Zscaler Inc (NASDAQ:ZS) Nasdaq 47th Investor Conference December 6, 2022 4:30 AM ET
Company Participants
Jay Chaudhry – CEO
Remo Canessa – CFO
Conference Call Participants
Hamza Fodderwala – Morgan Stanley
Hamza Fodderwala
Okay. I guess we’ll get started. Apologies for the delay. Good morning, everybody. And this morning, we’re really delighted to have the team from Zscaler. We have Jay Chaudhry, the Founder and CEO of Zscaler; and Remo Canessa, CFO. Gentlemen, thank you so much for joining us.
Before I begin, just a brief disclosure. For important disclosures, please see the Morgan Stanley Research disclosure website, www.morganstanley.com/researchdisclosures. With that, we’ll kick it off. Jay, I think you had a brief presentation you wanted to share before we go into the Q&A.
Jay Chaudhry
That is correct. If I could get the clicker. Thank you. Good morning. Good morning. All right. You need some coffee or tea maybe. All right. So I want to set the stage in terms of why we think security and networking needs to done differently that and it has been done for the past 30 years.
Technology changes all the time, but it’s all incremental. Disruptive architectural changes happen every 20 to 30 years. And the network architecture that security is built on was invented in late ’80s and early ’90s, when industry agreed upon what’s known as IP, TCP, IPBS network. So you could simply buy Cisco routers and extend your data center to any branch office. You go to the branch office, you get on the network. You could laterally move, find applications and use them. Life was wonderful. The biggest breakthrough in networking and distributed computing technology. Then market invented VPN. So you could be sitting at home. You’re logically in the office. You could do everything you’re doing, sitting in Moscow that you do in the office. That’s what VPN does for you. Wonderful.
Now we are embracing cloud. Naturally, we’re extending our network to every cloud region because applications and users, once they get on the same network, they find everything. It’s like a beautiful highway system that takes us everywhere. And then we spend virtual firewalls thinking it’s cloud security, not really. It is extending your network to every cloud region. What’s the implication of all this networking for security?
Well, the bad guys start by finding you. How do they find you? In the physical world, they find your house, they find your building. In this Internet world, they find your IP address that is also the open Internet, like any firewall, any VP and any application portal can be discovered. So good people can connect with it, but bad people can do the same thing. Attack surf is a big problem. The new approach is eliminate your attack surface. Hide it. You’re building has no name anywhere. They can be found. They compromise you, phishing, all kind of stuff. Stopping compromise becomes important. Three, once they get on your laptop, it’s on the network, they move laterally on this lovely highway at the network and they find high-value targets, and that’s where they get you. Colonial Pipeline. Stole VPN credentials, got on the network, found high-value billing application rest of it is history. The traditional network and firewalls enable lateral movement. That must stop. That’s why the architecture must change.
Now single infector machine. If it’s on your network, it can traverse the whole thing and bring everything down. That’s what happened to Maersk. If you want to learn about how this lateral movement happens, read an article on Wired Magazine, search for Maersk Wired Magazine, NotPetya, you’ll find it. It’s a beautiful story.
Then they want to steal your data. And stolen data gets sent to the Internet. So that should be stolen. So this is why, in spite of millions and millions of dollars spent on network and security, every company is getting compromised. So doing more and more of the same security legacy castle-and-moat model doesn’t help. That’s why when I started Zscaler, is designed for the world where you really have don’t need to build castles and moat.
You essentially build something we call a switchboard. A switchboard that connects users to applications without being on the network, without being inside. We all understand switchboard. I want to talk to a certain person, switch or connect to that person. That’s it. You never own the network. You never an insider. That’s really the fundamental architecture we came up with, which is the opposite of firewalls and VPN the like. Quite often, people ask me. Gee, how do you compare with the firewalls? I kind of say it’s almost like comparing with an electric car, with the traditional car. I mean, yes, they look similar. You open the hood, everything is different.
So with that context, let’s get into Q&A.
Question-and-Answer Session
A – Hamza Fodderwala
All right. Thank you so much. Especially impressive because I know you just got off a flight this morning. So definitely have that pitch down for sure. Okay. So Zscaler was founded on the premise that the traditional network security model is broken. And most of security is still done around this network architecture. Can you talk a little bit about the pace of change, though, towards this SASE, Secure Access Service Edge market. Because most enterprise IT networks are still very much hybrid. There’s still a lot of legacy infrastructure there. So is that pace of change accelerating? Is it moving on pace? Is it slowing down given the macro? Just any, yes.
