ADP Security Chief Roland Cloutier Departs to Become Chief Information Security Officer (CISO) at China-owned TikTok
TikTok, the controversial and wildly popular social video app maker, announced on Thursday that Roland Cloutier will join the company as Chief Information Security Officer (CISO).
TikTok is owned by Beijing-based startup Bytedance, and has been under fire and accused of being vulnerable to spying by the Chinese government.
Cloutier joins TikTok from ADP where he served as SVP and Chief Security Officer, overseeing the company’s cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.
As CSO at ADP, Cloutier was responsible for leading security initiatives for a company holding some of the most sensitive data for American and global companies. He also spent more than a decade serving the United States Air Force, Department of Defense and Department of Veterans Affairs.
ADP is the largest payroll processing company in the United States and provides other business process outsourcing solutions for its customer base of more than 740,000 clients in across more than 140 countries.
Cloutier now will be tasked with protecting a social platform and mobile app ecosystem used by hundreds of millions of users creating and sharing short-form videos.
“Roland will work with a global team, but the Mountain View office is where we have largely focused on building out our security team, which he will lead,” a TikTok spokesperson told SecurityWeek.
In October 2019, two senators warned that Chinese law could compel the company “to support and cooperate with intelligence work controlled by the Chinese Communist Party.” TikTok — separate to the Chinese version of the software — is now headquartered in Los Angeles, and denies this. “We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period,” it previously said.
News of Cloutier’s appointment comes just one day after US officials issued additional warnings about the potential security risks of using TikTok and calls to ban the app from being used on government devices.
In December 2019, a student in California filed a class-action lawsuit against TikTok, which accused the company of harvesting large amounts of user data and storing it on servers in China.
According to Samm Sacks, a cybersecurity fellow at the New America Foundation specializing in China, the Chinese government could “essentially require anything that they want of these companies.”
Even with concerns of the Chinese government put aside, researchers have found several security issues with the TikTok app itself. In January, researchers from Check Point disclosed multiple vulnerabilities in the app that could easily be exploited. These could lead to an attacker uploading false videos and deleting genuine videos, changing video status from private to public, and extracting sensitive personal data, such as users’ full names, email addresses and birthdays.
Despite the challenges facing the China-owned company, Cloutier says he is excited about the new role.
“There has never been a more exciting or challenging time to serve in the security field,” Cloutier said in a prepared statement. “I am looking forward to working with my new colleagues at TikTok to develop the solutions required to protect our hundreds of millions of users and creators around the world.”
Reporting to company head Alex Zhu, Cloutier will start in the position in early April.
TikTok is not the only Chinese company luring high profile security talent from American companies and government organizations. Andy Purdy, who previously served as a senior cybersecurity official for the U.S. Government, was hired in 2012 by controversial Chinese telco equipment maker Huawei to serve as Chief Security Officer for its U.S. division.
ADP has made an internal staff move to fill Cloutier’s position.
According to an ADP spokesperson, Dave Martin, Vice President, Threat and Incident Management, has assumed the role of Chief Security Officer at ADP, effective immediately. “Mr. Martin is an industry-recognized and respected thought leader, with a proven ability to build and lead large global security teams and programs,” the spokesperson told SecurityWeek.
*Updated with information from ADP
Related: Army’s Use of TikTok App Raises Concerns on Capitol Hill
Related: China-Made TikTok App Riddled With Security Holes: Researchers