Zscaler, Inc. (ZS) CEO Jay Chaudhry Presents at JMP Securities Technology Conference (Transcript)
Zscaler, Inc. (NASDAQ:ZS) JMP Securities Technology Conference March 7, 2022 5:30 PM ET
Company Participants
Jay Chaudhry - CEO, Chairman and Founder
Remo Canessa - CFO
Conference Call Participants
Trevor Walsh - JMP
Trevor Walsh
Great. Okay. We can get started. Welcome back everyone. Again, I'm Trevor Walsh Cyber Security Analyst here at JMP. And happy to have Zscaler with us today, virtually. We’ve got --we're joined by Remo Canessa, the Chief Financial Officer of the Company. How are you, Remo?
Remo Canessa
Good. Trevor, how are you?
Trevor Walsh
Good. Can you hear us okay?
Remo Canessa
Yes, perfectly. Thank you.
Trevor Walsh
Terrific. I'll start just to kick us off with just simple how's business going.
Remo Canessa
Trevor, Jay’s here also.
Trevor Walsh
Okay, terrific. Okay. So, you're the only one I see on my screen. So, let me introduce the CEO, Chairman and Founder of Zscaler as well, Jay Chaudhry, on the line. So, we'll both -- we'll probably be alternating back in terms of the screen. So, good to have you both. Hi, Jay.
Jay Chaudhry
Hello. Thank you.
Question-and-Answer Session
Q - Trevor Walsh
Great. So, I'll frame it. I'll start with you, Jay. Just, how's business?
Jay Chaudhry
Very good, very excited of opportunity ahead of us.
Trevor Walsh
Great, terrific. Can you -- there's obviously a lot of buzz, some might call it noise, in the market around Zero Trust. Can you just explain for our audience where Zscaler fits into that trend and how you all differentiate yourselves with some of the other players?
Jay Chaudhry
I think it's wonderful to see that market is realizing that castle and moat security is no longer going to work. We need Zero Trust, which is the opposite of network security. And last year, when we saw attacks like SolarWinds and like, the market -- the customer realized that they need to change. Unfortunately, as legacy companies realize that it's going to disrupt them, they're trying to confuse the market, and they all try to claim Zero Trust. In fact, I saw a recent event where a company said we are the best Zero Trust network security. So come on, either you’re Zero Trust or you’re network security, you can’t be both. It's like trying to build Zero Trust with firewalls, it just doesn't work.
Let me use one slide to set the stage of what Zero Trust is supposed to be and what it's not supposed to be. I'm going to use this one slide. Let's me share it because then it will be much easier. Can you see it?
Trevor Walsh
If you can zoom in a little bit, it would probably -- there you go. Now, I think -- that's better. Yes.
Jay Chaudhry
So, in the Zero Trust world, what you see on the top, applications are viewed as destinations, like they’re island, a data center, your cloud, your Office 360 and the like. And applications are not on the same network that users are. Users shown below are all on trusted. They're never on your network. There's no network between the user and the application, which is done the old way, a firewall VPN puts you on the network.
So, how do users connect to applications? Well, they go through an exchange, which is like a switchboard, almost like a phone thing. Somebody calls, I need to talk to Joe. Hold on, who are you? Verify yourself. In the same way, our exchange does two things. First, it makes the policy decision. Should I connect you? And two, it does policy enforcement. It actually makes the connection.
So if a user needs to, say, access an application. First, we say, "Stop, who are you?" We verify identity, working with identity vendors like Microsoft, Okta and Ping. So, identity plays a very important role for Zero Trust.
Two, we check the device profile in question. Is the device compromised? Should I allow this person to go from a BYOD to my critical application? So, you can do policy based on the type of device. So, device plays a big role. We've got partners like CrowdStrike and Microsoft there.
Three, we say where are you going? We don't let you get on the network. We connect you to only particular applications. It's like walking someone to a meeting room and walking them out right and letting them wander around in a building.