Jay Chaudhry
It is accelerating. It’s not slowing down. The world is always hybrid. But that doesn’t mean this new approach doesn’t work with hybrid. Sometimes people think that hybrid is needed. That’s why you need firewalls. In this new world, where we talk about the switchboard approach, you could connect to your data center, you could connect to your public cloud, you could connect your SaaS application. You could connect to OT system in your factories. It doesn’t really matter. So the approach we advocate supports the old world and the new world. It just does it in a newer and better way. I think having said that, it’s true, there’s always inertia out there. There’s a fair amount of inertia. And we have been evangelizing. It used to be a fair amount of work. When I used to talk to a CISO 5 years ago, I would talk to 10 of them, 7 of them will say, “You’re crazy.” 2 will say very intriguing idea, but I’m not sure I’m ready for it. And 1 would say what a fantastic idea. Let’s work together. And that got us excited.
So when we got General Electric, Nestle, Schneider Electric, the world, 8, 9, 10 years ago, it was very exciting. And I couldn’t handle all 10 customers, if all 10 said yes at that time. So the pace has accelerated. You’ve seen our growth, well over $1 billion in annual recurring revenue. This is pure revenue. This is not made up numbers being moved from this bucket to that bucket, right? There’s no other thing that we do. And growth. On growth rate, you’ve seen us. We have been doing rule of 80, rule of 70 for quite a while. The macro situation generally slows things down. Cyber is on the top of every CIO, CISO list. It’s hard to find a week when some organization is not getting compromised.
So cyber is tough. The second reason that’s helping us with demand is CIOs are under pressure to reduce cost. And we happen to be one of the very few security companies that actually reduces cost because we are not a better firewall. We eliminate a lot of that complicated network and a bunch of those security boxes. So when a CIO says, you’re going to help me reduce cost and you can give me better security. The interest goes up. So that’s why we see a lot of interest.
Hamza Fodderwala
Yes. I definitely wanted to hit on that. So there’s a huge pressure to justify the ROI for these solutions. Can you give us maybe some concrete examples or quantification as to what cost does Zscaler help you, say, whether it be MPLS or brands like anything?
Jay Chaudhry
Yes. I think you can put the cost in multiple buckets. And for interesting part is, generally, security is never — everything you do in life is either supposed to reduce cost or increase your revenue. Traditionally, security doesn’t do either of the 2, right? It’s viewed as a cost. But what we do, for example, is helping customers in 3, 4 areas. First of all, there’s a sprawl of security appliances out there. That needs to be eliminated. There’s a lot of technical debt. So we eliminate the cost of not only security appliance, but also routers, switches, load balances and the like. So it’s more than just security products.
Number two, there’s obviously network cost. There’s a lot of money being spent on network, MPLS and the like. We eliminate that. Third is operational cost. Our customers have done study, they said it takes 1/5 the amount of resources to manage Zscaler than traditional firewall-based solutions. Those are savings. And fourth, which is business agility. We improve response time significantly. Before, if a CEO wanted to open a new office in Kuala Lumpur, IT will say wait for 3 months, I’m going to order MPLS circuit. Then I’m going to order these boxes that will be shipped and delivered to their office. It will take about 3 to 4 months to get up and running.
With our approach, all you need is a broadband connection with any standard outdoor, traffic gets routed to our checkpost, reinforce policy and you’re good to go. Imagine the amount of business agility you get by doing things like that. M&A integration, the number of M&As happening out there is at a record pace. So many companies are buying other companies. They’re divesting companies. With Zscaler approach, you don’t even deal with the networks and all that stuff. Every entity simply connects to the Internet, we become the switchboard connecting right party to right parties. So done M&A integration in, say, 8 weeks, if in the old world of networking, firewall would have taken 8 or 10 months.
Hamza Fodderwala
Got it. So you’re not only saving costs in the security appliances, but you no longer have to pay for a dedicated line, the networking cost associated with that. And you charge also on a user. Basis, you’re not charging for traffic, generally speaking.
