EN

Securing New Mexico’s Energy Future

A man in an orange vest and hard hat inputting information into his IPad at a construction site.
Public Service Company of New Mexico (PNM) was originally founded in 1917 as the Albuquerque Gas and Electric Company, but its roots can be traced to 1882 when electric and gas operations began in Albuquerque, New Mexico.

Overview

With deep roots in New Mexico, PNM is proud to serve their community with safe, reliable power for the last 100 years. As the industry grows and changes, PNM continues to look forward to new possibilities to better serve their customers including building new solar centers, and harnessing wind power to produce clean, green energy to power communities for another 100 years.

PNM looked to reevaluate its physical security and electronic access compliance approach, which was decentralized, manual, and needed to be more efficient. PNM selected Alert Enterprise’s next-generation physical identity and access management software to ensure security and compliance, mitigate risk, and simplify operations.

Originally founded in 1917 as the Albuquerque Gas and Electric Company, PNM is New Mexico’s largest electricity provider serving more than 500,000 New Mexico residential and business customers.

Objectives

  • Provide single unified interface to centrally request
  • Manage access requests for both logical and CIP System
  • Converge employee access across all connected logical systems
  • Generate automated Audit/Compliance reports to meet CIP – 004 compliance rules

Solution

  • 2900+ (Employees/Contractors)
  • Enterprise Guardian
  • IT/OT/Physical Connector Framework
  • Access Reviews and Certification Module

Shining a light on converged security

Faced with stringent critical infrastructure protection (CIP) compliance regulations for access management, PNM deployed an end-to-end Alert Enterprise security convergence solution featuring Enterprise Guardian software, for centralized Identity and Access Governance across physical and IT environments. The new system features automated Hire to Retire and access management, delivering enterprise-wide security, governance, compliance, policy enforcement, and workforce management – all in one place.

“Alert Enterprise software provided PNM with a proactive and automated solution to ensure compliance, mitigate risk, and enhance our security posture. The software’s ability to manage convergence across physical, logical, and OT environments is a true business enabler, and aligns with our vision for digital transformation.”

Self-Service

  • One stop shop web based portal to request access to job roles, applications, and physical access, and various systems including CIP
  • 100% visibility of access requests status, approvals, training, background checks, and built-in workflow slA and escalations
  • Password resets eliminated the top help desk call issue and enforced company standards – mobile and PC
  • Faster and more reliable access request turnaround as all IT/OT/Physical systems were integrated and automated at a much lower support cost

Access Governance & Compliance

  • Automated access reviews eliminated high-risk access creep with scheduled access review event alerts.
  • Active CIP policy enforcement was built-in including expiring background, training and certification checks before assigning of access, with automatic access shutoff on expiry or termination.
  • Automated logical system access – provisioning/de-provisioning user, additional access, revocation of access, and audit of access for employees and contractors.
  • Tripwire system integration documented violations if any CIP Access is assigned without approval within Alert Enterprise software.
  • On-demand audit reports for CIP and logical system access to meet CIP – 004 compliance rules.

Automated Hire to Retire

  • Full integration of HR, IT, and physical access for automated identity life cycle management.
  • Faster / easier onboarding of new employees and transfers with all the access they need on day one.
  • One place to centrally terminate all access, logical and physical in near real-time with multiple HR-driven termination scenarios.
  • Single reporting interface to review, and report all access assigned to a person, and the entire identity history.

Lower Cost and Maintenance

  • Increased operational efficiency, reduced risk, and fast Return on investment (ROI).
  • Consolidated automated controls – user access provisioning, all from a single dashboard
  • Point & click code free interface means no army of developers needed to maintain and configure.
  • Customizable reporting tool with full transparency into the system data model.

Insider threat detection is a demo away.

Let’s up your security response and power your digital transformation with machine learning. No coding required.
en_USEnglish