And then, we check the content. Are you carrying dangerous stuff with you? It could be phishing attacks, where is your bad files, we inspect all of them. Then we also check a risk score, based on many factors, then we connect. So, this is what's happening in the middle is what Zero Trust policy engine does.
On the internal application shown on the light side, you go through some of the same steps. The last step is different, whereby using this connector technology, it's a lightweight software, we open an inside out connection. So, there's no outside connection allowed. That means your applications are not open to the Internet. They can't be discovered, they can't be hacked or they cannot be DDoS-ed. So hence, we eliminate attack surface fundamental to really do better security.
And then, since we don't connect to the network, only to applications, no lateral movement. And if there's no lateral movement, they can't wander around and find high-value targets. These two things are opposite of firewalls and VPN. So Zero Trust, don't trust anyone. Verify, connect to the right party and right thing. That's what some 6,000 customers, over 35% of Fortune 500 companies do with Zscaler. Our goal is to make sure we keep on educating the market, so they're not confused and they're not trying to build Zero Trust with high spending, be it firewalls and VPNs and like that.
I hope this helps. Long answer, but it needed some description.
Trevor Walsh
That was great. No, we appreciate the overview. I'd like to touch on maybe some of the bottom portion of that buildup that you just walked us through around the ecosystem with identity players and endpoint players like CrowdStrike. Do you find that -- I know you have partnerships kind of in and amongst both of those identity and endpoint. Does this go-to-market change, I guess, between those -- as you mix the different players within those spaces, whether it's SentinelOne or CrowdStrike or Okta versus another identity player?
Jay Chaudhry
Yes. So, our goal overall is to provide what customers want, and customers want integration. So, we make APIs available to integrate the leading endpoint vendors or leading identity vendors. But practically speaking, there are leaders in each space. Our customers want to work for leaders. So, in the endpoint area, CrowdStrike is a great partner. Microsoft and CrowdStrike are often is what our customers ask for. Identity, Okta is a leader out there. Microsoft has done a good job.
So, we work with scores of vendors, but for go-to market, we work with some of the vendors that are leaders in this space. For example, CrowdStrike and Zscaler, our sales teams, work in a field together. In many cases, they help our sales team, we help their sales team. It becomes a very good mutually beneficial relationship.
Trevor Walsh
Great. Terrific. Let's talk a little bit about the Security Service Edge, the new Magic Quadrant from Gartner. Congrats, first, on just getting into the leaders quadrant upper right on that one.
Jay Chaudhry
Thank you.
Trevor Walsh
What -- how important do you think it is to break out the security component of the SASE model in that way? And why is that important? Why is that relevant?
Jay Chaudhry
Oh, it was needed. You know the way the SASE evolved. Three, four years ago, when Gartner started talking to lots of customers before they came at SASE, they found the Zscaler cloud security. Security at the edge in the cloud was the common becoming common. And they found that SD-WAN was getting deployed to connect traffic from the edge to Zscaler cloud directly without going back to data center. So, they coined SASE, secure access, get connectivity and do security. And they realized that it's a broad framework, it's not exact thing that they can even do a magic quadrant around. When I was talking to them, would you do MQ on SASE? They said, no, it's too amorphous. It is right thing for them to say network is wireless and edge MQ, security SSE comes together.
The biggest thing Gartner did, and I give them lots of credit, they brought all these point products into it. It built on secure web gateway. Secure web gateway already had all the malware, it had DLP, it had sandboxing. All these things, they've brought CASB into it, out of band CASB. Inline CASB are already part of secure web gateway. They added Zero Trust access products. So, it became a nice MQ. So, we are proud to be in it for the 11th year in a row.
I think, the most important part here is that if you really understand Zero Trust, you decouple applications from network access, network is simply the transport. If you decouple the two, why should you combine the two and say you must get it from the same vendor. It makes no sense. It's simply plumbing.
