Australia to provide global coverage). USDS controls access to protected U.S. user data, content recommendation, and moderation systems in the secure Oracle Cloud. This structure brings heightened focus and governance to TikTok’s operations in the U.S. including data protection policies and content assurance protocols to keep U.S. users and their data safe and ensure users have an authentic experience on TikTok. 

Expanding on this established focus, HaystackID and OnDefend with additional support from Mandiant Consulting will serve as the ISIs for USDS. This collaboration is designed to ensure the security and integrity of the TikTok app, its source code, user information, and the U.S. platform as a whole, highlighting TikTok USDS’s commitment to meeting stringent cybersecurity standards.

HaystackID is a specialized data services company solving business data challenges related to legal, compliance, regulatory, and cyber events. OnDefend is a trusted cybersecurity service provider helping organizations prepare for and defend against real-world threats. Mandiant Consulting is recognized by enterprises, governments, and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cybersecurity.

The ISIs will identify potential security risks to U.S. users through technical security testing and validation of the TikTok U.S. platform. This will be a continuous initiative, not a point in time assessment, as TikTok's ability to deliver a seamless experience to its users is achieved through a sophisticated architecture involving hundreds of thousands of microservices. 

"Through Project Texas, TikTok USDS is already well ahead of any peer companies in terms of how we secure users’ data and by providing unparalleled transparency by making our source code available to a third-party for review," said Andy Bonillo, Head of TikTok-U.S. Data Security. "Keeping our users' data safe involves constantly innovating and looking around corners for new threats. The partnership we're announcing today will further our ability to anticipate and prevent emerging and sophisticated cybersecurity threats." 

“Supporting TikTok USDS in their critical mission to safeguard digital security marks a consequential affirmation of our efforts to enhance the cybersecurity standards and data protection efforts of our clients,” said Hal Brooks, CEO of HaystackID. “Our role as Independent Security Inspector is to provide comprehensive support in reinforcing TikTok USDS’s initiatives to maintain the highest levels of digital integrity. We are excited about the opportunity and look forward to contributing to this initiative with national security implications.”

Chris Freedman, CEO of OnDefend, discussed the proactive strategy implemented in this collaboration: “Our advanced security testing team, in conjunction with our proprietary Breach and Attack Simulation platform, BlindSPOT, will play a crucial role in identifying and addressing vulnerabilities within the TikTok application and network infrastructure. Moreover, our rigorous application and network penetration testing standards aim to ensure that the platform’s security strictly complies with national and global cybersecurity standards, identifying potential vulnerabilities while reinforcing trust and safety in the digital ecosystem.” 

Price McDonald, Senior Manager, Mandiant Consulting added, “In this effort, our team is focused on providing security assessment services. Continuous penetration testing enables organizations to proactively manage their cyber risk in a rapidly changing threat landscape. This provides a number of benefits including early vulnerability detection, a reduced attack surface, and improved efficiency in responding to threats.” 

Shawn Belovich, Senior Vice President of Digital Forensics and Cyber Incident Response at HaystackID and former Deputy Chief Information Security Officer at the White House, addressed the initiative's alignment with national security priorities. "In my previous role at the White House, I had the opportunity to gain a comprehensive understanding of the intricacies of national security and data protection. I look forward to leveraging this experience. We are intensely focused on ensuring TikTok USDS's infrastructure is not only secure but also in strict adherence to the heightened standards of cybersecurity and national security compliance directives."

###