How remote developers can use Tailscale to access corporate resources

Organizations must provide secure and effective remote access to team resources such as databases, apps, servers, and other tools to facilitate remote work. These resources often reside within the corporate network, and developers need a simple, secure, and scalable solution allowing them to connect to them from any device, anywhere.

In this article, we explore the utility of Tailscale in remote work settings and best practices for maintaining security and privacy while accessing corporate resources.

Maintaining Security and Privacy

Company Responsibilities

A strong and effective cybersecurity posture is a collective responsibility that demands proactive involvement from the organization at all levels. For starters, the company needs to establish and enforce a robust set of security policies and guidelines that conform to industry best practices and legal requirements. These policies should clearly define acceptable use of company resources, password protocols, and procedures for handling sensitive data.

Further, the company is responsible for deploying appropriate security tools and infrastructure, such as firewalls, anti-malware software, and secure networking solutions like Tailscale. The organization should also ensure regular updates and maintenance of these tools to address potential vulnerabilities.

In addition to the technical safeguards, the company plays a crucial role in fostering a culture of security awareness. Regular training programs should be conducted to educate employees about potential threats, safe online behaviors, and their responsibilities toward protecting company data.

Finally, the company should have an incident response plan to manage security breaches effectively. This includes timely identification of threats, mitigation of damage, communication with stakeholders, and learning from incidents to avoid future occurrences. The company can significantly strengthen its data security and protect its valuable digital assets by playing an active role in these areas.

Technical Safeguards

Maintaining security and privacy involves upholding standards and critical requirements. The fundamental principle of least privilege should be applied, restricting access rights for users to the minimum level that will allow normal functioning. Users should only have access to the resources they need to perform their tasks, reducing potential damage if a user’s account is compromised. Tailscale provides an administrative console where network administrators can manage these access rights.

Another critical requirement is robust user authentication. Your developers need to use your organization’s identity provider for authentication. Using strong, unique passwords and, if supported, enabling two-factor authentication can significantly improve account security. In addition, regular software updates are crucial. Each update enhances Tailscale’s performance and patches any identified vulnerabilities, providing users with the latest security measures.

You should pay attention to device security. All devices connected to the network should have up-to-date antivirus and anti-malware software installed.

Lastly, you should perform security audits regularly to help monitor the state of the network and to see who accessed what resources. Audits can reveal potential security loopholes and provide insights into adjustments. Maintaining security and privacy with Tailscale requires a multifaceted approach involving both technical aspects of security and good habits from users.

Implementation by Duolingo

Duolingo, the language learning app, has adopted a combination of GitHub Codespaces and Tailscale to enable secure remote development for its engineering teams. Previously, all coding was done locally on individual laptops or desktops, leading to challenges in onboarding new developers and collaborating in the cloud.

By implementing Codespaces, Duolingo engineers can now work in the cloud, significantly reducing setup time and ensuring a consistent development environment for everyone. However, using Codespaces created a need for secure access to private resources behind Duolingo’s firewall. To address this, Duolingo turned to Tailscale to provide secure access to these resources and facilitate team collaboration.

According to Duolingo, Tailscale’s ease of use, clear documentation, and positive reputation among developers were key factors in Duolingo’s decision to select Tailscale. The adoption of Codespaces and Tailscale has streamlined the coding process, reduced onboarding time, and improved collaboration, making it easier for engineers to work with Duolingo’s codebase while ensuring security and stability.

Benefits of Tailscale for Remote Developers

Tailscale provides various advantages for remote developers, including SSH, file transfer, fine-grained yet scalable access control with ACLs, and more:

• Ease of Setup & Management: Tailscale simplifies complex networking and VPN configurations, enabling quick installation and secure connections.
• Secure Access: It securely allows remote access to various corporate resources as if connected directly to the company network.
• File Transfer with Taildrop: Taildrop simplifies secure file transfers between devices.
• Advanced Security: Leveraging WireGuard protocol and ACLs, Tailscale enhances remote access security while ensuring faster speeds and lower latency.
• Cross-platform Compatibility: It operates across multiple operating systems, facilitating a uniform user experience.
• Scalability: It can adapt and expand with your organization without additional complex network configurations.
• Reduced IT Overhead: With simple management and robust security features, Tailscale alleviates the load on IT teams.

How to set-up Tailscale for Remote Developers

Tailscale makes it easy to enable your remote developers to work from anywhere. Here’s an overview of how it works:

1. Install Tailscale: First, users install Tailscale on their devices. The Tailscale client is compatible with various operating systems, making it flexible for remote workers using multiple platforms, including Windows, MacOS, Linux, iOS, Android, and more.
2. Login to Tailscale: After installation, users must log in with their corporate credentials through an identity provider (like Google Workspace, Office 365, GitHub, or a custom OIDC provider) supported by Tailscale, ensuring that only authorized users can access the network.
3. Connect to the Network: Once authenticated, each device becomes part of the private Tailscale network (called a tailnet). The device can connect directly and securely to other devices in the network, regardless of their location.
4. Access Resources: With Tailscale, corporate resources like databases, applications, file servers, and other tools are securely accessible from the worker’s device as if they are physically connected to the office network. Tailscale allows users to securely connect to these resources using their native client software, offering a seamless experience.
5. Manage Access: Through the Tailscale admin console, network administrators can manage access to corporate resources. They can specify which users, or groups of users, have access to specific resources, ensuring that each remote worker only has access to the tools and data they need. This principle of least privilege enhances security while maintaining flexibility.

The end user’s experience is similar to being directly connected to the corporate network, with access to the required resources from any device, at any time, from any location. Tailscale ensures that the connection is secure, reliable, and consistent.

With Tailscale’s advanced networking features, remote workers can securely access corporate resources, boosting productivity and efficiency. It is made possible by Tailscale’s mesh network model, which is built on the WireGuard protocol, offering a secure, user-friendly, and scalable solution.