
Product / Case Studies /
Estée Lauder
How Estée Lauder Shifted FinOps Left into Github and AI coding tools

The Estée Lauder Companies is one of the world's leading prestige beauty companies, home to a portfolio of iconic brands built on a legacy that started as a family business. Estée Lauder herself grew the company from her uncle's early chemistry work into a global operation, and the company remained family-run for decades. Like many long-established companies, Estée Lauder has grown through a long series of mergers and acquisitions, each bringing its own infrastructure and technical debt into the fold.
The company's cloud journey started in 1997 with Clinique.com running out of physical data centers, ahead of its time for a beauty company. A 2015 pivot to the cloud and the COVID-driven shift to online sales in 2020 forced a rapid scale-up of engineering capacity, and today the company is moving off its remaining data centers entirely toward a fully cloud-agnostic environment.
Lex Towne, Director of Engineering at The Estée Lauder Companies, leads cloud security, platform engineering, and FinOps. She came into the role from an individual contributor background, with a practitioner's focus on building automation and governance directly into engineering workflows.
Key results
Challenges
We set this up, and then I went on maternity leave. Nothing changed in the configurations, but half of our cost avoidance, which is already in the millions, happened while I wasn't there. That told us it wasn't dependent on one person, it was built into how our engineers actually work.

Lex Towne
Director of Engineering
FinOps at Estée Lauder used to live in accounting. The team received a bill at the end of the month, paid it, and tried to tag things after the fact. As the cloud footprint grew, this created an accountability gap: spend wasn't tied back to specific projects or teams, and nobody had visibility into a change until it was already live and costing money.
The scale made the problem worse. Estée Lauder's engineers make around 3,500 infrastructure changes a year, roughly 13 per working day, all managed through Terraform across a global, multi-cloud environment, with only one FinOps person supporting the entire org.
Years of mergers and acquisitions compounded the issue further. Every acquired team arrived with its own tagging conventions, and that drift showed up directly in the bill: an audit of one cloud found 21% of spend was untagged, much of it sitting idle and simply forgotten.
The team needed to move FinOps out of accounting and into engineering, so cost decisions could be tied to the teams generating them, and so cost visibility could happen before code shipped rather than after the invoice arrived.
Solution
Estée Lauder implemented Infracost's context engine, combining a live cloud pricing service across AWS, Azure, and Google Cloud (10 million price points), a policy engine built on well-architected best practices plus Estée Lauder's own custom rules, tagging standards, and budget data.
That context engine connects directly into the engineering workflow instead of a separate dashboard. In the IDE, whether an engineer is working in VS Code, GitHub Copilot, or an AI coding assistant like Claude, Infracost surfaces cost and policy issues as code is written or generated. When a pull request opens, Infracost checks the diff against production, flags any cost or policy issues as a GitHub comment, and lets engineers fix it, or dismiss and snooze it, right there.
Estée Lauder rolled out soft controls before hard ones, giving engineers room to adjust before anything could block a deploy. As trust grew, low-risk changes like migrating storage from GP2 to GP3 could be pushed automatically at scale using Infracost's agent skill, the same approach Lex used to generate around 500 pull requests in a single week to clean up years of inherited tagging drift.
Infracost impact
The clearest sign of impact wasn't a dashboard number, it was what happened when nobody was managing the program. Lex went on maternity leave for six months after getting Infracost live, and the policies, guardrails, and tagging rules went untouched the entire time. Engineers kept shipping changes as usual, and roughly half of Estée Lauder's cumulative cost avoidance happened during those six months, proof the program had become part of how engineers already worked rather than something that needed active upkeep.
That impact isn't only measured in dollars. In one case, a governance policy flagged a storage lifecycle issue, and an engineer resolved it within minutes on their own, no ticket, no cross-team coordination, no waiting on the cloud security or platform team to weigh in. That's the other half of shifting left for Lex: engineers resolving governance and compliance issues themselves, at the speed the fix actually needs, instead of queuing behind a specialist team.
Results
Rolling out Infracost gave Estée Lauder a self-service model for cloud cost, tagging, and governance that scales with roughly 400 engineers and a single FinOps person. Cumulative cost avoidance is already in the millions of dollars and continues to grow month over month, driven by examples like a $7,500 annual saving delivered in a six-minute pull request fix and the discovery that 21% of spend on one cloud was untagged and largely eligible to be turned off.
Just as important, the shift proved durable rather than dependent on oversight. About half of that cost avoidance accrued during a six-month stretch when the program's policies went untouched, and engineers now routinely resolve governance and tagging issues on their own, including a single week that produced around 500 pull requests to close years of inherited tagging drift, without looping in cloud security or platform teams.

