Skip to content

Illustration by Security Technology; iStock

The Time is Up for TikTok: How to Effectively Enforce an App Ban

Organizations around the world are banning TikTok because of security concerns that their intellectual property and sensitive data could be made public or shared without users’ knowledge. However, simply banning a social media app is easier said than done.

Digital transformation trends, such as the growing usage of mobile devices, social media apps, dispersed networks, and the increase in hybrid work environments, make enforcement of any such ban challenging without the right network visibility tools in place.

Regulators are focused on TikTok, as opposed to other social media platforms, because it is owned by a Chinese company, ByteDance. This has triggered fears that ByteDance could access, collect, and share TikTok users’ data, such as location data, browsing history, and device information with the Chinese government for surveillance or other potentially malicious purposes. Case in point, TikTok came under fire after it was revealed that ByteDance employees inappropriately accessed the IP address of multiple U.S. journalists.

Consequently, many federal governments have banned TikTok from government-issued devices, including Australia, Canada, France, Taiwan, and the United Kingdom. In the United States, the White House has banned TikTok from government devices and more than half of the 50 U.S. states have followed suit, with Montana going as far as banning the platform for all users in the state.

As more TikTok bans are considered, it is important to realize that it may not be as simple as just adding TikTok to a block list. There are many ways that employees can circumvent a TikTok ban, which could place their organization’s data at risk.

There is no silver bullet for enforcing a TikTok ban. Rather, a variety of approaches must be employed. Operational governance can develop the policies for a TikTok ban, which can be enforced with mobile device management, network security solutions, and strong visibility solutions.

Mobile Device Management

The first step toward enforcing a TikTok ban is to block the app on organization-owned devices, which could be accomplished by using mobile device management (MDM) software to prevent users from downloading or accessing the app. However, this does not prevent these same users from downloading or accessing TikTok from their personal devices—personal devices that may also frequently access organizational resources.

Users may also seek to circumvent such restrictions using a virtual private network (VPN), third-party apps, and third-party app stores, which have the unfortunate side effect of introducing even more risk.

Although end user security and awareness training can help mitigate some of these risks, ultimately more technical solutions and controls are required.

Network Security Solutions

Organizations planning to ban TikTok will need to leverage network security solutions to prevent access from PCs and other devices, along with gaining visibility into the devices on the network. Effective firewall rules can prevent access to TikTok, while network monitoring and network traffic analysis can further identify and block traffic to and from TikTok servers.

It is important to realize that network visibility exists along a spectrum. At the most basic level, monitoring IP address to IP address connections will be able to block many TikTok connections. But recognizing the use and prevalence of VPNs—or other circumvention techniques available at organizations—it is clear that a more sophisticated approach to visibility is required.

NetFlow Data

NetFlow data provides detailed information about the source of network traffic, the destination of traffic, the type of traffic, and the volume of traffic. This information can be used to identify attempts to access TikTok on organizational networks and to take the appropriate action to enforce the ban.

NetFlow data can be used to monitor traffic continuously and in-real time, enabling organizations to detect attempts to access TikTok and to generate alerts when suspicious traffic related to TikTok is detected—even if it is being accessed through a VPN.

Putting it all Together 

Banning a social media app is easier said than done. Operational governance needs to combine visibility and enforcement to truly block access. But organizations should also consider the human element. Security training can help make employees aware of the risks associated with TikTok and third-party app stores. A combination of education and technology is much more effective than either on its own.

When it comes to technology, organizations should leverage NetFlow data to enable sophisticated visibility. Network monitoring solutions can provide real-time network traffic analysis, alerting and notification, and automated incident response capabilities.

And of course, the benefits of leveraging NetFlow data extend beyond just TikTok bans—organizations can use NetFlow data to reduce the risk of data breaches and other threats that have become increasingly difficult to monitor and control.

Barrett Lyon is the co-founder and chief architect of Netography. Early in his career, Lyon was the founder and chief technology officer of Prolexic Technologies where he created the first successfully managed service to defend enterprises from DDoS attacks. His experience and success have led to collaboration with a majority of the tier-one and tier-two carriers in North America and Europe, and at National Security Agencies in Europe and the United States to mitigate and track hundreds of DDoS attacks.

© Netography