Estee Lauder revamps security in face of regulation
Cosmetics company Estee Lauder is relying in part on NAC technology to meet regulations imposed on it by the payment card industry (PCI) and the Sarbanes-Oxley law.
Specifically, the US$7 billion firm with more than 25,000 employees worldwide is using the security technology to meet PCI requirements to regularly update antivirus software and to develop and maintain secure systems and applications.
The company also faces Sarbanes-Oxley requirements that call for verification of policies, access-control assessment, audit capabilities and mitigation of shortcomings based on risk profiles, says Les Correia, senior manager of global enterprise security for the company.
In addition, Estee Lauder is in the midst of an internal initiative to increase the security posture of the Estee Lauder network as a whole. The company has more than a dozen network hubs worldwide that includes divisions acquired from other companies. These hubs had been allowed to run their networks as they saw fit, but now corporate security standards are being imposed, and NAC is playing its role, Correia says.
"We've got a whole bunch of consultants coming in and out and retail stores, people in the field," he says. "We wanted to better manage our security posture."
That concern led the company to buy StillSecure Safe Access NAC gear in 2006. Last year the company reevaluated Safe Access against Cisco and Bradford NAC gear as it launched its global security upgrade. Ultimately, it decided to stick with Still Secure without testing equipment from the other two vendors, Correia says. (Compare NAC products.)
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
PCI compliance
Powered by TwitterOn Twitter now
PCI compliance
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Good Point
Security is very big concern in IT generation. Everybody want to safe access and prevent to online fraud.SSL Certificates | VeriSign SSL Certificates | GeoTrust SSL | PSD to HTML | Thawte SSL
It would be great if somebody can verify this information.
It would be great if somebody can verify this information.