So, wireless -- says, "Give me the connection, no matter how." And SSE says, "I will enforce policy sitting in line." And the two complement each other. That's why Zscaler positioning is I'll work with anyone who provides connectivity and go from there. We have never tried to be an SD-WAN vendor.
Trevor Walsh
But I would also ask or maybe -- so Zero Trust and security obviously kind of bread and butter, but you also, I think, are starting to play or are definitely still have operational use cases around what you're doing, whether it's with ZDX. So, can you talk a little bit about how you're branching into more kind of operational type of concerns maybe outside of just bread-and-butter security type use cases?
Jay Chaudhry
Of course. The way I think about and the way I've always thought from day one, I didn't want Zscaler to be restricted to security. And when it came to name Zscaler, some people said, call it security, cloud, this and that. I said, every company will have a word cloud in the name, every company security, I don't want to use either cloud or security in the name. And I don't want to restrict us to security. So, we will do whatever can be done by sitting in line. When you're sitting in line like a switchboard, like an international airport, you should do everything.
For example, very early on, we added something called bandwidth quality or service. Nothing to do with security. Since we're sitting in line, I could throttle YouTube and give better performance to Office 365. Nothing to do with security, but very good for networking.
Then we built Zscaler digital experience because we're sitting in the middle. We see the application side, we see the user side of it. And our lightweight agent is collecting telemetry to tell us what's going on where. It became an amazingly useful service because all our performance products are built around the given network between a branch office and the data center. We said location doesn't matter. It's about user and application. User could be anywhere. Application could be in the data center, it could be in the cloud or wherever, it could be SaaS. So ZDX is an amazing product. It's the fastest-growing service for us. We were very happy when ZPA grew fast. ZDX is actually growing faster than ZPA. So, it's wonderful. We are very pleased with the performance of it.
Trevor Walsh
Terrific. Thank you. That's a great perspective. I think I'll -- since we have Remo on the line, too, why don't I transfer over to some questions about the numbers, and we'll talk to him as well.
Remo, there's been a lot of maybe change in investor sentiment recently around profitability versus growth. And I know you've talked a lot about that just in terms of Zscaler and ultimate kind of plans there in terms of the path forward. Can you tell us a little bit about -- or just maybe to reiterate your perspective on that as you go forward and provide guidance and just the plan for '22 and beyond?
Remo Canessa
Yes. I mean, the key thing is that thinking about what the market opportunity that we have. We recently went over $1 billion of ARR. And what we're going to do, our goal internally now is to get to $5 billion ARR.
So, we talked about -- with our investors is that if we're going over 30% in revenue, you can expect less than 300 basis-point operating margin expansion. So, our focus is to invest in growing the top line. The value that is given to our shareholders by growing that top line is huge. What happens is that because our contribution margin is 60% in years two and three, we have -- getting to our operating profitability target is not really difficult to do. All -- once your business, your new ACV starts slowing down and as your renewals go up, what you pay for renewals is a lot less, and you're not spending as much on marketing. You get to your operating profitability target. So, I'm not concerned related to getting to our operating profitability target. Again, when you have a SaaS model with 80% gross margins, with the type of revenue growth that we have.
One thing also is that if you look at our free cash flow margin, in the first half, it was over 20% free cash flow margin on revenue. In last year, our free cash flow margin also was over 20%. So, we're in a cash -- significant cash generation type model and huge market opportunity with what we feel is the right product at the right time. We're going to continue to invest.
Now, having said that, we understand the trade wins and things like that related to operating profitability. But I would say still think of Zscaler as investing in growth, but we'll be mindful of operating profitability and long term getting the operating profitability target in a SaaS model that our type of model is not difficult to do.
Jay Chaudhry
Remo, we have talked about a few times, Rule of 70, what we look at. Over the past four quarters, it has been more than Rule of 70. Lots of companies try to get to Rule of 40. So Rule of 70 takes into account the growth and profitability bullets.
