How Do You Manage TikTok Bans on Mobile Devices?
The UK recently became the third Western government to ban TikTok from government phones and devices. And in the US, a milestone is fast approaching: Federal government agencies must remove TikTok from their devices by March 31. Like some of the content found on the social media platform itself, TikTok bans seem to be going viral.
“This potential ban is not limited to governments. In fact, we are aware of many chief information security officers (CISOs) considering banning the use of TikTok on company devices,” says BlackBerry Vice President of Threat Research & Intelligence Ismael Valenzuela.
Carrying out a ban like this one — where the China-based video sharing app is systematically removed or disabled — could be challenging for any organization. This is especially true for the many organizations that adopt BYOD (bring your own device) policies for their employees.
For CISO’s seeking a way to approach this challenge, unified endpoint management (UEM) can play a critical role. In fact, BlackBerry® UEM was recently used to prevent access to TikTok on both Canadian and U.S. government-issued mobiles, in response to organizational concerns over security and privacy.
Both the FBI and the U.S. Federal Communications Commission (FCC) have warned that TikTok could share user data — like location information, browsing history, and biometric identifiers — with the Chinese government. And if you’re not managing your corporate applications effectively, then it’s not only the personal data that’s potentially at risk, but corporate client sensitive data as well.
Regardless of whether your organization is concerned about TikTok, it should be prepared for similar situations.
“It underscores the importance of managing risk throughout the organization, and the need to assess, and thereby control, the impact of the introduction of new products and technologies upon overall organizational security,” says Valenzuela. “This includes the use of seemingly innocuous chat and social media apps.”
Managing TikTok Bans on Corporate or Government Devices
Let’s explore how you might approach this situation if you are dealing with corporate or government-issued devices. Before you can remove or disable an app, you have to know whether it is present in the first place.
Robust UEM tools power continuous monitoring of which applications are present on a corporate- or government-owned device. They also help enforce stringent security controls to prevent users from downloading applications without explicit permission.
Since mobile devices in the workplace can have access to extremely sensitive information, it is often recommended that application downloads be limited to a pre-approved list. UEM tools with application inventories can automatically push pre-approved applications to a device, allowing the user to access what they need, while also helping to protect the organization and its devices.
As an example of the above, consider the capabilities of BlackBerry UEM. Customers can leverage its embedded application inventory feature to do the following:
Figure 1 – Screenshot of the CylancePROTECT Mobile restricted app list enforced by BlackBerry UEM
Beyond unified endpoint management, administrators can also leverage zero trust network access (ZTNA) tools to define both permitted and restricted services that devices can access. Specifically, with CylanceGATEWAY™, the BlackBerry® ZTNA offering, administrators can configure access control list rules
to attribute a risk score for accessing services like TikTok, which will trigger the application to be blocked.
Managing TikTok Bans on Employee (BYOD) Devices
Inherently, BYOD environments permit higher levels of user freedom than when devices are owned and managed directly by a corporate entity or government agency. However, a robust UEM platform still gives administrators a path to protect sensitive information, and prevent unwanted applications from accessing organizational data.
But it’s important to note, not all UEM providers are equal. For example, administrators should leverage mobile threat detection (MTD) tools in concert with their UEM solutions — however, not all UEM solutions provide that option. It also matters which BYOD activation type administrators use.
By using CylancePROTECT® Mobile (the BlackBerry MTD offering) with BlackBerry UEM, organizations can approve, or block domains based on administrator configurations.
For example, blocking TikTok’s domains with CylancePROTECT Mobile ensures that attempts to access it would be classified as a threat. This triggers a compliance action to be taken by UEM, which would be to block TikTok.
Using CylancePROTECT Mobile as a standalone MTD solution is another way to carry out security policies such as application bans. In this scenario, any application can be added to a “restricted list,” so that attempts to access or download it will trigger a threat event — and suspend access to corporate data until the threat has been remediated.
Organizations with BYOD deployments also have a previously mentioned option as well. They can leverage CylanceGATEWAY ZTNA to configure access control list rules and attribute a risk score to accessing services like TikTok, which will trigger the application to be blocked.
Additional Benefits of Unified Endpoint Management
In a recent blog, I explored how mobile-based threats pose a significant risk to your IT environment. I also looked at why many businesses — even those that are otherwise very conscientious about information security — are failing to adequately address mobile security.
At least part of the reason is the reliance on tools that come bundled with something else you already use. BlackBerry CEO John Chen explored this common mistake in his blog, Bundled Mobile Security: Is It Enough?
Choosing a security-focused UEM platform comes with considerable benefits. Chiefly, it helps reduce the cyber risk that mobile-based threats pose. This comes about in a variety of ways, including increased visibility for device administrators. They can observe data usage, device inventory, and vulnerabilities through continuous monitoring, to keep security teams aware at all times.
Threat monitoring and mitigation capabilities are also typical UEM features, but some solutions also offer additional functionality, such as data isolation and encryption.
And beyond increased visibility and security comes more control — over corporate- and government-owned devices, and BYO devices connected to your network environment. Regardless of whether the concern is over TikTok — or the “next big thing” threatening your organizational security — you’ll have the confidence and tools necessary to mitigate mobile risks of the future.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry blog.
About Alex Willis
Alex Willis serves as the Vice President, Global Technical Solutions at BlackBerry.