Summary: StackUnited uses NordLayer to secure its remote team, automate IP management, and collect audit evidence for PCI DSS, GDPR, and CCPA regulations, while saving 8 hours monthly.
StackUnited is a holding company that helps brands grow by designing digital products, managing social media, and handling marketing. Its expertise extends to handling content storage, video streaming, and data distribution.
As a 100% remote organization, StackUnited has a distributed team of 35–40 across the US, Ukraine, Serbia, and Spain. With many team members working as digital nomads, the company needed a robust way to secure access to sensitive data without the burden of building a tech and compliance stack from scratch.
We sat down with Spencer Lewis, StackUnited’s Chief Operating Officer, to talk about how NordLayer helps secure remote access to the company’s sensitive data and supports compliance efforts for GDPR, PCI DSS, and CCPA.
The challenge: Moving beyond manual “hygiene” and IP management
Before adopting NordLayer, the company relied on manual IP management and “good hygiene” practices to keep its systems safe. This required team members to access the company resources by hitting a bastion host and SSHing individually.
As the team grew, the manual approach created a massive IP management burden. Because the team is 100% remote, employees’ internet providers changed their home IP addresses frequently—often weekly. Without a central gateway, Spencer Lewis had to manually update the allowlist every single time an IP address changed to restore access.
This was a major drain on productivity, often causing operational bottlenecks where team members couldn’t work until the manual update was complete.
“We just needed to make sure that we weren’t one misconfigured key or stolen laptop away from a security issue or a really bad Monday. With a fully remote team across multiple countries, we couldn’t afford that kind of single point of failure.”
StackUnited also had to deal with a complex set of compliance requirements under PCI DSS, GDPR, and CCPA. The company needed a solution that offered enterprise-grade security without the technical hurdles of building a stack from scratch. They found the answer in NordLayer.
How NordLayer helped StackUnited
StackUnited discovered NordLayer during a security review while researching managed detection and response (MDR) vendors. They realized they had a security gap and lacked a reliable network access solution. NordLayer was the obvious choice because of its transparent feature set and strong brand reputation, integrating seamlessly with the company’s existing tools without the need for a costly network rearchitecture.
“The NordLayer brand carries a lot of weight, and most of our team was already familiar with NordVPN, the consumer version. So, it was an easy decision, and we didn’t have to do a lot of back and forth.”
Following a quick setup, StackUnited now uses a fleet of servers across multiple hosting environments and dedicated IPs across many regions, ensuring secure and reliable network access for its remote team.
Benefit 1: 5–8 hours saved monthly with simplified access management
Getting rid of manual IP allowlisting was a major win for the company’s daily operations. Lewis estimates that the manual process wasted 10–15 minutes a day, but when combined with the complexities of onboarding new hires, it was even more time-consuming.
By using NordLayer’s business VPN with a dedicated IP, StackUnited eliminated the cycle of manual IP updates. This reclaimed hours that were previously lost to troubleshooting and time-consuming configurations. Lewis notes that NordLayer saves the team 5–8 hours per month on IP management.
“NordLayer is a real time- and efficiency saver. After setting up dedicated IPs, the system became very frictionless for about 95% of the team.”

Managing dedicated servers in NordLayer’s Control Panel
Benefit 2: Simplified PCI DSS, GDPR, and CCPA compliance
Operating in various creator spaces requires following strict regulations like PCI DSS, GDPR, and CCPA. Before NordLayer, demonstrating network access controls to payment processors and auditors was a manual and time-consuming task.
With centralized access management, connection visibility, and logs, NordLayer supports audit evidence for PCI DSS and GDPR regulations.
“With NordLayer, we have an easy-to-understand diagram, a policy, logs, and a vendor that can answer questions for us.”
Benefit 3: Centralized access and enterprise-grade security
NordLayer made it easier for StackUnited to centralize access to its entire infrastructure. Instead of managing dozens of individual touchpoints, the team now has one place to manage access during onboarding and offboarding.
“Now, we don’t have to think about which areas we need to add or remove teammates from. We can simply do that in one place: NordLayer.”

