As organizations expand across cloud platforms and remote work environments, the traditional concept of a single, trusted corporate network proves inadequate. Tools and controls are layered on to compensate, increasing overhead for IT, limiting visibility for security leaders, and introducing friction for distributed teams. Many organizations seek to simplify control while ensuring reliable, high-performance access at scale.
Tailscale is a secure connectivity platform that enables organizations to build programmable networks between users, devices, and infrastructure. By integrating with identity providers and applying access rules at the connection level, Tailscale replaces static, perimeter-based networking and improves visibility and control.
Tailscale commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) that organizations may realize by deploying Tailscale.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Tailscale on their organizations.
213%
Return on investment (ROI)
$2.1M
Net present value (NPV)
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five decision-makers across four organizations with experience using Tailscale. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization that has $1 billion in annual revenue and 3,000 employees.
Prior to Tailscale, the interviewees’ organizations relied on layered networking components to connect their employees, devices, and workloads. Some organizations purchased VPNs and remote access vendor solutions, which were maintained by their IT departments. Other organizations built custom networking capabilities to address specific connectivity use cases such as application workloads and remote IoT operations. However, as the organizations’ networking needs became increasingly granular, their existing solutions created connectivity, security, and compliance concerns. IT teams grew frustrated with configuration efforts, lack of transparency into access rules, and extensive overhead for infrastructure maintenance. Employees experienced continued disruption due to performance issues, and organizations faced a heightened risk of security incidents from freely distributed shared keys.
With an investment in Tailscale, interviewees’ organizations adopted an identity-scoped connectivity model, which allowed them to better support and scale their distributed operations. They consolidated prior infrastructure and reduced the effort required to provision and maintain remote access across all managed resources. Finally, they strengthened network security posture by applying least privilege access principles and decreased the likelihood of operational outages by streamlining key workflow production tasks. End users also experienced productivity gains in their day-to-day work as connectivity issues decreased.
“For me, it was around cost, ease of deployment, and engineer and developer happiness — that’s where Tailscale edged out to us.”
CISO, software
“We eliminated a bunch of infrastructure, decreased operational overhead, and reduced developer friction with the new platform. The overall architecture is much simpler and more secure.”
Technology fellow, retail
Key Findings
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Increased operational overhead efficiency. Tailscale reduces networking complexity, enabling the composite to gain 60% efficiency on time previously spent administering remote access for its managed resources. This includes tasks such as provisioning and maintaining access across end-user devices, IoT devices, and application infrastructure; addressing IT support tickets; and preparing compliance reports. Over three years, this is worth $282,000 in labor savings.
Simplified network architecture. In transitioning to Tailscale, the composite retires its prior VPN and remote access server solution and reduces workload networking spend by retiring components including load balancers and armor policies. Over three years, this is worth $1.2 million in cost savings.
Enhanced end-user productivity. All employees at the composite gain 50% efficiency on time previously spent resolving connectivity and access roadblocks by using Tailscale. As direct connectivity improves latency and reduces disruptions for distributed teams, employees spend more time on productive activities. Over three years, this is worth $734,000 in labor savings.
Strengthened security. The composite’s Tailscale users gain access to key security features such as just-in-time (JIT) access, default deny policies, and least privilege access. Tailscale’s identity-scoped access inherently limits users to explicitly permitted services, rather than broad access with enforcement control layered on top. With Tailscale, there is a 70% reduced risk of exposure to breach costs for addressable attacks. Over three years, this is worth $861,000 in cost avoidance.
Reduced operational outage risk. As the composite transitions its application workloads to infrastructure using Tailscale, the risk of an incident causing an operational outage decreases by 80%. There is also less likelihood that misconfiguration causes production to stop. Over three years, this is worth $12,000 in cost avoidance.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Supports business compliance processes. Through its identity management integration with Tailscale, the composite improves visibility into user access and permissions across the managed resources in its network. This transparency improves business compliance processes and logging and smooths communication with auditors.
Increases IT ops and developer collaboration. With Tailscale, developers gain direct visibility into access policy management and reviews instead of relying on IT to communicate access changes. This increased transparency, made possible via infrastructure as code, increases trust between the two groups.
Provides a strong vendor partnership. Tailscale’s technical support and relationship management teams serve as partners to the composite. This partnership helps resolve immediate IT and engineering needs and facilitates collaboration on new networking capabilities to continuously improve connectivity.
Supports end customers’ security requirements. Tailscale affords the composite the ability to implement Zero Trust principles and ensure no unauthenticated remote access is possible on its customers’ devices. These strengthened security measures allow the composite to meet its customers’ strict IT and security requirements.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Tailscale fees. The composite pays $10 per user per month to access Tailscale. Over three years, this totals $940,000.
Implementation. A combination of IT, engineering, and security resources at the composite dedicate four-and-a-half weeks to configure Tailscale on managed devices. Over three years, this totals $13,000.
Ongoing management. The composite dedicates 10 hours a month to user management activities and new projects that involve configuring Tailscale. Over three years, this totals $22,000.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $3.1 million over three years versus costs of $975,000, adding up to a net present value (NPV) of $2.1 million and an ROI of 213%.