Jay Chaudhry
That’s right.
Hamza Fodderwala
So that seems really compelling. Why isn’t the entire market moving towards because one of the questions I get is there’s still a lot of companies buying firewall boxes. In fact, it’s been a record year for firewalls. So again, going back to that pace of change argument, why do you think that is?
Jay Chaudhry
So first of all, if the market wasn’t coming to us we won’t be growing at the pace we have been growing. So it is happening. The question is, could it happen much faster, okay? It should, but human beings have this funky thing called inertia. People who have been trained for 30 years to do things certain ways, it’s hard. So number 1 thing I personally do when I meet CIOs is really give them heads up. You’re going to try to drive this thing. As you go downstream, who gets really disruptive? Networking. Your networking budget, imagine it goes from $100 million to $50 million after you deploy a Zscaler. Some people in those areas, they worry, they wonder, should I slow down? Do I lose my power? There’s a little bit job security stuff involved. So we go generally top-down that CIO had to find some of these catalyst champions to drive some of the stuff. And there are people who want to really stay in the old world. That’s probably the #1 reason.
The mindset change or cultural change is what’s really holding us back and to make a little bit of thing worse the companies that are getting disrupted. First, they used to say, “Oh, this cloud thing is crazy. It will never happen.”
Then they would say, well, there’s proxy architecture of case. It won’t happen. Now they say, gee, we have it, too. We have it better than Zscaler. Some of the legacy companies have bigger megaphone, right, and all that stuff. So they are kind of telling the world they can secure you. Now you already sold 1 million firewalls. Why haven’t you secured us so far, right? I tell them that you’re doing this service to every organization by really spreading a message that’s not right. But that’s how the world works. So we need to do our job to educate our customers.
The good thing is over 40% of Fortune 500s depend upon us. And interestingly, our #1 source of getting to new business is the CIOs and CISOs and CTOs when they move from company A to B to C. They call us, and that’s how this thing is working very well.
Unlike we don’t quite have as much channel traction as traditional guys have because what does channel do? Channel takes kind of mature technologies and take it to the customers. When anything innovative have happened, channel is never ready. It needs to be trained. So we’re working on it, building lever the channel. But we had to do a little bit creative way to get to market than traditional security companies.
Hamza Fodderwala
Got it. So this is a transformational sale. And in times of macro weakness, those types of long sales cycle projects that take 9 to 12 months can be elongated further. How are you thinking about handicapping that? Maybe this is to bring Remo to the conversation, within your outlook. Because the SASE migrations aren’t going away, just taking longer to close.
Jay Chaudhry
I’ll start, and Remo, you can add. Yes, we are transforming the way network and security is done. And we used to start with, you don’t need this network at all. I tell you that the biggest mindset change, the cultural change that has happened in the past few years, have from the COVID hit.
What’s — a large company spend somewhere from $20 million to $150 million on the network, okay? This network is connecting your 5 branch offices to the data centers. Because data center was the center of gravity, every application sat there and people sitting in various branches had to reach those applications. It was a wonderful model for 30 years. As applications are out there in the cloud some where users are out somewhere going back to a data center makes no sense. So you simply connect to the Internet.
So with COVID, CIOs generally some simply realize, wow, my users are working from home, why simply connecting to the Internet. I don’t use this expensive $50 million or $100 million MPLS network that’s connecting our branches to the data center. It’s not needed before I used to tell them, they’ll say, “Well, I’m not sure I buy your argument.” Certainly, it became great. I tell you an interesting story, a CISO a large U.S. company. He moved from this large company to another large company in April of 2020, 1 month after the shutdown happened.
He called me, he said, “I need Zscaler here.” I said, I happen to know this customer. I’ve been working with them. CISO wants to move forward, but the Head of Networking doesn’t. He thinks he wants to keep his network. So have you talked to your networking leader. He said, “I don’t need to. Because my people are working home, we’re not even using the network. So now Zscaler gets deployed by simply downloading a lightweight agent to your laptop or mobile device traffic comes to us. We enforce a policy right party connect to the right party. Network is really not needed in these branches, all you need is and Internet connection. So that CIO talked to me.
