Overview
At this level, administrators formalize how devices connect to Scout’s VPN and how access is maintained over time. The focus is on control and accountability ensuring every peer configuration file represents a specific, authorized device and that internal segmentation protects against lateral movement.
This maturity level introduces structure to your connectivity model without requiring centralized credential systems.
Access Management
Scout’s VPN access is powered by WireGuard configuration files, each containing a public and private key pair unique to a single device. Administrators control access by deciding:
- Which users or devices should receive configuration files
- How configurations are securely distributed (for example, through Vault or encrypted channels)
- When and how existing configurations should be rotated or revoked
If a device is lost or retired, its configuration file should be removed from the router’s peer list to immediately revoke access.
Although Scout does not yet include portal-based management, the Devices section of the dashboard helps track active peers for visibility and consistency.
Isolation and Segmentation
Scout’s VPN architecture automatically enforces per-tenant isolation. Each tenant operates within a dedicated subnet, preventing data crossover between organizations. Within a single tenant, administrators can increase control by:
- Assigning meaningful device names for peer identification
- Using descriptive subnets for routers serving different locations
- Monitoring communication patterns through Sentry or DNS analytics to detect unusual internal activity
These steps reduce the risk of unintended exposure or internal spread of compromise.
Policy Enforcement
Administrators at this stage should document internal VPN and access control expectations, such as:
- Who is allowed to connect to the network remotely
- How configuration files are issued, stored, and revoked
- How often peers should rotate keys to maintain integrity
- Incident response steps if a configuration file is leaked or misused
Policies like these build consistency and set expectations across users and sites, forming the basis for measurable governance.
Verification and Auditing
Although Scout does not yet expose VPN event logs directly, you can verify activity through:
- The Dashboard → Devices list (shows active peers)
- Timestamps on configuration issuance or rotation events
- Audit Log entries for device updates or deletions
These indicators allow you to demonstrate reasonable access oversight and control within your environment.
Maturity Progress
By adopting structured access procedures, maintaining accurate device mappings, and defining policy for VPN use, your organization reaches Level 3 — Control 🟠. This establishes governance over network access and prepares you for Level 4 — Optimization 🔵, where automation and deeper analytics begin to enhance your decision-making.