• Remote ops for IoT devices • Machine-to-machine communication
Key Challenges
Prior to implementing Tailscale, interviewees said that their organizations’ networking solutions created connectivity, security, and compliance issues. And as these organizations scaled in size and complexity, the solutions limited their ability to innovate. Interviewees noted how their organizations struggled with common challenges, including:
Connectivity.
Poor performance, especially for distributed employees. Forrester research states: “VPN performance issues, more than any other factor, drove enterprises to adopt ZTNA for secure remote access to keep their remote employees working.”2 The interviewees emphasized how poor VPN performance negatively impacted their organizations’ productivity. The CISO at a software organization said: “One of the big issues with our prior VPN solution was that we weren’t doing split tunnel. Traffic was flowing back over the tunnel for video conferencing, and we really wanted better control over this. Teams in Australia were really hurting when the traffic would have to leave out of the US.”
Virtual private cloud (VPC) networking challenges. The technology fellow at a retail organization said:“We have many, many Kubernetes clusters. VPC networking can be tricky when you’re navigating across multiple VPCs and networks. [The goal] was a new architecture where we eliminated these challenges.”
Security.
Bypassing network rules. The CISO at a software organization said: “There were a number of times when we used to bypass the network rules [in our old environment] because they were flunky and hard to manage. We have contractors in India where we could never get our prior VPN to work for them.”
Visible, shared keys. The director of IT at a software organization said: “[Our old solution] was literally a shared key that we passed around to people and I hated it from the first moment. From a security perspective, it was terrible.”
Control and governance.
Lack of transparency for access rules. The CISO at a software organization said:“We had a number of ClickOps-related issues in the past where IT or system administrators would make rule changes and they wouldn’t get recorded in change management. It just wasn’t as transparent.”
Difficulty setting up integrations. The CISO at a software organization said, “We tried many times to deploy our prior VPN’s rules for posture management, but we never got it integrated well with our setup.”
Bring your own device (BYOD) limitations. The CISO at a software organization said: “This was another advantage of Tailscale. A lot of employees have cell phones. But at the time, we never really had anyone use [our prior VPN] on these devices, so they couldn’t access internal resources even if it was a BYOD-managed device. This is a lot easier now.”
Poor user interface. The CISO at a software organization said, “Employees were just confused with [our prior VPN’s] user interface.” Expressing a similar sentiment, the director of IT at a software organization said: “We started out with a different VPN, which really was terrible to access the back end. We didn’t have a really good way to do multi-user authentication and it wasn’t a great user experience.”
“I am not a big fan of more traditional VPNs. They tend to limit you a bit too much. [But] with Tailscale, we’re even looking into putting our SaaS tools to make better use of posture checking.”
Director of IT, software
Investment Objectives
The interviewees searched for a solution that could:
Support a remote-first workforce.
Remove friction for engineers and developers.
Consolidate various networking infrastructures across their environment.
Reduce implementation and management time required for IT and infrastructure teams.
Fulfill a range of networking and connectivity use cases, including VPN, remote access, device posture management, application networking, and IoT networking.
“We are a remote-first company. I think Tailscale has a considerable benefit in this area. We don’t really have a corporate network per se. The ability to have a tool that gives a virtual corporate network as needed continues to appeal.”
Director of IT, software
“I would tell [prospects] to look at simplicity of implementation and ongoing management. When I looked at setting up other tools, they were more complicated to provision and manage.”
Infosec architect, software
After an RFP and business case process evaluating multiple vendors, the interviewees’ organizations chose Tailscale and began deployment. The interviewees mentioned the following reasons for choosing Tailscale:
Prior experience. The CISO at a software organization said: “We eventually set out on a project to rethink what remote access would look like for employees and, specifically, engineers.We looked at a couple different solutions to [see] what could be usable across the board. We had known Tailscale, as some security engineers had used it in their personal lives. It became a contender. We evaluated it and selected it.”
Infrastructure as code. The CISO at a software organization said: “A really big [advantage] for our teams was the ability to define the access rules in infrastructure as code. It’s more modern and it is all reviewed through pull requests, which is great for showing auditors why access control rules have changed.”
Scaling needs. The technology fellow at a retail organization said: “Our use case was slightly different than VPN access for users. We did some prototyping and testing with them, and we were able to confirm that it was going to scale to meet our volume needs.”
Fully featured for modern networking. The technology fellow at a retail organization said: “WireGuard doesn’t have parts of the platform that we ended up using, such as access control list (ACL) tags and grants, all of the extra policy components that Tailscale offers, and the capabilities around NAT traversal. We would have had to build these components ourselves.”
Mesh networking approach. The director of IT at a software organization said: “I liked the approach of wire-mesh right away. That was very appealing. Typical VPNs are a little bit more structural. With Tailscale, you are acting like you’re on a local network.”
Identity-based platform. The director of IT at a software organization said, “Part of the push originally to move to Tailscale was really to have the identity-based capability that we didn’t have at the time.”
Integrations. The CISO at a software organization said, “We’ve [integrated] our security information and event management (SIEM), our development platform, posture management platform, and identity management.” Similarly, the VP of software at a logistics organization said, “It’s integrated with our single sign-on, SIEM, data visualization tool, communication platform, and our own internal applications.”
Composite Organization
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite is a global, remote-first organization with $1 billion in annual revenue. It has 3,000 employees; 750 are technical resources comprising engineers and developers.
