Whether you are working remotely or in an office, development teams need access to various resources and applications to do their job. At most organizations, IT teams, often in consultation with security or DevSecOps, are tasked with making this happen.
The reality is most corporate VPNs are difficult to set up and time-consuming to manage which causes internal conflict because:
- developers want a VPN solution that’s fast, reliable, and easy to set up
- security teams want a VPN solution that’s secure, compliant, and lets them manage access
- IT teams want to balance these priorities with an integrated solution that’s easy to manage
The challenge is that developers will periodically circumvent the processes put in place by security and IT teams if they’re too cumbersome. This can lead to conflict, “shadow IT”, and outcomes that no one wants.
In 2023 SauceLabs Developers Behaving Badly report, we learn that this year of mass layoffs in tech have left 77% of developers with extra work and cutting corners such as using untested code generated by ChatGPT or using a colleagues credentials to login to critical systems.
Tailscale co-founder and CEO Avery Pennarun says “Traditionally developers have to make a tradeoff between security and convenience. At Tailscale, we want to make the path of least resistance the safest one. When you do that, devs start doing the right thing by default. They feel like the security team is their partner instead of a barrier.”
In this article, we will cover:
- Why providing secure remote access to company resources (via VPN) is challenging
- How Tailscale secures remote access to internal applications
- Enable secure remote access to internal applications
- How to scale and expand a Tailscale deployment
Why providing secure remote access to company resources via VPN is challenging
Giving users secure remote access to company resources using a legacy VPN can be difficult for a number of reasons:
- Remote employees often work from unexpected locations using a wide range of devices. To ensure developers can work effectively, and maintain productivity, any solution put in place by an organization must work across platforms and environments.
- It’s hard to secure remote access to different resources such as applications, databases, and internal/external services when they contain sensitive customer data, intellectual property, and other proprietary information. Understanding the gravity of this challenge becomes even more apparent when organizations assess the potential harm from a malicious actor getting unauthorized access — which could lead to financial, reputational, and other damages. Thus, the necessity to implement strong security measures for asset protection is indisputable.
- Companies often operate within existing regulatory and compliance frameworks. Certain industries must comply with regulations like GDPR, CCPA, and HIPAA to protect sensitive data. In this context, VPNs serve as an essential tool to achieve the degree of privacy and confidentiality required.
- Giving remote employees access to internal applications, usually hosted on private networks or protected by firewalls, is another concern. IT and security departments manage network segmentation and network access control lists (ACLs) to thwart unauthorized access to team resources, underlining the complexities of providing secure remote access in a diverse and dynamic environment.
How Tailscale secures access to team resources
Tailscale is a mesh-capable overlay network that lets users create a software-defined network that makes the devices, applications, and resources they own accessible anywhere in the world, securely and effortlessly. We also learn in the SauceLabs reports that 75% of developers admit to circumventing security protocols such as disabling MFA or an unstable VPN, tools like Tailscale become ever more important.
Tailscale provides robust encryption and authentication mechanisms to ensure that your team always has secure and reliable remote access to shared resources. Here are the key features:
- Industry-leading encryption protocols protect data transmitted over the network. Tailscale employs the WireGuard protocol, which utilizes state-of-the-art cryptographic algorithms, including Curve25519 for Key exchange and ChaCha20 and Poly1305 for data encryption and integrity. This level of encryption helps ensure that data remains confidential and tamper-proof during transit.
- Mutual authentication mechanisms ensure secure device connections. Each device in your Tailscale network has a unique cryptographic key pair, and authentication occurs during the initial handshake. This mutual authentication ensures that devices verify each other’s identity before establishing a secure connection, helping to prevent unauthorized access.
- Identity provider (IdP) based login supports single sign-on (SSO) or multi-factor authentication (MFA) for every user on your network. Enabling multi-factor authentication in your IdP adds an additional layer of security, requiring users to provide a second verification factor in addition to their login credentials — such as a unique code received via an authenticator app via SMS. Tailscale lets you use any identity provider to authenticate users, and supports advanced settings like MFA.
- Tailscale employs robust security, authentication, and authorization mechanisms to establish an intuitive network that remote employees can rely on. By implementing the above measures, Tailscale helps ensure that your confidential and proprietary information is protected.
For additional information, read about Tailscale’s approach to security here.
Enable secure remote access to internal applications
Every year, more organizations rely on web-based SaaS, but many teams (particularly in development) prefer to host their applications to address short-term or team-specific needs. Enabling access to these applications via Tailscale offers numerous benefits and is a great way to let remote teams securely access them from anywhere in the world.
- Give users secure remote access to resources without making them available to the public internet.
- Tailscale works on all major operating systems, and it’s easy to set up by installing the client or setting up a subnet router.