Managing members in NordLayer’s Control Panel
This centralized access allows the team to maintain an enterprise-grade security:
"NordLayer gives us the security posture of a much bigger company without us having to become one.”
NordLayer also allows teams to work remotely safely from any location. The VPN ensures that, even when team members are traveling or working from public spaces, their connection to sensitive data remains encrypted and secure.
“With NordLayer, I can do more sensitive work, even on public Wi-Fi. So, for example, if I go to a coffee shop, I know I should use the VPN to secure my activity.”
Benefit 4: Proactive threat mitigation and device integrity
For a 100% remote team, the risk of accidental clicks on suspicious links is a constant concern. StackUnited uses NordLayer’s web protection to automatically block malicious sites, phishing attempts, ads, and trackers.
This proactive approach ensures that even if a team member clicks a risky link while working from a café, NordLayer instantly neutralizes the threat, preventing potential malware infections.

A view of the device posture security feature in NordLayer’s Control Panel
In StackUnited’s digital nomad environment, safeguarding devices that access company data is non-negotiable. Device posture security checks and evaluates every device against the predefined security rules—alerting about unpatched or non-compliant hardware before a connection is allowed. By automating these checks, StackUnited maintains a sophisticated security posture that traditionally would require a much larger IT department to manage.
Benefit 5: Seamless user adoption
The rollout was exceptionally smooth, with full deployment reaching completion in under two weeks. Despite the mix of Mac and Windows users, the team easily adapted to NordLayer.
Lewis notes that while some were concerned about VPN performance, the impact was negligible.
“VPNs slow people down, but only slightly. Still, it’s worth the tiny slowdown for the added security.”
Results: NordLayer as an insurance plan against cyberattacks
After 4 years of use, Lewis said that NordLayer has become “a savior in time and efficiency.” Apart from saving an hour and a half weekly, its primary value is the protection against security incidents, ensuring that StackUnited’s high-transaction platform remains secured against a single point of failure.
“NordLayer is kind of like an insurance plan for our infrastructure. It’s a way to preemptively mitigate the risk of a catastrophic security incident.”
Why NordLayer works for StackUnited
NordLayer allows StackUnited to centralize access to its infrastructure in one place. It gives the team of digital nomads secure remote access while supporting the access controls and visibility needed for compliance audits.
Virtual private gateways with a dedicated IP eliminate manual IP allowlisting and prevent lockouts.
Single sign-on (SSO) integration saves time and simplifies the login process.
Multi-system support for teams working across Mac and Windows or other operating systems.
Web protection proactively shields the team from threats by blocking malicious domains, phishing sites, and malware at the gateway level.
Device posture security ensures that every device that connects to the network complies with the company’s security rules.
Pro cybersecurity tips from StackUnited
Always use a VPN on public networks. “If you’re going to Starbucks or working at the airport before a flight, make sure you’re using a VPN. It’s worth the tiny slowdown for the additional security.”
Operate like a high-value target. “The sooner that companies can act as if they are a target for a security incident, the better.”
Centralize onboarding and offboarding. “Use a single system to grant and revoke access to prevent leaving ‘stale’ IP addresses open to attack.”
Conclusion
By centralizing access management and streamlining compliance, NordLayer has successfully elevated StackUnited’s security to an enterprise level. This transformation allows the company to protect its users while reclaiming hours of manual work for its remote team each week.
Ready to elevate your remote security and simplify compliance like StackUnited? Contact NordLayer today for a tailored solution.

Joanna Krysińska
Senior Copywriter
Joanna's family has a history in math and engineering, and she has dedicated her life to simplifying complicated technical ideas. She helps people understand how hackers think and how to stay ahead of them by concentrating on the human side of cybersecurity.