Zscaler
Zscaler – Rewriting Rules For Network Security?
Zscaler is a Cloud platform helping enterprises monitor inbound and outbound internet traffic. As more and more business applications shift to Cloud, enterprise network extends from enterprise data centers to third party Clouds such as Azure, AWS, Google and users use multiple devices to access anything from anywhere, will enterprises look to reposition their security from traditional perimeter based approach to cloud based one? Can Zscaler grab market share from traditional appliances vendors at least for a few use cases?
Product offering and Growth Strategy
Zscaler was launched in 2008 to offer a different security architecture anticipating world will have different access patterns. Traditional security model involves
- Perimeter protection: Protecting the perimeter around corporate data centers by various appliances
- Hub and spoke protection: Routing gateway (‘hub’) (set up to minimize appliance and maintenance costs) traffic from branches to corporate data centers through wide area links (‘spoke’) for security screening
- VPN protection: Routing traffic from mobile, and remote users through VPN’s to corporate data centers.
Traditional security approach has limitations – poor user experience, security tradeoffs, cost, and complexity – in the changing landscape of cloud, and user mobility.
Zscaler has two product offerings
- Zscaler Internet Access (ZIA): In Zscaler’s own words “ZIA securely connects users to externally managed applications, including SaaS applications and internet destinations, regardless of user or device. ZIA sits between users, and the internet, and is designed to ensure malware does not reach the user, and valuable corporate data does not leak out”
- Zscaler Private Access (ZPA): In Zscaler’s own words “ZPA offers authorized users secure and fast access to internally managed applications hosted in enterprise data centers or the public cloud. ZPA does not expose the identity or location of applications and provides only the necessary and appropriate level of access”
Source: https://www.sec.gov/Archives/edgar/data/1713683/000119312518080170/d400527ds1a.htm
Some applications / use cases of its platforms:
- Agilent Technologies uses Zscaler for branch office network security. Benefits include security for internet-connected regional and branch offices, 80% improvement in network provisioning time, faster onboarding of acquired companies and partners, greater network flexibility and security
- AutoNation uses Zscaler across all its locations. Benefits include better cloud security, and better Office 365 experience by leveraging Zscaler’s tight integration with Office 365
- General Electric, in an effort to transition from a traditional ‘perimeter’ based security into a ‘no / open network’ based security, leverages Zscaler to secure its ~425k Active users across 4000+ locations in 180+ countries.
- Siemens, similar to General Electric, leverages Zscaler to secure its ~350k Active users across 160+ countries
A few elements of product growth strategy:
- Continue its Cloud First Strategy. Widen the lead against competition by continuous product innovation (example: ThreatLabZ)
A few elements of revenue growth strategy:
- Expand in existing customers (ZPA in addition to ZIA, and upgrade from Professional to Transformational bundles)
- Win new customers. Target specific use cases (low hanging fruit such as branch network rerouting, customers moving to critical applications such as Microsoft Office 365 triggering purchase of new security infrastructure) with minimal to no competitive bakeoff against traditional appliance vendors first, and then pursue account expansion
- Existing market size: Companies spend ~$17B annually on appliances to perform functions available in Zscaler
- High potential to penetrate New markets: Smart and connected IoT devices
- Pursue aggressive channel partnerships with global telecommunication service providers, and ‘C-level’ selling strategy (enterprises are in the process of reevaluating their old security portfolios for Cloud dominant world) through system integrators to win against traditional appliances vendors
- Focus on additional market segments (International expansion in Japan, Asia Pacific; Underpenetrated Government segment; SME’s)
Competition
Zscaler considers competitors in following categories
(https://www.sec.gov/Archives/edgar/data/1713683/000119312518048303/d400527ds1.htm#toc400527_11)
- Independent IT security vendors such as Palo Alto Networks, Symantec, Check Point
- Large networking vendors such as Cisco, and Juniper that offer security appliances and offer security capabilities in their networking products
- Companies such as Forcepoint, FireEye, Pulse Secure with point solutions that compete with some of the features of Zscaler’s cloud platform such as proxy, firewall, sandboxing, advanced threat protection, data loss prevention, encryption, load balancing, and VPN
As outlined above, a lot of players exist and especially in the Cloud offerings space, Symantec and Cisco are two major competitors. Cisco has been one of the dominant in the traditional appliances market but it’s cloud offering Umbrella (rebranding of its 2015 acquisition OpenDNS) while competitive lacks granular monitoring and access controls. Cisco, with its nimble M&A and powerful sales network, may try to further boost its Cloud offerings by acquiring companies (Force Point?). Symantec is the biggest competitor by revenue and has a variety of traditional offerings such as end point protection. Symantec’s cloud acquisition – Blue Coat – is a strong competition to Zscaler because Blue Coat offers granular monitoring and access control, has 45 data centers, designed with Cloud first in mind, and a tighter integration with Symantec’s other security offerings
Zscaler’s competitive advantage
- Cloud emphasis from beginning. Products designed for Cloud dominant world. A new architecture and security model compared to traditional appliances security model.