Three months later, when we rolled out Zscaler, he said, “I used to think about network transformation, now, I think on network elimination. So our deployments have gone from where it used to take 6 months. It takes 6 weeks. If it took 3 months, it takes 3 weeks because we don’t even touch the network. It’s — security doesn’t need a lot of complicated policy — the job of security vendor is to make sure we don’t let bad stuff come down and affect you and don’t let good stuff leak out. So deployments are faster. If we need to work on something, it’s a mindset and cultural change to educate people.
Remo Canessa
So I mean, from my perspective, when you take a look at applications several years ago, there was a debate whether they should be in the cloud or on-prem. And several years ago, applications have all gone — most of the applications have gone to the cloud. And what that’s done basically is made companies a lot more efficient.
The question when I met with Jay 6 years ago, and again, I came from NetScreen, which is a firewall VPN company. My core was basically security has got to come back into the data center. You’ve got to control it. And talking to Jay, basically, the — if you do have a hub-and-spoke basically network, you allow people to get onto your network and basically go in any place.
What Zscaler created was a Zero Trust Exchange, and that Zero Trust Exchange is in the cloud. And that was the key thing, which Jay said, that if applications are in the cloud and users are mobile, why do you want to backhaul everything into your data center? You don’t. I mean for the reasons Jay mentioned, it’s user experience, it’s cost, also complexity. I mean, if you take a look at the number of security professionals, it’s not increasing at the pace that it needs to in order to keep up with all the security threats.
So moving — pushing your traffic through Zscaler, through our Zero Trust Exchange is the simplest and most secure way to really protect companies. From an overall perspective, 1 of the things we commented on was that the macro effects, so I think the entire world and all companies are feeling macro effects related to what’s going on. Our pipeline is increasing, our business interactions are increasing. Our deal sizes are increasing.
The number of $1 million deals we have is $348 million ARR customers, not deals, ARR customers. It’s an increase of 55% year-over-year. And so we’re seeing basically more companies buying more of our platform, which is users and workloads. So it’s how do I handicap it related to going forward. You take everything in consideration. But we are growing, as Jay mentioned, 50% year-over-year at this scale, it’s pretty impressive.
Hamza Fodderwala
Got it. And then just quick multipart question from you and then I want to open up to the audience. How are you thinking about growth versus profitability? Because like Jay mentioned, you’ve been a profitable business, over 20% free cash flow margin. So how do you think about the relationship of that as we do slow down, everyone slows down.
And then the second part is stock-based compensation. Historically, Zscaler has not had a lot of dilution — but the stock-based comp, at least relative to revenue did uptick a lot in the last couple of years. So — how do you think about sort of bringing that down?
Remo Canessa
Yes. I’ll take the stock-based comp question first. We expect to decrease as a percent of revenue. So you’ll see it decreasing. This last quarter it was 31%, which is down from where it was before. So you will see stock-based compensation percent of revenue decreasing. And basically, as companies mature, when you’re — when you go public, and when you’re a private company, you incentivize basically employees with stock. You still do that at a pretty large degree when you’re first public as you’re trying to attract talent, but as you mature, less people get stock. So stock-based compensation will decrease.
From a balancing top line growth and operating profitability, you mentioned, we’re free cash flow over 20% the last 2 years. From my perspective, the key thing for Zscaler is to get market share. This is a race. And if we get that market share, it gives us the — basically, the foundation to continue to grow. Our — absolutely, we sell both new and upsell. Our net retention rate is 125%. So from my perspective.
Jay Chaudhry
Over 125%.
Remo Canessa
Over 125%. Over 125%. So from my perspective, basically, continue to invest in the business, be more mindful, basically, on operating profitability, which we are. We increased our guidance on operating profitability. We had an outstanding quarter in Q1 in hiring. And going forward, we’re going to moderate our hiring in the future quarters, still prioritizing revenue-generating salespeople as well as innovation.
Hamza Fodderwala
Okay. Any questions from the audience? Yes, over here.
Unidentified Analyst
So when you think about your, let’s say, some of your flagship customers, the ones that have been with you for longer that we’re like the early adopters of the technology, do you see case studies where some of them are indeed no longer using firewalls or have abandoned some of the earlier types of security?
