Nishad Sankaranarayanan

Global Director, CyberSecurity - IAM, Genuine Parts Company

Genuine Parts Company (GPC) is a global leader with a legacy spanning nearly a century. Operating in over 17 countries and supporting more than 63,000 employees across 10,700 locations, GPC delivers essential products and services to a wide range of industries—including automotive, industrial equipment, food products, pulp and paper, mining, and metals. 

The company is structured into two major divisions: the Automotive Parts Group, which includes NAPA, UAP, Alliance Automotive Group, and GPC Asia Pacific; and the Industrial Parts Group, comprising Motion Industries and Motion Asia Pacific. With such a diverse workforce of retail and distribution professionals, GPC faces complex challenges in managing secure access across its vast global footprint.

To meet those challenges and prepare for the future, GPC recently established a unified global cybersecurity organization reporting directly to the Global CIO and CISO. This team was chartered with centralizing identity, security, and privileged access infrastructure across all markets and regions. Their mission spans continents—including the U.S., Canada, Mexico, Australia, and multiple countries throughout Europe—creating a single foundation to support secure, scalable operations company-wide.

This newly integrated cybersecurity and Identity Access Management (IAM) function is not just a technology upgrade—it’s a strategic enabler. It underpins business agility, supports modernization efforts, and ensures that every employee, no matter their location or role, has the right level of access at the right time, without compromising security.

Supernova Award Category: 
Digital Safety, Governance, Privacy, and Cybersecurity
The Problem: 

Over its 97-year history, Genuine Parts Company (GPC) expanded through acquisitions and international growth, resulting in a regional approach to IT and security. Each in-country brand optimized its infrastructure to support local operations and business needs. While this approach ensured responsiveness to regional requirements, it also led to a fragmented identity and access management (IAM) landscape across the enterprise.

The use of region-specific tools, processes, and vendors created isolated security environments with limited standardization. Some countries had implemented point solutions like CyberArk for privileged access, but these efforts remained localized and disconnected from a broader, enterprise-wide strategy.

As GPC began consolidating applications, systems, and data infrastructure—from on-premises to the cloud—this lack of centralized IAM architecture posed a challenge to global visibility, scalability, and operational efficiency. Without a unified framework, it became difficult to enforce consistent access policies, monitor risk holistically, or streamline security governance.

Additionally, this fragmented environment introduced potential compliance risks related to regulations such as GDPR and SOX, which require strong controls and centralized oversight of identity and data access practices. Implementation of the right Identity toolsets resulted in automating majority of the Identity and access management controls and access reviews resulting in significant reduction in people, process and technology wastage.

The Solution: 

To overcome decades of decentralized access practices, GPC launched a global IAM transformation initiative to support 63,000 employees and partners with unified identity management. The massive undertaking required consolidating 44 disparate Active Directory forests across 17 countries before implementing a scalable global framework. This represented a complete re-architecture of GPC's approach to identity, access, and cybersecurity governance.

The Results: 

Over the course of 18 months, GPC completed a sweeping global IAM transformation, consolidating privileged access systems across 17 countries into a unified framework. These systems are now centrally governed under a single set of enterprise-wide security policies and controls, ensuring consistent oversight and reducing risk across all regions.

This shift enabled dozens of regional IT leaders—who had previously been managing identity and access on their own—to focus on strategic growth within their respective business units, rather than on fragmented security operations.

More importantly, the initiative sparked a cultural transformation. For the first time, IAM was no longer seen as a background process but as a shared global responsibility.

Employees at every level became more aware of the role identity and access play in protecting systems and enabling productivity. Silos gave way to collaboration, with global teams exchanging best practices, aligning on security standards, and fostering cross-regional transparency.

This transformation not only enhanced GPC’s cybersecurity posture but also laid the foundation for a more agile, interconnected enterprise.

Metrics: 

The IAM transformation initiative delivered significant cost savings and operational efficiencies across GPC’s global footprint.