Deployment characteristics. The composite uses Tailscale for two purposes: to provide technical and nontechnical employees remote access to internal resources and production systems and to enable remote access to IoT devices and networking needs for application workloads using Kubernetes infrastructure. Tailscale is integrated with the composite’s identity management solution.
KEY ASSUMPTIONS
$1 billion annual revenue
Global, remote-first operations
3,000 employees
750 developers and engineers
Analysis Of Benefits
Quantified benefit data as applied to the composite
Total Benefits
Ref.
Benefit
Year 1
Year 2
Year 3
Total
Present Value
Atr
Operational overhead efficiency
$113,400
$113,400
$113,400
$340,200
$282,009
Btr
Simplified network architecture
$467,500
$467,500
$467,500
$1,402,500
$1,162,603
Ctr
End-user productivity
$295,004
$295,004
$295,004
$885,011
$733,630
Dtr
Strengthened security
$346,416
$346,416
$346,416
$1,039,248
$861,485
Etr
Operational outage risk reduction
$4,734
$4,734
$4,734
$14,202
$11,773
Total benefits (risk-adjusted)
$1,227,054
$1,227,054
$1,227,054
$3,681,161
$3,051,500
Operational Overhead Efficiency
Evidence and data. Forrester research states, “IT networking sparks a visceral reaction of disdain, with many leaders hoping to ignore it or hide from its painful complexity.”3 Interviewees highlighted this complexity: Their organizations required a combination of IT, engineering, and infrastructure teams to build, integrate, and monitor their networking solutions. Specific tasks included provisioning devices, configuring authentication and authorization rules, troubleshooting end-user questions, and preparing compliance reports. Tailscale enabled the interviewees’ organizations to reduce the time dedicated to these activities with its intuitive user interface and automated user management via identity integration. Additionally, Tailscale reduced provisioning infrastructure complexity by simplifying the organizations’ architectures and enabling them to retire various networking components.
The CISO at a software organization shared three examples of time savings:
IT support tickets. “I would estimate 10 tickets per month of users who had issues connecting to [our prior VPN]. They didn’t understand where to log on. That has more or less gone away with Tailscale.”
User management. “The benefit with Tailscale for IT is the identity management integration. From [IT’s] perspective, they can better control the user groups directly. Whereas before, they had to log in to a different tool to add users and send out an endpoint for them to connect to first.”
Compliance prep. The interviewee estimated saving a few hours on compliance audit preparation as a result of Tailscale’s integration with their organization’s identity management solution.
The infosec architect at the software organization said: “The value for IT is that it is not something we think about. It’s something we set up, and it tends to work. We’ve had five total Tailscale tickets in the last six months at the company, and to be honest, I was surprised it was that high because you never hear about it.”
The VP of software at a logistics organization spoke about IT and engineering team efficiencies:
IT efficiency. “I can definitely imagine that if we had scaled up the [homegrown] approach, we would have spent significantly more time on the overhead of managing authentication rules and access credentials. A top estimate for me would be 50% of the time that we would otherwise use provisioning users and certificates is gone by virtue of using Tailscale.”
Engineering efficiency. “It significantly reduced the amount of administration time that’s involved in maintaining and updating the VPN infrastructure. There were VPN servers that needed to be commissioned and certificates issued. We initially had half an FTE managing remote access, and now basically have the same setup despite having an organization that is 50 times the size.”
The technology fellow at a retail organization said: “[For our application infrastructure], there’s less to provision. We don’t have to use Kubernetes HTTP gateways, so it cut time. We don’t have to use Kubernetes ingresses or services, so it cuts out a ton of YAML.”
Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:
The composite dedicated three FTEs to managing remote access in the prior environment. Activities included provisioning managed resources for end-user devices, IoT devices, and application infrastructure where it had a mix of prior solutions and homegrown capabilities. With Tailscale, this team gains 60% efficiency with its tasks.
The average fully burdened annual salary for a technical resource is $140,000.
Only 50% of the recaptured work is spent on productive activities.
Risks. This benefit may vary among organizations depending on:
The size and complexity of devices in an organization’s managed environment.
Associated salaries for technical resources.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $282,000.
“The provisioning is breathtakingly simple.”
Director of IT, software
“IT people like stuff they don’t have to manage and don’t hear about. That is the gold standard. I have enough problems.”
Infosec architect, software
60%
Efficiencies gained for FTEs managing remote access
Operational Overhead Efficiency
Ref.
Metric
Source
Year 1
Year 2
Year 3
A1
FTEs dedicated to managing remote access in the prior environment
Composite
3
3
3
A2
Efficiency with Tailscale
Interviews
60%
60%
60%
A3
Average fully burdened annual salary for a technical resource
Composite
$140,000
$140,000
$140,000
A4
Productivity recapture
TEI methodology
50%
50%
50%
At
Operational overhead efficiency
A1*A2*A3*A4
$126,000
$126,000
$126,000
Risk adjustment
↓10%
Atr
Operational overhead efficiency (risk-adjusted)
$113,400
$113,400
$113,400
Three-year total: $340,200
Three-year present value: $282,009
Simplified Network Architecture
Evidence and data. Beyond operational overhead labor savings, interviewees explained that investing in Tailscale enabled their organizations to retire prior VPN and remote access infrastructure — and in some cases, to sunset infrastructure components previously necessary to run their provisioned architecture.
