Least privilege
Rights are limited by role, device and target. Access does not mean the entire network.
Security
A good tailnet is not merely a working connection. It is a documented access-control model where identity, device, role, service and continuity form one system.
Rights are limited by role, device and target. Access does not mean the entire network.
SSO, groups and user removal control network rights through centralized policy.
Critical services can be limited to managed devices that meet defined requirements.
Policy, changes, roles and routes can be documented and reviewed.
SSH access can move away from unmanaged keys and user-specific exceptions.
High availability and key rotation for connectors, subnet routers and critical routes need clear ownership.
NIS2 and ISO 27001
NIS2 emphasizes risk identification, appropriate controls, continuity and supply-chain security. In ISO 27001 environments, Tailscale is particularly relevant to access control, remote access, change management, logging and supplier access.
Learners First connects Tailscale's technical features to the security management model: which control is implemented, how it is operated and how it is evidenced.
Hardening checklist
Start with a real use case
We review your remote access, cloud services, administrator models and the first sensible deployment.