Jay Chaudhry
Yes. The question is, do we have customers who basically have no firewalls? When Zscaler comes in, typically, — most of the firewalls go away, there’s 1 place they still stay. It’s a data center. Data center still has a complicated DMZ sitting there. I’d rather not go after the data center, which is going away over time. I would rather go where the puck is headed. We have solutions where you don’t need firewalls in public cloud, our solution, the Zero Trust can do it. So that’s really how we’re approaching it.
Hamza Fodderwala
Yes. We have a question over here. Yes, right here.
Unidentified Analyst
You just alluded to the fact that you’re in a race. Can you talk a little bit about the competitive environment? Who are your direct competitors? And what gives you the confidence that looking down 5, 10 years down the road, you’re going to become the standard of the industry?
Jay Chaudhry
So first of all, competitors have been changing. For the first several years, these — there are 2 kind of competitors we had: proxy vendors, Websense, Blue Coat, Symantecs of the world, McAfee of the world, they had dominant on-prem position. They just couldn’t move the cloud in a multi-tenant architecture. They’re kind of there, but not there.
Still, the #1 vendor we replaced out there for outgrown traffic is Blue Coat, Symantec. For the private access, VP and vendors like Pulse Secure of the world, Cisco and ECON of the world have been key vendors, but they are actually withering away. Now firewalls are trying to come and say, we can do it just because we can spin our firewalls in the cloud and become virtual thing. It’s almost like when Salesforce came to the world, Siebel Systems dominate everything. And what did Siebel say? Of course, you can run me as a virtual machine in the cloud. You don’t need to buy Salesforce.
Unless you build a cloud-native architecture, you can’t really do this kind of stuff. It’s an architectural change. It’s not adding a feature. It’s like I like to say, you may be the best DVD player vendor. But when it comes to building Netflix, you can take 1 million DVD players, put in a data center. And here’s a DVD player dedicated for customer. You need a different architecture. That’s what we built. So I do believe that these firewall vendors will try to come, they’ll probably get back to where they belong. They really don’t really belong in this Zero Trust type of architecture.
Hamza Fodderwala
Any other questions from the audience? I think we had 1 here.
Unidentified Analyst
If I look at consensus estimates for your revenues, the rate of growth goes 40% in fiscal ’23, then 31%, then 26%. And each year, you add exactly 500 — roughly $500 million. For a company which is investing very hard in itself, that seems to be a slowdown. Is that macro? Is it — that we have no idea at the moment? Or is it analysts being conservative?
Remo Canessa
Yes. I mean the — we only give guidance out for 1 year. And basically, if you take a look at how we’ve given our guidance, we’ve been prudent. We’ve been able to beat and raise for the most part. And so we’re being prudent with our guidance. We don’t want to disappoint shareholders. We don’t want to disappoint ourselves. And so we try to be prudent with our guidance only 1 year guidance we give out.
Jay Chaudhry
In terms of macro, I think we are doing relatively speaking, quite well. Here’s the last comment I’ll make and we are out of time. When macro conditions get tight, demand softens. We haven’t seen a slowdown in our demand because we have a record pipeline the number of engagements with C level or kitting right or record engagement. So there’s no lack of pipeline activity.
Then the question ends up being, would you be able to close business, right? You could have pipeline, but do you close it? It is harder because there’s more scrutiny today than it was 3 months ago or 6 months ago. The 2 things we do that are helping us do better than other companies. One, we have been selling at C level from early on because we had to. Remember, there’s a mindset change. We couldn’t go and sell to techies.
So having C-level engagement, a CIO getting approval from CFO, it’s a lot easier than dealing with 4 levels down and then your project that killed somewhere before even reaches the C level. It is true if before CIO went to CFO, the deal got approved in 2 days. It may take 10 days or 2 weeks because CFO is asking a lot more questions.
Now for that, 1 of the things we have been doing for years is something called business value assessment. We actually quantify the customer that we can take out these products, these networks, these things, this is what the ROI will be. Those studies are needed far more today than they were needed 6 months ago. So we are doing a lot more business justification studies that helps us close our deals.
Hamza Fodderwala
All right. With that, Jay, Remo, thank you so much for your time, and thank you so much for joining.
Remo Canessa
Thank you.
Jay Chaudhry
Hamza, thank you. Great. All right.
Be the first to comment