The CISO at a software organization said: “We were able to sunset multiple solutions like our [VPN] and [remote access solution]. We were paying for users to have access to three VPNs because depending on what they’re doing there, they may need to disconnect and reconnect to a different one.” They estimated saving approximately $120,000 for the VPN and between $60,000 and $75,000 for the remote access solution.
The technology fellow at a retail organization explained: “On the new platform, we got rid of some components — there’s no more load balancers to manage the ingress into the cluster, no more armor policies to manage the security of those particular load balancers, and we don’t need the NAT components to egress because it just goes through Tailscale. We’re able to cut all that stuff out. Now applications are deployed to Kubernetes and then our mesh takes over from there. This is a major cost savings from our perspective.” The interviewee continued: “If you look at the ability to connect a workload from one cluster to another cluster, using the load balancer, armor policies, and NAT, as compared to the way we’re doing it with Tailscale, the cost is [now] approximately 80% less from an egress networking perspective. I don’t know that we’ve realized all 80%, as there will be variance in how teams are processing and doing network egress. But we’re definitely seeing double-digit savings because of the costs we avoid.”
Modeling and assumptions. Forrester assumes that adopting Tailscale enables the composite to retire networking infrastructure in its prior environment (e.g., VPN solution, remote access solution) for savings worth $550,000. This also assumes all employees had access to the VPN solution and only technical employees had access to the remote access solution.
Risks. This benefit may vary among organizations depending on whether or not they fully retire software or hardware and the associated costs.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.2 million.
Simplified Network Architecture
Ref.
Metric
Source
Year 1
Year 2
Year 3
B1
Cost for retired network infrastructure solutions
Interviews
$550,000
$550,000
$550,000
Bt
Simplified network architecture
B1
$550,000
$550,000
$550,000
Risk adjustment
↓15%
Btr
Simplified network architecture (risk-adjusted)
$467,500
$467,500
$467,500
Three-year total: $1,402,500
Three-year present value: $1,162,603
End-User Productivity
Evidence and data. Interviewees shared how technical and nontechnical end users faced connectivity issues and developmental roadblocks in their prior networking environments. With Tailscale, connectivity improved by enabling direct connections, and end users recaptured time previously wasted on resolving issues with IT.
The CISO at a software organization said: “We never really ran [our prior VPN] as an always-on situation, as we had to give employees a specific endpoint to connect to that was unique to us. With Tailscale, it’s not forced always-on, but because we don’t have the split tunnel issue, people are largely leaving it always-on. Tailscale is transparent. When we look at the metrics, it’s pretty stark that most people just leave it on because it doesn’t cause any issues for them. Before, I would say [people spent] between 30 minutes to an hour per month dealing with connectivity issues. That’s more or less gone away. Additionally, users overseas notice the performance improvements from not having to transit their traffic back to the US.”
The VP of software at a logistics organization said: “It’s a significant enhancement for end users. It’s a day-to-day tool for the engineering team and they never complain about it, which is rare in my experience. I would say the engineering team is easily saving 75% of the issues that they might normally get with remote access and authentication to remote devices.”
The technology fellow at a retail organization shared three ways their organization’s engineers gained productivity through Tailscale:
Easier onboarding. “From an operational perspective, we’re trying to take friction out of the process. For onboarding, the security is built into the platform so developers don’t have to go through the process of getting a client certificate or getting OAuth to client secret and provisioning that, and rotating it, and maintaining it. They just deploy to the platform, they get a Tailscale key automatically, and they’re done.”
Improved latency. “Everything is essentially one hop away from everything else, irrespective of the number of VPCs or Kubernetes clusters that are running. This new architecture uses a model where we essentially treat everything like a flat network. We’re able to connect all of these clusters together and eliminate the challenges of VPC networking. We cut down on latency because of the more direct networking capabilities. We’re seeing somewhere in the neighborhood of 40% better latency numbers. That’s been a good operational win.”
Less down time for developers. “We use subnet routers as part of the platform for on-prem access. That was a big unlock. It does save a lot of time for the developers if they need to access on-prem resources because instead of waiting for days to get a firewall request approved or security team, they can come back through this preapproved tunnel, as it were.”
Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:
There are 750 engineers and 2,250 nontechnical employees.
Each engineer spent 15 hours resolving connectivity and development roadblock issues in the prior environment. This decreases by 50% with Tailscale.
The average fully burdened hourly rate for a technical resource (engineers, developers, etc.) is $67.
Each nontechnical employee spent 6 hours resolving connectivity issues in the prior environment. This decreases by 50% with Tailscale.
The average fully burdened hourly rate for a nontechnical employee is $47.
Only 50% of all recaptured time is spent on productive activities.
Risks. This benefit may vary among organizations depending on:
The number of employees, the split between technical and nontechnical employees, and the associated salaries.
Whether or not employees encountered connectivity issues with their prior networking infrastructure.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $734,000.
“The benefit you get with Tailscale [over other providers] is that it makes a direct connection between data centers. From that perspective, [connection] gets faster. The way traffic used to route is we would have a concentrator hosted by [our vendor] in one location and it would connect back to another one.”
CISO, software
50%
Productivity lift from resolving connectivity issues
End-User Productivity
Ref.