- Optional Private Access (ZPA) offering (to replace VPN requirement) to secure user access to applications in enterprises own data centers or public clouds such as Azure, AWS, and Google.
- 100 data centers (45 is the next highest by Blue Coat) around world and growing. Consistent and good end user experience.
- Granular (all packets) level of inspection regardless of access rules. 35 billion transactions per day. Improved threat intelligence. Ability to apply that intelligence across its network faster.
- Provides granular security controls yet limits user inconvenience and latency
- Tight integration with Office 365 (Zscaler has peered links to 20 Microsoft data centers) to facilitate faster inspections. Office 365 is #1 enterprise application in world by traffic.
Management pedigree
Jay Chowdry – Founder and Current CEO. Serial entrepreneur with ability to foresee trends. Sold six companies prior to starting Zscaler in 2008 for a Cloud dominant world. Seems highly passionate and great advocate of toppling appliances based security model. 93% approval rating in Glassdoor.
Key Financial Highlights
Earnings ($mil):
| 2015 | 2016 | 2017 | 2018E | Comments | |
| Revenue | 53.71 | 80.33 | 125.72 | 185 | Revenue growth momentum is due to 1) existing customers adding more users, and shifting from Business to Transformation segment of ZIA 2) new customers signing up for Transformation segment (vs. typical Business segment) 3) corporations starting to warm up to ZPA offering (3x more pricier); only 5% of Zscaler’s customer base has ZPA; Tremendous potential |
| Gross Profit | 39.2 | 60.1 | 98.2 | ||
| Operating Expenses: Sales & Marketing | 32.1 | 56.7 | 79.2 | ||
| Operating Expenses: R&D | 15 | 20.9 | 33.5 | ||
| Operating Expenses: General and Administrative | 4.4 | 9.3 | 20.5 | ||
| Operating Income | -12.4 | -26.8 | -35 | ||
| Net Income | -12.8 | -27.4 | -35.4 | ||
| EPS | -0.55 | -1.36 | -1.54 |
Primary operating cost driver:
- Increased Sales and marketing, and R&D expenses for the foreseeable future. Indicative of company’s push to increase sales & marketing headcount, market its offering, expand in current customer base, and win new customers
Balance Sheet ($mil):
| 2016 | 2017 | |
| Cash, Cash Equivalents & Short-term instruments | 92 | 87 |
| Total Assets | 154 | 183 |
| Deferred Revenue | 65 | 96 |
| Long term debt | ||
| Preferred Stock | 191 | 201 |
| Additional Paid-in Capital | 12 | 19 |
| Retained earnings | -127 | -162 |
| Total shareholder equity | 67 | 50 |
Cash Flows ($mil):
| 2015 | 2016 | 2017 | |
| Operating | -3.2 | -11.9 | -6 |
| Investing | -0.6 | -6.6 | -8.3 |
| Financing | 85 | 27 | 9.4 |
| Free Cash Flow | -9.9 | -18.1 | -14.1 |
Valuation Mkt Cap ($mil) / Sales ($mil) :
| Mkt Cap (Sep 1 2018) | Sales (FY 2018) | Sales (FY 2018) A/E | Mkt Cap / Sales (FY 2018) | |
| Zscaler | 5100 | 185 | E | 27.6 |
| Veeva | 12600 | 685 | A | 18.4 |
| New Relic | 5800 | 355 | A | 16.3 |
| Service Now | 34900 | 2400 | E | 14.5 |
| Okta | 5400 | 260 | A | 20.8 |
| Workday | 33400 | 2140 | E | 15.6 |
| Salesforce | 112100 | 10480 | A | 10.7 |
| Box | 3400 | 506 | A | 6.7 |
Risks of Investment:
Short to Medium term:
- Pending lawsuit of Symantec against Zscaler on patent infringement of Blue Coat technology
- Big companies GE (400k+ employees) and Siemens (350k+ employees) have repositioned their security portfolio to Cloud dominant world through Zscaler. Whether others follow suit or continue to employ band aid approaches such as redirecting traffic through their data centers to Cloud and leverage traditional modes of security remains to be seen.
- Other approaches – tunneling and cloud firewalls – while not as robust as Cloud Solutions may be good enough for enterprises
- Competition is another risk. Zscaler will have to compete hard against Symantec and Cisco
Long term:
Some new company and new technology could make Zscaler irrelevant in the next business cycle akin to the effect of internet, and cloud on once dominant companies