Kyndryl’s New Strategy for Security and Cloud Services

June, 2022

It has been nearly a year since IBM announced its plan to spin off its managed infrastructure services business unit, formerly known as Global Technology Services group. Now known as Kyndryl, a publicly held independent entity, it has organized its service portfolio around six global practices. The intent is to deliver these services in an integrated fashion, encompassing advisory, implementation, and managed services.

This research byte focuses specifically on Kyndryl’s Cloud practice and its Security and Resiliency practice. The solution areas included under the Cloud practice are cloud consulting, a hybrid and multicloud offering, and a modern cloud operations offering. Kyndryl’s cyber resiliency portfolio consists of security assurance services, zero-trust services, security operations center (SOC) and response services, and incident recovery services.

As we listened to Kris Lovejoy and Harish Grama, the global practice leaders for Security and Resiliency and Cloud, respectively, one common theme that emerged was a shift from an IBM-focused approach to an ecosystem approach involving partners in addition to IBM. Now, with a separate company in place, the objective is no longer to help clients lift and shift workloads to the IBM stack but to view a client’s situation more holistically by looking at investments already made by the client and helping identify and implement those tools and technologies that work best for the client.

As noted in our report, Big Blue Bets Big On Cloud-First Enterprise, the intent behind the spin-off was clear from the very beginning—to place IBM and Kyndryl in a position where they can both target high-growth opportunities that align strategically with the evolution of enterprise hybrid IT environments.

From Three Global Regions to a more Localized Focus

Organizations are looking toward local providers for managed services because they understand regional rules and regulations. Customer service is improved in the mind of the client when services reside locally. In response, service providers are setting up regional R&D centers, acquiring local providers, investing in their partner ecosystem, and focusing on local talent in collaboration with universities as part of their go-to-market (GTM) strategy. Kyndryl is following this playbook.

After the spin-off, Kyndryl reorganized its GTM strategy, which had been complex in terms of multiple sales teams organized by major regions (the Americas, EMEA, and APAC) and industries, all globally aligned with the IBM brand. When it was part of IBM, it lacked the dedicated focus that customers expect within individual countries in those three global regions. Now, after the spin-off, it has moved to a more local organization across the following geographies:

    1. Spain and Portugal
    2. Australia and New Zealand
    3. The UK and Ireland
    4. Germany
    5. Italy
    6. France
    7. India
    8. United States
    9. Canada
    10. Rest of the world (RoW)

As noted above, three out of 10 geographies are dual countries, while the RoW comprises 53 strategic markets or countries. This means that clients will now have access to a dedicated sales team in each of the geographies. According to Grama, the four main objectives that his team wants to achieve through the new GTM strategy are as follows:

    • Manage all accounts across industries in a particular country through a common team, with the advantages of localized support
    • Explore co-innovation opportunities with the client
    • Maintain existing client relationships inherited from IBM and build new relationships now as Kyndryl

Integrating the Security and Resiliency Practice 

After the spin-off, IBM retained some parts of the security portfolio including professional and managed services, primarily covering technology capabilities around the IBM QRadar stack. Existing IBM customer contracts were replaced with new Kyndryl contracts, wherein Kyndryl is the primary customer contract and IBM provides managed security services with IBM QRadar.

At the same time, Kyndryl is restructuring the way its security team delivers security services by:

    1. Separating security services from products, which are focused on the IBM QRadar security stack. This move enables Kyndryl’s security team to take a solution-oriented approach with the flexibility to deploy best-of-breed security tools including those outside of IBM’s portfolio. As a result, Kyndryl now has 16 strategic partners, including IBM, to provide services similar to QRadar. These include Trustwave, Secureworks, BT, and Nokia. They offer SOC as a service to Kyndryl’s clients, without locking in customers to a single vendor.
    2. Integrating the security and resiliency practice, a decision based on how legal directives across the cybersecurity landscape are changing. As illustrated in Figure 1, countries continuously amend regional and cross-border regulations to address the concerns of citizens, consumer demands, global trade imperatives, and the geopolitical landscape.
Kyndryl Image2 - Kyndryl’s New Strategy for Security and Cloud Services

Figure 1: Legal directives introduced across the globe


Thus, Kyndryl’s intent is to offer integrated services by moving toward the concept of cyber resiliency, accelerating its anticipation of risks that impact business services.

According to Lovejoy, cyber resiliency involves anticipating risk that impacts business services such as supply chain disruptions and network outages. It means mitigating risk through detection, analytics, and response to the event, allowing faster recovery.

Broadening the Ecosystem of Cloud Partners

Kyndryl is taking a similar approach with its cloud services practice. Organizations have realized that hosting applications on the cloud and leveraging a multicloud infrastructure are the best ways to sustain a business. Hence, they are looking for service providers who continuously strengthen their collaboration with cloud platform providers by developing industry-specific solutions, expanding certified professionals, and creating innovative tools or accelerators.

Keeping with these principles, Kyndryl immediately moved beyond IBM Cloud and announced strategic partnerships with three major cloud service providers, as shown in Figure 2.

MicrosoftTeams image 22 - Kyndryl’s New Strategy for Security and Cloud Services

Figure 2: Kyndryl’s strategic partnerships with major cloud service providers

Grama, who was formerly general manager at IBM Public Cloud and is now managing Kyndryl Cloud, said, “This will help us go from 3% of the market to what IBM Cloud had to over 90% of the market when you add the big three and the likes of Oracle and Alibaba.”

Keeping with this strategy, Kyndryl has been developing its digital talent to support the shift to an ecosystem-centric approach. Currently, it has a cloud workforce of 90,000, of which 31,000 have achieved vendor-recognized certifications in Microsoft Azure, VMware, Cisco, Red Hat, and AWS, among others. Nearly 10,000 personnel are certified in Microsoft alone. It has 30 centers of excellence under its cloud practice. As part of its partnership with Google Cloud, it plans to establish Google Cloud Academy for Kyndryl to develop its expertise in migration to Google Cloud.

Grama said that Kyndryl plans to double the number of cloud-certified employees from 15,000 to 30,000 by FY 2023 (April 2022–March 2023).


Kyndryl’s intention is to come out from under the image of IBM and establish its own identity. It wants to break any notion that it only has expertise in IBM technologies. The company wants its clients and the market to see it as flexible in how it works and how it can help clients along their complete journey of digital transformation.

Kyndryl is developing a new operating model that revolves around customer needs and wants. Through its ecosystem-centric approach, it intends to boost its capabilities in new areas to expand its addressable market space. IBM’s competitors are now becoming the company’s allies to capture a larger share of the market. This is new ground for Kyndryl now that it is a separate entity.

Although the outlook is promising, clients should hold Kyndryl accountable to make good on its intentions. Specifically, they should:

    1. Check on Kyndryl’s performance on how it can execute its business road map and bring stability to its operations.
    2. Test how flexible Kyndryl will be when it comes to delivering managed services by leveraging its partner network.
    3. Compare how Kyndryl stacks up with major global service providers, such as Accenture and TCS, in terms of Kyndryl’s advisory, implementation, and managed services.

Enterprises moving into the digital space amid the pandemic may now want to include Kyndryl on the shortlist of providers for digital transformation projects as its capabilities are no longer only focused on IBM technologies.

Kyndryl has laid out a clear vision for its future and is building the resources for its new approach. As Kyndryl’s practice becomes more mature with time, we will be better able to assess whether it will be successful in these efforts. In the meantime, we and the enterprise IT market will be watching.

By Gaurav Dewan, Associate Research Director, and Taniya Chandra, Senior Analyst, Avasant