Metric
Source
Year 1
Year 2
Year 3
C1
Engineers
Composite
750
750
750
C2
Time spent per engineer resolving connectivity and development roadblocks in prior environment (hours)
Composite
15
15
15
C3
Efficiency with Tailscale
Interviews
50%
50%
50%
C4
Average fully burdened hourly rate for a technical resource
A3/2,080
$67
$67
$67
C5
Productivity recapture
TEI methodology
50%
50%
50%
C6
Subtotal: Engineer productivity
C1*C2*C3*C4*C5
$188,438
$188,438
$188,438
C7
Nontechnical employees
Composite
2,250
2,250
2,250
C8
Time spent per nontechnical employee resolving network connectivity issues (hours)
Interviews
6
6
6
C9
Efficiency with Tailscale
Interviews
50%
50%
50%
C10
Average fully burdened hourly rate for a nontechnical employee
Composite
$47
$47
$47
C11
Productivity recapture
TEI methodology
50%
50%
50%
C12
Subtotal: Employee productivity
C7*C8*C9*C10*C11
$158,625
$158,625
$158,625
Ct
End-user productivity
C6+C12
$347,063
$347,063
$347,063
Risk adjustment
↓15%
Ctr
End-user productivity (risk-adjusted)
$295,004
$295,004
$295,004
Three-year total: $885,011
Three-year present value: $733,630
Strengthened Security
Evidence and data. Forrester research states, “You must explicitly define trust, continuously review it, and inform it with context for every access session. These pieces of context can be the posture of a device, type of workload, attributes around an identity, and more.”4 In line with this principle, interviewees emphasized the importance of implementing strategies that would ensure secure remote access. They explained that through default deny policies, JIT access, identity-centric approaches, and device posture checks, their organizations strengthened security measures across their networking environments.
The technology fellow at a retail organization shared two examples of where Tailscale provided value:
Identity-centric approaches and default deny policies. “There’s a process where application owners can request authentication to another application, the owner of the upstream application can approve that, and then it gets automatically wired into the mesh — so all the authentication is built in through our developer portal. They can stitch in connectivity from other applications. Because it’s default deny, it provides us [with] a reasonably good layer for security that is self-managed by the app teams. Everything gets an identity and a workload identity. Not only are they in charge of their own authentication policies, but from a security perspective, we know exactly who’s talking to what right down to the IP address.”
JIT access. “Tailscale provides emergency SSH access that’s provisioned just in time. There’s no standing access, but it’s just-in-time provisioning. There are two network admin approvers that need access to a core router or similar, and they have Tailscale SSH from their laptops directly into that core system.”
The CISO gave four specific examples of how Tailscale provided more control and visibility for their software organization:
Domain name system (DNS) management. “One of the other big areas of value with Tailscale was DNS management, specifically being able to control the DNS servers that are on our laptops. The good news is that we get better insights into potential bad domains that are command and control from a malware standpoint.”
Visibility during investigations through logs. “We had a phishing attack against our employees that happened a year and a half ago. [Tailscale] gave us a little bit more visibility. It made it easier for us to check in our identity management system for any weird logins. We were able to narrow down, identify, and cut access in the 45-minute investigation period.”
Device posture checks. “We can write Tailscale access control rules. You can say ‘install’ only if the user’s device is up-to-date and has all malware protections enabled. It is a good way to understand that a user has lost access because they are ignoring an update notification.”
Not bypassing network rules. “Because Tailscale worked, we were able to remove prior clunky bypass rules. This comes to mind in terms of places where the attack surfaces directly changed.”
The VP of software at a logistics organization estimated a 70% risk reduction using Tailscale relative to systems deployed without network-level isolation. They elaborated on three areas of impact:
End-to-end encryption without public exposure. “We’re able to talk about Zero Trust networking with our customers, as we’re able to completely remove services from the public internet that might previously have been exposed to it through different authentication strategies. The traffic is always guaranteed to be end-to-end encrypted.”
Reduced attack surface. “It has reduced the surface area for any attack which might happen within the organization. The compromise of an individual device no longer has access to all of our devices and their ability to request just-in-time access can be revoked.”
Offboarding employees. “Generally, it’s a lot easier to offboard individuals because we can just close the account and not have to worry about deprovisioning individual keys ourselves.”
Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:
The total annual risk exposure of security breaches totals $2,062,000 per year.5
These breaches may originate from external attacks targeting the organization; external attacks targeting remote environments; internal incidents; or attacks or incidents involving the external ecosystem.6
Tailscale can address 30% of these attacks (e.g., traffic interception, exposed services, unauthorized access via strong ACLs, unauthorized VPN access from stolen VPN secrets, insider/lateral movement attacks), equating to $618,600 in annual risk exposure.
Tailscale reduces the risk of exposure to breach costs from addressable attacks by 70%.
Risks. This benefit may vary among organizations depending on:
The size and industry of an organization, which can impact the likelihood and associated costs of security breaches.
An organization’s legacy security capabilities and its level of Tailscale coverage and adoption.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $861,000.
“Security has been a key driver for us. Having a service in place that is particularly focused on authentication and Zero Trust has been a significant benefit in terms of reducing the surface area and impact any compromise would have.”
VP of software, logistics
70%
Reduced risk of exposure to breach costs from addressable attacks
Strengthened Security
Ref.