- Roaming lets remote employees seamlessly move from one location to another without losing connectivity.
- NAT traversal helps establish connectivity despite complex/restrictive firewalls, and DERP relays are always available as a backup.
- Tailscale ACLS, device tags, and groups let you manage who has access to what
- With 100+ integrations, use Tailscale with the stack your team trusts.
- Tailscale allows users to securely connect to the internal network and access applications from any location with an internet connection. This flexibility enhances productivity and enables remote work scenarios.
- Tailscale streamlines the process of setting up remote access. It eliminates the need for complex VPN configurations, port forwarding, or dealing with firewall restrictions. Users can easily connect to the Tailscale network without extensive technical expertise.
- Tailscale operates efficiently across various network environments, including home networks, public Wi-Fi, or cellular networks. It adapts to different network conditions, ensuring reliable connectivity for remote access.
- Tailscale can traverse NATs and firewalls seamlessly, establishing connections even in restrictive network environments without requiring manual port forwarding configurations.
- Tailscale integrates with existing infrastructure and networking tools, leveraging identity providers and authentication systems for enhanced compatibility.
Connecting from your personal device to internal applications on your Tailscale network (tailnet) is pretty straightforward:
- Install Tailscale: Users can install Tailscale on their personal devices, and we provide native clients for all major operating systems including Windows, macOS, Linux, iOS, and Android.
- Log in: Users sign with SSO using their personal or professional email addresses. Once authenticated, the device will be added to their account, and they’ll join the tailnet associated with the domain used to sign in.
- Access applications: Once connected to the tailnet, users can access the internal applications they have access to (defined in the account ACLs), by accessing their internal URL or IP addresses. For internal applications, Tailscale routes traffic over the network — allowing remote users to access internal applications, without exposing them to the public.
Simplified setup and reliable connectivity make Tailscale a valuable solution for enabling secure access from anywhere.
How to scale and expand a Tailscale deployment
When discussing the scaling and deployment of Tailscale, it’s crucial to note that providing user-friendly and efficient solutions can deter developers from seeking shortcuts that might compromise security. Here is a few examples:
- Add more devices: Scaling up is as simple as installing the Tailscale client on any new devices you want to add to the network. These devices will connect to your Tailscale network automatically.
- Set up a subnet router: A key feature of Tailscale is that it supports subnet routers, so you can incrementally transition VPCs, local offices, and other networks to Tailscale — creating a subnet that lets you communication with any device or virtual machines in that subnet — where you can’t, or haven’t installed Tailscale yet. This can simplify bringing zero trust into your network, and managing a distributed development environment. For instance, if you want to connect a new development server to your existing infrastructure, you can install Tailscale on that server, authenticate the device, tag it appropriately, and automatically give your developers access to the server.
- Update access controls (ACLs): A critical element of zero trust networking is managing who has access to what. Tailscale uses an editable HuJSON (human-readable JSON) file to manage access.. HuJSON permits comments, trailing commas, and unquoted keys, making it much more user-friendly for both technical and non-technical users to configure ACLs.
- Integrate with your identity provider: Tailscale uses your existing identity provider (i.e., GSuite, Office 365, Okta) for user management, which means it scales with your organization. If you add or remove users from your identity provider, these changes are automatically reflected in Tailscale.
With these features, you are now free to confidently expand your network as your organization grows. Tailscale provides the scalability to support your growing needs — without compromising security, performance, or usability.
Tools like Tailscale solve developer access issues and make sharing credentials or circumventing systems not tempting because the path of least resistance is also the most secure.
While buggy software may not have immediate repercussions beyond extra support tickets, the opportunity cost of bad code is significant. Company leaders are responsible for setting the strategy, and if developers are constantly taking shortcuts and security risks, that’s a sign that leaders need to set clearer expectations. Tailscale provides a modern solution to a modern problem, ensuring secure access without compromising speed or user experience.
Tailscale Customer Stories
Instacart uses Tailscale to maintain HIPAA compliance, which is necessary for providing prescription medication via delivery. Tailscale ACLs and exit nodes give Instacart fine-grained control over who can access their HIPAA-compliant environment, making compliance less of a headache..
VersaBank combines internally-developed software with Tailscale to deploy a pure software solution that enables their employees to connect seamlessly and securely to all of the bank’s servers across multiple offices and cloud service providers. Tailscale has become a key part of their business continuity plan. Their entire team can now confidently work from any remote location, and avoid service interruptions.
Visit Tailscale.com to learn more, sign up for a free trial, or contact our sales team to discuss your needs. If Tailscale sounds like a good fit, it’s free to try,, and you can download Tailscale on any device.
Get started with Tailscale today.
Frequently Asked Questions
Here are some answers to common questions.