Commvault, Kyndryl and Pure Storage have announced a collaborative effort aimed at assisting organisations in meeting specific data protection regulations and improving recovery capabilities following cyber incidents.
The partnership combines Commvault’s data backup software, Kyndryl’s IT infrastructure services and Pure Storage’s data storage hardware.
The alliance intends to integrate Commvault and Pure Storage technology with Kyndryl’s existing service portfolio, which includes Cyber Incident Recovery, Managed Backup Services and Hybrid Platform Recovery.
A primary stated goal is helping customers adhere to regulations including the European Union’s Digital Operational Resilience Act (DORA), the revised Network and Information Security Directive (NIS2), the Payment Services Directive (PSD2), the New York Department of Financial Services Cybersecurity Regulation (NYDFS NYCRR 500) and Australia’s CPS 230 standard.
“Cyber preparedness is no longer regarded as optional for global organisations; it is mandatory,” stated Allen Downs, Vice President of Security and Resiliency Services, Kyndryl.
“Through this collaboration with Commvault and Pure Storage, we are further positioned to assist some of the world’s most esteemed organisations in completely redefining their data protection strategies,” Downs said.
The joint solution uses a four-layer technical approach combining Commvault and Pure Storage products. The first layer, Cyber Resilient Vault, isolates data using zero-trust security. Next, the Clean Recovery Zone enables forensic checks and backup verification.
The third layer, Production Rapid Restore, uses Pure Storage FlashBlade for fast data recovery with built-in protection against tampering. The final layer, Immutable Snapshot Recovery, combines Commvault IntelliSnap with Pure Storage FlashArray to quickly restore critical workloads through snapshots.
Alan Atkinson, Chief Partner Officer, Commvault, cited specific challenges the partnership addresses. “Our partnership with Kyndryl is built to address the biggest challenges facing the enterprise today, such as the persistent threat of cyberattacks, including ransomware, and the increasing complexity of managing massive data growth across multi-cloud environments,” Atkinson said.
“When combined with the innovative Pure Storage platform, the three companies are together helping organisations stay resilient and prepared to act decisively in the face of disruption,” Atkinson said
The joint offering supports automated testing for cyber recovery, including Commvault Cleanroom Recovery in public cloud or Kyndryl-managed on-premises environments. The companies state this testing helps validate recovery processes and supports compliance with specific sections of regulations like DORA Chapter II (Risk Management) and Chapter IV (Operational Resilience Testing).
Maciej Kranz, General Manager, Enterprise, Pure Storage, connected the solution to regulatory demands. “As regulatory frameworks like DORA set higher standards for operational resilience, organisations are implementing strategies that integrate regulatory compliance with the ability to recover swiftly from cyber disruption,” Kranz stated.
“Together with Commvault and Kyndryl, we’re delivering advanced security features and a scalable foundation of layered resilience that helps organisations meet these mandates and restore critical operations quickly and reliably,” Kranz said.
This partnership emerges against a backdrop of increasingly stringent global regulations mandating robust data protection and cyber resilience, particularly for financial institutions and critical infrastructure providers.
The EU‘s DORA, which became enforceable in January 2025, imposes strict operational resilience, risk management and third-party oversight requirements on financial entities. NIS2 significantly broadens the scope and tightens security and incident reporting rules for essential service operators across the EU.
Regulations like NYDFS NYCDR 500 in New York and APRA CPS 230 in Australia impose similar stringent cybersecurity and resilience requirements on financial institutions within their jurisdictions.
These rules often demand demonstrable capabilities for rapid data recovery and system restoration following incidents like ransomware attacks. Industry analysis suggests the complexity of securing and managing data across hybrid cloud environments, coupled with the rising frequency and impact of ransomware, drives demand for integrated solutions combining software, hardware and specialised services.
Partnerships such as this one aim to offer a consolidated approach to meeting compliance mandates while enhancing practical recovery capabilities.