Metric
Source
Year 1
Year 2
Year 3
D1
Total annual risk exposure to security breaches
Forrester research
$2,062,000
$2,062,000
$2,062,000
D2
Percentage of breaches originating from external attacks targeting organizations, external attacks targeting remote environments, internal incidents, or attacks or incidents involving the external ecosystem
Forrester research
100%
100%
100%
D3
Percentage of those attacks addressable with Tailscale
Interviews
30%
30%
30%
D4
Annual risk exposure addressable with Tailscale
D1*D2*D3
$618,600
$618,600
$618,600
D5
Reduced risk of exposure to breach costs from addressable attacks with Tailscale
Interviews
70%
70%
70%
Dt
Strengthened security
D4*D5
$433,020
$433,020
$433,020
Risk adjustment
↓20%
Dtr
Strengthened security (risk-adjusted)
$346,416
$346,416
$346,416
Three-year total: $1,039,248
Three-year present value: $861,485
Operational Outage Risk Reduction
Evidence and data. One interviewee explained how their application infrastructure built with Tailscale automatically rotated secrets (a task previously required of development teams), which reduced operational outage risks. They estimated the likelihood of an operational outage to be less than 1%; however, Tailscale reduced the overall impact of such an incident by 80%.
The technology fellow at a retail organization said: “Tailscale reduces the probability that you have a secret slated outage. It reduces the risk of an operational outage due to a bad secret rotation. We have hundreds of thousands of certificates and secrets in the environment. Every time you have to rotate one, there’s a potential for an incident or an outage. We’re trying to reduce this as much as possible. Public certificate lifetimes are getting reduced to 47 days in a couple of years, and that would obviously be problematic if you don’t have good automation in place. The more applications we can get onto the platform [with Tailscale], the fewer things we have to maintain and touch.”
Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:
The composite has $1 billion in annual revenue and an operating margin of 12%.
A 1-hour operational outage costs $114,155. This model assumes an operational outage lasts two days, which would cost $5,479,452.
The likelihood of an incident causing an operational outage is 1%.
Tailscale reduces the risk of an incident by 80%.
Risks. This benefit may vary among organizations depending on:
An organization’s annual revenue and operating margin.
Whether or not an organization is using Tailscale to rotate secrets for authentication automatically.
The length of an operational outage due to an incident.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $12,000.
80%
Reduction in operational outage risk
Operational Outage Risk Reduction
Ref.
Metric
Source
Year 1
Year 2
Year 3
E1
Revenue
Composite
$1,000,000,000
$1,000,000,000
$1,000,000,000
E2
Cost of a 1-hour operational outage
E1/(365*24)
$114,155
$114,155
$114,155
E3
Cost of operational outage
E2*48
$5,479,452
$5,479,452
$5,479,452
E4
Likelihood of incident that causes an operational outage
Interviews
1%
1%
1%
E5
Risk reduction with Tailscale
Interviews
80%
80%
80%
E6
Operating margin
Composite
12%
12%
12%
Et
Operational outage risk reduction
E3*E4*E5*E6
$5,260
$5,260
$5,260
Risk adjustment
↓10%
Etr
Operational outage risk reduction (risk-adjusted)
$4,734
$4,734
$4,734
Three-year total: $14,202
Three-year present value: $11,773
Unquantified Benefits
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Supports business compliance processes. Interviewees explained how Tailscale supported their organizations’ compliance reviews by centralizing user access and permissions from a networking perspective. This improved transparency and communication with auditors. The VP of software at a logistics organization said: “It’s been quite easy for us to use the technology to reduce the amount of information that we have to look at during the process of things like external penetration testing; vulnerability testing; or SOC 2, SOC 1, or ISO 27001 in terms of how business processes work for us. This is a net benefit.” The CISO at a software organization said: “We do payment card industry and SOC 2 [compliance] for our businesses and change management of access controls. This includes remote server access for engineers which is tied directly to Tailscale. The fact that changes have to go through this change management approval process in GitHub has provided transparency and automation. That’s been a big one for us. Through our identity management, we know which engineers have access at any given time. Before, it required a lot of pulling screenshots from our tech console and it was a lot less transparent for the auditors.”
Improves trust and collaboration between IT ops and developers. Interviewees explained that Tailscale made the access levels for certain managed resources more transparent to engineers, reducing friction with IT. The CISO at a software organization said: “One of the benefits we have is transparency around infrastructure as code and automation. It has increased trust between the IT operations teams and developers in terms of access permissions and changes. Previously, this had not been transparent, and trust had been broken in some cases.”
Offers a strong vendor partnership. Interviewees emphasized the strength of Tailscale’s technical and relationship management teams as their organizations’ use cases continued to evolve in complexity. The technology fellow at a retail organization said: “It’s a solid technical implementation. We really put it through its paces and ticked all the boxes we needed from a technical perspective. Tailscale was willing to help us build and they have been very good partners to work with from an engineering and an account relationship perspective. It’s important for us to have good partners.”
Supports end customers’ security requirements. Forrester research states, “Zero Trust enables a positive customer experience and employee experience by ensuring access to needed systems and data with little or no friction.” One interviewee emphasized the critical role Zero Trust played when configuring Tailscale onto their customer devices for remote access. The VP of software at a logistics organization said: “There’s a lot of pressure to ensure that there is secure posture in place for any devices, particularly if installed into customer networks. It is quite important for the IT teams at our bigger customers for us to talk about Zero Trust, and how there is no unauthenticated remote access possible, and that all the data coming out of the device is audited as well. When we’re talking to a large multinational organization with strict IT requirements, it helps make those conversations a bit easier.”
