Vanta upgrades to modern, frictionless networking with Tailscale

Vanta takes the stress out of security by leveraging automation and agents to help companies meet compliance standards, such as SOC 2, HIPAA, ISO 27001, PCI, and GDPR. Strong networking is essential to their business. After using legacy VPNs that created needless friction, they turned to Tailscale for reliable connectivity that meets their high standards.

Nathan Hunstad, Director of Security at Vanta, joins us to share how their teams use Tailscale to transcend the limitations of their previous VPN.

Staying compliant with Vanta

Nathan leads Vanta's Security Engineering and Security Operations teams. He’s responsible for the security of internal infrastructure and works closely with the engineering team to ensure Vanta’s product is developed securely.

As Nathan explains, “Vanta is an agentic trust platform with over 1000 employees. We help our customers achieve compliance, demonstrate compliance to their customers, and maintain that trust when it comes to having the necessary security in place.”

Since its founding in 2018, Vanta has grown quickly due to increasing demand for its services. They provide early warnings to companies at risk of losing compliance, helping them resolve issues in advance to save valuable time, money, and risk.

“We bring a lot of automation to trust management,” shares Nathan. “We have a lot of automated tests, and we're building AI into our product. That allows our customers to get compliant and maintain that compliance with as little manual overhead as possible.”

Discovering Tailscale

“I've used other VPNs, but this one is just much more user-friendly. It probably took us 50% longer to use the previous VPN tools I’ve experienced. There were problems we saw with it that we don't see with Tailscale.”
Nathan HunstadDirector of Security

Tailscale came onto Nathan’s radar when engineers recommended it and vouched for its capabilities. One determining factor in their vetting process was compatibility with GitHub Codespaces, their primary cloud development environment.

“The ability to get into a staging environment by connecting to Tailscale in your Codespace is a really important part of our developer process,” he explains. “We didn't want to introduce any friction where developers couldn't do that.”

Tailscale fit the bill, and after Nathan considered it, he realized it could also help his teams escape the multitude of challenges they’d experienced with previous networking solutions. “The flexibility that we got and the way that it made our developers more effective was something that a lot of them really liked about moving over to Tailscale.”

Ease and simplicity

Nathan personally cites Tailscale’s ease of use and simplicity as big wins. He values the intuitive administrative interface and its convenience, even for new users. He shares, “I’d never used it before, but when I started using it, it was very simple. The administrative interface is also great. I didn't set this up. It was our very smart engineers on the team, but we managed it in Terraform, and that's awesome.”

Managing Vanta’s networking access with Terraform was a significant advantage. This allows Vanta’s teams to manage their infrastructure in a way that better supports their engineers. “We don't have to mess around in the console to make all the changes manually, Nathan explains. “Some of the command-line utilities are also very helpful for troubleshooting. We get a lot of information from there that other VPN tools don't have.”

Vanta’s staff also benefits from Tailscale’s transparency and adaptability. This saves them significant costs by speeding troubleshooting and reducing time wasted on management and maintenance.

As Nathan shares, “I've used other VPNs, but this one is just much more user-friendly. It probably took us 50% longer to use the previous VPN tools I’ve experienced. There were problems we saw with it that we don't see with Tailscale.”

The highest standard of security

Tailscale’s WireGuard-based infrastructure has given Vanta genuine “peace of mind” when it comes to its networking security.

“I trust it, so from a security perspective, I've never had any concerns,” shares Nathan. “It's a very well-architected product, and it integrates with Okta in terms of our authentication needs. So, that's how we gate things in our environment.”

Tailscale Access Control Lists, or ACLs, have also given Vanta’s teams unprecedented control over their security. They allow teams to manage access to their resources granularly, ensuring it’s limited to only what staff members need.

Nathan shares, “The ACLs are very flexible and very granular. We can manage them with Terraform, so we can have the right kind of security controls that we want in the environment. I don't think there's anything we've ever run up against that was concerning from a security standpoint.”

Since Vanta’s teams generally use SaaS tools, they don’t have a traditional corporate network. Their primary use case for Tailscale has been secure access to their production AWS environment and databases, where tighter controls are crucial.

“Obviously, that requires very sensitive access, so we use the ACLs to limit it,” Nathan shares. “It lets us be very granular and say, ‘You can have access to staging infrastructure but not production,’ or ‘You can have access to production, but only read-only.’ It's that granularity that helps us ensure people aren’t getting access unless they need it.”

The next step in strengthening Vanta’s security is automating its permission and access flow. By using Okta combined with Tailscale’s ACLs, Nathan hopes to make their access even more frictionless.

He elaborates, “If you request access to one of these roles, you'll go through automated processes for the most part. You may be auto-approved based on your role, or you may need your manager to approve. But once that's done, you get put in the right Okta group, and that governs your access based on Tailscale’s ACLs.”

An aperture into the future

Vanta’s infrastructure is entirely cloud-based, mostly in AWS, and the majority of its Tailscale users are its engineers and support team members. Tailscale provides their teams with secure access whenever they’re troubleshooting an issue.

“Resources like databases are typically what people need access to when they need to get into production to troubleshoot an issue, so that's a big part of our process,” Nathan explains. While their company uses many tools, they’ve been able to use them seamlessly with Tailscale to stay connected.

“It just works, and that's very rarely true when it comes to security tools,” he shares. “It's not loaded with a bunch of other nonsense that you don't want. It just does something very well. It does it securely, and it's something that I just don't have to think about, which is a good place to be when you are running a security program.”

Looking ahead, Nathan is also considering ways Tailscale could support Vanta’s AI experimentation. He believes using it will ensure their data’s security, and he’s intrigued by Tailscale’s latest feature, Aperture: an AI gateway that provides secure access and visibility into AI workflows.

“AI and vibe-coded apps are a big deal,” he explains. “We're trying to figure out how to enable people to innovate with AI in a secure manner. One way we could do that is to gate some apps behind Tailscale.”

Escape your legacy VPN

Legacy VPNs have fallen behind and expose companies to greater risk, wasted labor, and continuous management hassles. Vanta broke free of these limitations by adopting Tailscale, a single platform that connects teams securely, without creating more hassles.

If a traditional VPN is limiting your team, and you’re done with solutions you have to babysit, contact our team to demo Tailscale.