International Cosmetics Company Gains Visibility, Reduces Risk and Ensures Compliance with SOX
Natura Cosméticos is the largest cosmetics manufacturer and distributor in Latin America, with more than 1.5 million independent consultants and 100 million customers. Founded in 1969, the company is based in Brazil, where almost two-thirds of households buy its products. At $7.5 billion in revenues, Natura is a Forbes Global 2000 company and ranked #75 on the magazine’s most innovative companies list in 2014.
Natura has offices throughout Brazil and operations throughout Latin America and France supported by two data centers, 33 firewalls, 18 clusters and 250 switches and routers. For years, a third party managed the company’s firewall rule changes, making visibility and management challenging.
“If a change was made over the weekend, it would be difficult for us to find out what rules were changed, for what reason, who created them or why,” says Newton Rossetto, Chief Security Officer, Natura Cosméticos.
“We’d find some firewall rules in the wrong places and unused rules,” adds Rossetto, but changing them was no simple matter. “Users had to create a worksheet with their requirements for our environment and then they would be implemented by a third party. After the rule was created, we then needed to check that it was right.” Natura needed a streamlined system for making and tracking security changes that gave IT better visibility across the company’s complex security environment.
Natura recognized that it had a “really confusing change management process,” Rossetto states. The company chose the AlgoSec Security Management Solution to manage and streamline the process.
After a “simple and quick deployment,” according to Rossetto, AlgoSec enabled Natura to quickly “consolidate security policy management for our environment.” AlgoSec provides detailed online reports for each step of the change workflow and enables Rossetto’s team to manage security policy changes for multiple security devices on one common platform.
“Now I can see all of the reports I need at any time. I can also see which rules were created and what objects are no longer needed,” says Rossetto. This visibility has allowed Natura to take a proactive role in security policy management which had been impossible when changes were previously outsourced to a third party. For a company growing at 14 percent each year, particularly one that does the majority of its sales and workforce management online, having complete visibility into the security rule-change process brings real peace of mind.
For the Natura team, AlgoSec’s preset workflows for implementing and removing rules, changing objects and verifying rules, combined with its flexibility to accommodate the company’s specific needs, held great appeal. In addition, users liked the pre-populated request templates that saved them time compared to the old worksheets, as well as simplified communication with the security team.
“With AlgoSec, the change management process is all automatic. We can approve the changes and know we will have the right rules with the right objects,” says Rossetto.
AlgoSec also helped Natura’s security team reduce risks associated with Sarbanes-Oxley (SOX) requirements. AlgoSec evaluates every proposed change against regulatory standards, such as SOX, as well as industry best practices and corporate-specific policies. Any change found to be out of compliance is flagged before it can be implemented.
In terms of customer service, as well as implementation, Rossetto states that working with AlgoSec has “been a very good experience. We have been very well supported from negotiation through successful deployment. We are very satisfied.”