“We’re continuing to integrate Tailscale more deeply into the infrastructure and use new features that are available.”
VP of software, logistics
Flexibility
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Tailscale and later realize additional uses and business opportunities, including:
Continuing to expand use cases. Interviewees shared anticipation for expanding Tailscale use across their networking environments. The CISO at a software organization said: “We don’t currently use anything with our Kubernetes environment with Tailscale. This is a big thing we talked about during our renewal, as you can now use their tools to remote access into containers. I would love to do more of this. It’s something that’s on our roadmap.” The director of IT at a software organization said: “Right now, we are looking at putting all of our SaaS tools behind Tailscale using their new app connector approach. We’re about to start some proof of concepts on that. This is because we want to make better use of their posture checking.”
“Lately, [adoption grows] because our engineers ask for capabilities.”
Infosec architect, software
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
Analysis Of Costs
Quantified cost data as applied to the composite
Total Costs
Ref.
Cost
Initial
Year 1
Year 2
Year 3
Total
Present Value
Ftr
Tailscale fees
$0
$378,000
$378,000
$378,000
$1,134,000
$940,030
Gtr
Implementation
$13,266
$0
$0
$0
$13,266
$13,266
Htr
Ongoing management
$0
$8,844
$8,844
$8,844
$26,532
$21,994
Total costs (risk-adjusted)
$13,266
$386,844
$386,844
$386,844
$1,173,798
$975,290
Tailscale Fees
Evidence and data. Interviewees said their organizations pay fees to Tailscale based on the number of users. Pricing is customized based on the needs of their business and the solution package. Contact Tailscale for more details.
Modeling and assumptions.For the financial analysis as applied to the composite organization, Forrester assumes:
There are 3,000 Tailscale users.
The per user per month fee is $10.
Risks. This cost may vary among organizations depending on:
The number of users.
The type of paid plan (Standard, Premium, or Custom).
Whether an organization purchases add-ons.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $940,000.
Tailscale Fees
Ref.
Metric
Source
Initial
Year 1
Year 2
Year 3
F1
Tailscale fees
Tailscale
$360,000
$360,000
$360,000
Ft
Tailscale fees
E1
$0
$360,000
$360,000
$360,000
Risk adjustment
↑5%
Ftr
Tailscale fees (risk-adjusted)
$0
$378,000
$378,000
$378,000
Three-year total: $1,134,000
Three-year present value: $940,030
Implementation
Evidence and data. Interviewees explained that implementation required internal resources across IT, engineering, and security. Tasks included configuring identity integrations, setting up infrastructure as code, configuring SSH session recordings, and strategizing on overall networking design. Implementation periods varied substantially depending on each use case.
The technology fellow at a retail organization said: “As it pertains to education and upskilling, we spent time ensuring the platform engineers understood the nuances of Tailscale and WireGuard, which includes tunneling and NAT traversal. We had regular sessions with the Tailscale team and with the team that was going to support the Tailscale component of the platform from an operational perspective. The development effort answered the question, ‘How do you use Tailscale policy and grants such that a workload has permission to communicate with another workload, and then how do we bring that capability to the mesh?’”
The CISO at a software organization said: “We had one infrastructure engineer pretty much full time throughout the deployment from October to March. [They were] doing Tailscale SSH, and we had a part-time IT person for identity integration and rollout through our mobile device management. We wanted to make sure that we could push it to employees’ laptops and they wouldn’t fiddle with the settings. We had a security engineer do the infrastructure as code and set up session recording for SSH to have it for internal incident investigation purposes. We deployed Tailscale to Amazon EC2 instances using subnet routers to give employees access.”
The VP of software at a logistics organization said: “We didn’t really require any effort from Tailscale itself. We used some engineering effort on our team to research how to install and configure Tailscale properly within a containerized environment and on remotely deployed devices. Most of our efforts were spent figuring out how Tailscale would fit into a bigger picture of devices that we didn’t otherwise have direct access to. What fallbacks could be put in place if for some reason they weren’t able to connect? This was disaster recovery design to make sure that if anything failed, we would still have a method of access in place. There was about half an engineer’s time over a year of design effort involved there.”
The director of IT at a software organization said: “It’s pretty simple. We maintain a number of exit nodes that are geographically dispersed. We enable everyone in Tailscale via our identity management solution.”
Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:
Implementation lasts 180 hours and involves a combination of technical resources.
The blended fully burdened hourly rate for a technical resource is $67.
Risks. This cost may vary among organizations depending on:
The use cases for which an organization deploys Tailscale.
The skill sets of technical resources.
Salaries for technical resources.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $13,000.
“The infrastructure engineer says the best part of Tailscale is that it is almost completely transparent to the users. We haven’t had a significant user training at all. You can go your entire time here without ever even knowing it runs in the background [because] things just work.”
CISO, software
Implementation
Ref.
