Case Study

Securing New Mexico’s Energy Future

Public Service Company of New Mexico (PNM) was originally founded in 1917 as the Albuquerque Gas and Electric Company, but its roots can be traced to 1882 when electric and gas operations began in Albuquerque, New Mexico. With deep roots in New Mexico, PNM is proud to serve their community with safe, reliable power for the last 100 years. As the industry grows and changes, PNM continues to look forward to new possibilities to better serve their customers including building new solar centers, and harnessing wind power to produce clean, green energy to power communities for another 100 years.

PNM looked to reevaluate its physical security and electronic access compliance approach, which was decentralized, manual, and needed to be more efficient. PNM selected AlertEnterprise’s next-generation physical identity and access management software to ensure security and compliance, mitigate risk, and simplify operations.

OVERVIEW

Originally founded in 1917 as the Albuquerque Gas and Electric Company, PNM is New Mexico’s largest electricity provider serving more than 500,000 New Mexico residential and business customers.

Objectives

Solution

IDENTITY COUNT
AlertEnterprise

Shining A Light on Converged Security

Faced with stringent critical infrastructure protection (CIP) compliance regulations for access management, PNM deployed an end-to-end AlertEnterprise security convergence solution featuring Enterprise Guardian software, for centralized Identity and Access Governance across physical and IT environments. The new system features automated Hire to Retire and access management, delivering enterprise-wide security, governance, compliance, policy enforcement, and workforce management – all in one place.
“AlertEnterprise software provided PNM with a proactive and automated solution to ensure compliance, mitigate risk, and enhance our security posture. The software’s ability to manage convergence across physical, logical, and OT environments is a true business enabler, and aligns with our vision for digital transformation.”
– Gary Todd, Assoc. Director, Cyber Security PNM Resources

1. SELF-SERVICE

ONE STOP SHOP web based portal to request access to job roles, applications, and physical access, and various systems including CIP.

100% VISIBILITY of access requests status, approvals, training, background checks, and built-in workflow slA and escalations.

PASSWORD RESETS eliminated the top help desk call issue and enforced company standards – mobile and PC.

FASTER and more RELIABLE access request turnaround as all IT/OT/Physical systems were integrated and automated at a much lower support cost.

3. Access Governance & Compliance

AUTOMATED ACCEss REVIEWs eliminated high-risk access creep with scheduled access review event alerts.

ACTIVE CIP POlICY ENfORCEMENT was built-in including expiring background, training and certification checks before assigning of access, with automatic access shutoff on expiry or termination.

AUTOMATED lOGICAl sYsTEM ACCEss – provisioning/de-provisioning user, additional access, revocation of access, and audit of access for employees and contractors.

Tripwire sYsTEM INTEGRATION documented violations if any CIP Access is assigned without approval within AlertEnterprise software.

ON-DEMAND AUDIT REPORTs for CIP and logical system access to meet CIP – 004 compliance rules.

2. AUTOMATED HIRE TO RETIRE

FULL INTEGRATION of HR, IT, and physical access for automated identity life cycle management.

FASTER/EASIER onboarding of new employees and transfers with all the access they need on day one.

ONE PLACE to centrally terminate all access, logical and physical in near real-time with multiple HR-driven termination scenarios.

SINGLE REPORTING INTERFACE to review, and report all access assigned to a person, and the entire identity history.

4. LOWER COST AND MAINTENANCE

INCREASED OPERATIONAL EFFICIENCY, reduced risk, and fast Return on investment (ROI).

CONSOLIDATED AUTOMATED CONTROLS – user access provisioning, all from a single dashboard

POINT & CLICK code free interface means no army of developers needed to maintain and configure.

CUSTOMIZABLE REPORTING tool with full transparency into the system data model.