Chinas TikTok Lures ADP Security Chief to Become New CISO

05 March 2020

Chinas TikTok Lures ADP Security Chief to Become New CISO

Roland Cloutier Named CISO at TikTok ADP Security Chief Roland Cloutier Departs to Become Chief Information Security Officer (CISO) at China-owned TikTok

TikTok, the controversial and wildly popular social video app maker, announced on Thursday that Roland Cloutier will join the company as Chief Information Security Officer (CISO).

TikTok is owned by Beijing-based startup Bytedance, and has been under fire and accused of being vulnerable to spying by the Chinese government.

Cloutier joins TikTok from ADP where he served as SVP and Chief Security Officer, overseeing the company's cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.

As CSO at ADP, Cloutier was responsible for leading security initiatives for a company holding some of the most sensitive data for American and global companies. He also spent more than a decade serving the United States Air Force, Department of Defense and Department of Veterans Affairs.

ADP is the largest payroll processing company in the United States and provides other business process outsourcing solutions for its customer base of more than 740,000 clients in across more than 140 countries.

Cloutier now will be tasked with protecting a social platform and mobile app ecosystem used by hundreds of millions of users creating and sharing short-form videos.

“Roland will work with a global team, but the Mountain View office is where we have largely focused on building out our security team, which he will lead,” a TikTok spokesperson told SecurityWeek.

While Cloutier may be able to help the company secure its platform and mobile applications, the company will still face challenges in maintaining trust, especially for users in the government and business sectors.

In October 2019, two senators warned that Chinese law could compel the company "to support and cooperate with intelligence work controlled by the Chinese Communist Party." TikTok -- separate to the Chinese version of the software -- is now headquartered in Los Angeles, and denies this. "We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period," it previously said.

News of Cloutier’s appointment comes just one day after US officials issued additional warnings about the potential security risks of using TikTok and calls to ban the app from being used on government devices.

In December 2019, a student in California filed a class-action lawsuit against TikTok, which accused the company of harvesting large amounts of user data and storing it on servers in China.

According to Samm Sacks, a cybersecurity fellow at the New America Foundation specializing in China, the Chinese government could "essentially require anything that they want of these companies."

Even with concerns of the Chinese government put aside, researchers have found several security issues with the TikTok app itself. In January, researchers from Check Point disclosed multiple vulnerabilities in the app that could easily be exploited. These could lead to an attacker uploading false videos and deleting genuine videos, changing video status from private to public, and extracting sensitive personal data, such as users' full names, email addresses and birthdays.

Despite the challenges facing the China-owned company, Cloutier says he is excited about the new role.

“There has never been a more exciting or challenging time to serve in the security field,” Cloutier said in a prepared statement. “I am looking forward to working with my new colleagues at TikTok to develop the solutions required to protect our hundreds of millions of users and creators around the world."

Reporting to company head Alex Zhu, Cloutier will start in the position in early April.

TikTok is not the only Chinese company luring high profile security talent from American companies and government organizations. Andy Purdy, who previously served as a senior cybersecurity official for the U.S. Government, was hired in 2012 by controversial Chinese telco equipment maker Huawei to serve as Chief Security Officer for its U.S. division.

ADP did not immediately respond to an inquiry on Cloutier’s possible successor.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.