Latacora and Tailscale: A conversation on compliance

In a detailed conversation, Tailscale's Avery Pennarun and Dave Anderson discuss their partnership with security firm Latacora, highlighting their journey towards SOC 2 compliance and the broader challenges of maintaining a robust security posture. The discourse delves into Tailscale's proactive approach to security, which includes acknowledging their blind spots and striving for the highest security standards to avoid being the weakest link in their customers' security chains. Latacora, co-founded by Laurens Van Houtven, offers insights into their unique business model that caters specifically to startups, emphasizing the need for a dedicated security program rather than just external audits. Through anecdotes, they illustrate common pitfalls in startup security, such as underestimating long-term security needs and the importance of internalizing security practices. The dialogue also explores Tailscale's philosophy on security architecture reviews, the necessity of expert networks for complex security issues, and the evolving nature of their engagement with Latacora, which has transitioned from short-term to long-term support. The conversation concludes with reflections on the role of SOC 2 compliance in improving security practices, underscoring the importance of treating it as an opportunity for genuine enhancement rather than a mere checkbox exercise.