  • $5 million USD in hard savings were realized in the first year alone by decommissioning outdated legacy security systems and tools.
  • The initiative is projected to achieve a total of $11 million USD in hard and soft savings over the initial 2 years.

Operational efficiencies include a dramatic reduction in manual provisioning tasks, regional tool redundancies, and third-party consultant spend.

Beyond financial impact, the project also introduced measurable improvements in security response times, onboarding efficiency, and audit-readiness across multiple compliance frameworks.

These results underscore not just cost optimization, but a strategic realignment of identity and access management as a business enabler.

 

The Technology: 

GPC’s IAM transformation leveraged a modern, layered security stack designed to enable zero trust, scalability, and global consistency.

StrongDM served as the backbone for zero trust privileged access, providing secure, audited access to all critical infrastructure—including cloud platforms, databases, and internal applications. With StrongDM, GPC gained real-time visibility into who accessed what, when, and how—eliminating credential sprawl and dramatically reducing attack surfaces across environments.

  • Ping Identity was deployed for robust multi-factor authentication (MFA), identity proofing, and risk-based access controls. By integrating with government-issued identifiers, Ping enabled context-aware authentication workflows tailored to users’ roles, regions, and device trust levels.
  • SailPoint was deployed for identity governance and administration managing 65k identities globally across 17 countries including persona-based access and managing 12 active directories.

This modern identity architecture not only enhanced security posture but also improved user experience and compliance readiness. Together, these tools enabled a frictionless, secure-by-design foundation for GPC’s future digital initiatives.

 

 

 

Disruptive Factor: 

For a 100-year-old global enterprise like GPC, disruption doesn’t come easy—but this IAM transformation did just that. It dismantled deeply embedded legacy workflows, decentralized practices, and outdated infrastructure that had long slowed innovation and scalability.

This initiative was not just a technical upgrade—it was a fundamental business modernization, setting the foundation for the next century of growth.

A key disruptor was the operating model itself: a globally centralized IAM team reporting directly to the CISO, with the authority to standardize identity strategy across all business units and geographies. Instead of siloed regional teams working in isolation, cybersecurity experts now serve as shared global resources, guiding and partnering with business unit IT leaders.

To maintain alignment and accountability, the team built real-time Power BI dashboards that provide full visibility into access management across continents. These dashboards aren’t just status reports—they’re collaborative tools that facilitate open dialogue, peer benchmarking, and SLA performance reviews between headquarters and regional leaders across Europe, Australasia, and the Americas.

In short, GPC disrupted itself—from within—to create a modern, transparent, and agile security culture ready to support business at global scale.

Shining Moment: 

The defining moment came when GPC’s executive leadership presented the IAM Business and Culture Transformation as a case study to the company’s Board of Directors.

This wasn’t just a security success story—it was positioned as a blueprint for enterprise-wide modernization. The initiative showcased not only millions in savings, but also remarkable speed of adoption and deep cultural change across regions and teams.

As a result, the IAM transformation has now become the foundation for GPC’s global modernization playbook, influencing strategic efforts in SaaS adoption, supply chain resilience, manufacturing systems, vendor management, and the retirement of legacy platforms.

What began as a security overhaul has evolved into a catalyst for enterprise reinvention—unifying teams around a single global methodology, sparking cross-functional collaboration, and setting the stage for the next hundred years of innovation across the automotive and industrial parts industries.

About Genuine Parts Company

Established in 1928, Genuine Parts Company is a leading global service provider of automotive and industrial replacement parts and value-added solutions. Our Automotive Parts Group operates across the U.S., Canada, Mexico, Australasia, France, the U.K., Ireland, Germany, Poland, the Netherlands, Belgium, Spain and Portugal, while our Industrial Parts Group serves customers in the U.S., Canada, Mexico and Australasia. We keep the world moving with a vast network of over 10,700 locations spanning 17 countries supported by more than 63,000 teammates. Learn more at genpt.com.