Estee Lauder to revamp security measures

Cosmetics company Estee Lauder is relying in part on NAC technology to meet regulations imposed on it by the paymentcard industry (PCI) and the Sarbanes-Oxley law.

Specifically, the $7 billion firm with more than 25,000 employees worldwide is using the security technology to meet PCI requirements to regularly update antivirus software and to develop and maintain secure systems and applications.

The company also faces Sarbanes-Oxley requirements that call for verification of policies, access-control assessment, audit capabilities and mitigation of shortcomings based on risk profiles, says Les Correia, senior manager of global enterprise security for the company.

In addition, Estee Lauder is in the midst of an internal initiative to increase the security posture of the Estee Lauder network as a whole. The company has more than a dozen network hubs worldwide that includes divisions acquired from other companies.

These hubs had been allowed to run their networks as they saw fit, but now corporate security standards are being imposed, and NAC is playing its role, Correia says.

"We've got a whole bunch of consultants coming in and out and retail stores, people in the field," he says. "We wanted to better manage our security posture."