Metric
Source
Initial
Year 1
Year 2
Year 3
G1
Implementation time (hours)
Interviews
180
G2
Blended fully burdened hourly rate for a technical resource
Composite
$67
Gt
Implementation
G1*G2
$12,060
$0
$0
$0
Risk adjustment
↑10%
Gtr
Implementation (risk-adjusted)
$13,266
$0
$0
$0
Three-year total: $13,266
Three-year present value: $13,266
Ongoing Management
Evidence and data. Interviewees explained that once they had configured Tailscale across their organizations, there was little involvement from IT, engineering, and security. Tasks included troubleshooting end-user devices and adjusting user access. Some organizations continued to release new projects that incorporated Tailscale as a networking component, enabling technical teams to spend more of their time on ongoing configuration and development.
The CISO at a software organization said: “One security engineer, one IT team member, and one infrastructure engineer are the predominant people who are [maintaining] Tailscale. It went from being most of their time for six months to maybe an hour or so every other week. It’s a very, very small investment of time. Usually, one user has a weird issue, and the frontline IT team will address it. IT is able to troubleshoot without any kind of advanced knowledge of Tailscale.”
The VP of software at a logistics organization said: “We often roll out new projects here with Tailscale as a component. We have an off-the-shelf internal template that we use for adding Tailscale support to internal tools that are built. Most of the development work is already complete on that. I’d estimate we probably are doing one Tailscale-related project every three to six months, which might involve half an FTE for the scope of the project.”
The director of IT at a software organization said, “Because we went with GitHub on our ACL, we’ll see a change in there maybe once a month.”
The technology fellow at a retail organization said: “There’s six or so team members of developers, systems engineers, and platform infrastructure folks responsible for managing Tailscale. Tailscale would need support if a policy file was messed up or the API calls weren’t working. But, in general, most of our interaction with Tailscale is done through the API.”
Modeling and assumptions.For the financial analysis as applied to the composite organization, Forrester assumes that ongoing management of Tailscale includes a combination of technical resources who collectively spend 120 hours annually.
Risks. This cost may vary among organizations depending on:
Whether or not an organization configures additional uses of Tailscale after initial deployment.
The scale of end-user requests or troubleshooting needs.
Salaries for technical resources.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $22,000.
Ongoing Management
Ref.
Metric
Source
Initial
Year 1
Year 2
Year 3
H1
Ongoing management time (hours)
Interviews
120
120
120
H2
Blended fully burdened hourly rate for a technical resource
Composite
$67
$67
$67
Ht
Ongoing management
H1*H2
$0
$8,040
$8,040
$8,040
Risk adjustment
↑10%
Htr
Ongoing management (risk-adjusted)
$0
$8,844
$8,844
$8,844
Three-year total: $26,532
Three-year present value: $21,994
Financial Summary
Consolidated Three-Year, Risk-Adjusted Metrics
Cash Flow Chart (Risk-Adjusted)
[CHART DIV CONTAINER]
Total costsTotal benefitsCumulative net benefitsInitialYear 1Year 2Year 3
Cash Flow Analysis (Risk-Adjusted)
Initial
Year 1
Year 2
Year 3
Total
Present Value
Total costs
($13,266)
($386,844)
($386,844)
($386,844)
($1,173,798)
($975,290)
Total benefits
$0
$1,227,054
$1,227,054
$1,227,054
$3,681,161
$3,051,500
Net benefits
($13,266)
$840,210
$840,210
$840,210
$2,507,363
$2,076,210
ROI
213%
Payback
<6 months
Please Note
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Tailscale.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Tailscale can have on an organization.
Due Diligence
Interviewed Tailscale stakeholders and Forrester analysts to gather data relative to Tailscale.
Interviews
Interviewed five decision-makers at organizations using Tailscale to obtain data about costs, benefits, and risks.
Composite Organization
Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Total Economic Impact Approach
Benefits
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
Financial Terminology
Present value (PV)
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PVs of costs and benefits feed into the total NPV of cash flows.
Net present value (NPV)
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
Return on investment (ROI)
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
Discount rate
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
Payback
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Appendix A
Total Economic Impact
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
5 Cumulative breach costs are computed using the composite organization’s size (revenue or number of employees) as an input to a regression analysis of reported total cumulative costs for all breaches for organizations that experienced at least one breach in the past 12 months. Source: Forrester’s Security Survey, 2025, “Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?” Base: 1,740 global security decision-makers who have experienced a breach in the past 12 months. The cumulative breach cost is then multiplied by a 67% likelihood for organizations to experience one or more breaches in a given year. Source: Forrester’s Security Survey, 2025, “How many times do you estimate that your organization’s sensitive data was potentially compromised or breached in the past 12 months?” Base: 2,643 global security decision-makers.
6 Percentage of breaches by primary attack vector for breaches, as reported by security decision-makers whose organizations experienced at least one breach in the past 12 months. Source: Forrester’s Security Survey, 2025, “Of the times that your organization’s sensitive data was potentially compromised or breached in the past 12 months, please indicate how many of each fall into the categories below.” Base: 1,766 global security decision-makers who have experienced a breach in the past 12 months.
[CONTENT]
Disclosures
Readers should be aware of the following:
This study is commissioned by Tailscale and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Tailscale.
Tailscale reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Tailscale provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Sarah Lervold
Published
March 2026
The Total Economic Impact™ Of Tailscale
This study is commissioned by Tailscale and delivered by Forrester Consulting.
PDF