Brief product summary

Tailscale is a virtual private cloud VPN-alternative which effectively allows you to create your own private internet. Where most VPNs allow individual users to connect to a network and treat their connection as though it originated from within the network, Tailscale stitches together multiple networks (and devices) and treats them as one, redefining the boundaries of the network and its perimeter. Its primary usage is for organizations creating a network between cloud resources without the need for firewall configuration changes.

TailscalePomerium
Similar solution🍎🍊
Context-aware gateway
Open Source
Policy DescriptionsCan only support simple rules.Can support complex rules.
Integrates with multiple Identity Providers
Device authenticationIn partYes, with WebAuthn.
Layer47

Our Recommendation

Tailscale and Pomerium are potentially good complementary solutions, with Tailscale providing reachability and tunneling directly to hard to reach servers while Pomerium provides context-aware access to web applications and services for a true zero trust architecture. If you have servers that are deeply-nested or hard-to-access because they’re buried between complicated layers of networking, Tailscale is a great solution for providing access. For web applications and internal services, Pomerium is a better fit.

Use Cases

  • Digitized perimeter β€” Tailscale is great at connecting various computing environments together.
  • VPN in a trench coat β€” As a nextGen VPN alternative, Tailscale enables users to have remote access to the network from any physical location.
  • In network β€” Administrators can use Tailscale to create secure point-to-point connections.
  • Firewall β€” Organizations can set their desired security access policies.
  • As big as you need it β€” Tailscale is designed to oversee large-scale deployments.
  • A trail of breadcrumbs β€” Management will be happy that Tailscale streams its logs to a central logging server for auditing purposes. A potential downside is that this approach for logging is not as well-validated as MITM.

Strengths

Weaknesses

  • You get what you pay for β€” Some features such as ACL policy or Okta integration are only available for paying users.
  • Network-centric, not application-centric β€” If your organization uses multiple applications and want to maintain a zero trust architecture, the administrators will need to craft specific policies that are hard to maintain at scale.
  • A world to maintain β€” Because you’re effectively creating your own private network, your administrators will need to write policies for all use cases to enforce good security hygiene.

Sign up to be notified of new features and product updates

Try Enterprise