Remo Canessa
Yes. That's right. I mean we're in rarefied air, quite frankly, related to how business is running. And like I mentioned before, in a SaaS model with 80% gross margins, with the contribution margin about 60% years two or three, it's not difficult getting to those types of -- getting to our target margins of 20%, 22%.
Trevor Walsh
Sure. Great. Can you -- let's talk a little bit about the kind of the land motion. Can you give us a sense of when you land, roughly how much of account ACV is left over kind of in that upsell opportunity? And do you anticipate that changing kind of as we -- on the go forward? Will that get larger or smaller?
Remo Canessa
Do you want to start, Jay? Please go ahead.
Jay Chaudhry
All right. I think, we shared with our investors last time at investor meeting that our customers, we could go to 6x if we could sell all of our products to our current customer base. And by the way, we added a lot more products since then. Now, having said that, I would say that more and more customers are buying bigger and bigger platform.
We talked about several deals during our last earnings call, where customers bought ZIA, ZPA, ZDX and cloud protection as well. Now, cloud production is still young and just coming, very young market. But ZIA, ZPA is becoming very, very common. And ZIA, ZPA and ZDX is becoming common as well. And in ZIA, the transformation bundle, which is a big bundle is becoming very common. So more and more customers want consolidation of an integrated platform. And that does cost reduction. That reduces complexity. That's why our customers buy us.
This one CIO talked to me a few months ago, he said, platform is becoming a buzzword. Every vendor comes to my door and says, "I got a platform." Then he said, then what we find that there's one dashboard and underneath everything is effort. [Ph] They bought a bunch of companies that are talking about platform, but there's no integration. Well, integration is not easy. It takes time and effort, and most companies try to skip it because they're under pressure to go to market. Not a good idea.
We take pride in having built an extensible platform, and we do only those acquisitions that can be integrated properly in the platform. So very proud of that fact.
Remo Canessa
And the 6x opportunity’s just for ZIA and ZPA, it doesn't include ZDX or ZCP. So that's incremental to that 6x.
Trevor Walsh
Perfect. Great. Just to stay on time here, because we have a good audience that you probably can't see from your end, but I want to make -- I want to open it up for questions. So please, any questions that I can relay for Jay and Remo?
Okay. So, I'll relay that one. So the question was what internal milestones are you tracking or looking at as you pace from the $1 billion in ARR to the $5 billion market?
Remo Canessa
The milestones that I'm looking at is basically the top line growth, how are we growing sales productivity, also how are we doing from a sales productivity perspective, building sales capacity, and also looking at how the individual products are doing. I mean, we've got projections for all our emerging products, and we track that. So staying on top of that.
Also, milestones, looking at our headcount adds overall in the Company. We added 1,000 [ph] employees in the first two quarters, sort of about 4,000 employees. That's the key thing that I'm looking at.
Also, I guess, one other thing. There's a lot of things I look at. Gross margins. The gross margins, we said we're going to be between 78% and 82%. Our emerging products carried lower gross margins because we're getting to the market sooner. We're not trying to optimize on the gross margins. So, we track that also on a monthly, quarterly basis. And if we see any kind of pressure on gross margins, we can put more emphasis on gross margin optimization, software optimization. Those are the things I look at primarily. Jay?
Jay Chaudhry
And if I may add one more, especially important one. Now, we're also focused on market segments in addition to geos. First, we want to make sure we can cover geos from U.S. to Europe and APJ pretty well. And now we have always done well on the major, very large accounts and large enterprises. Now, the next two segments that we are putting more focus on as we are going down market, one is enterprise segment and the second is commercial. So, those are big growth opportunities for us. So, we got targets for each of those areas. And we optimize our resource and investment differently based on those segments.
Trevor Walsh
Great. Well, we're out of time from our end, but we thank you both so much for being with you -- or being with us, and look forward to hopefully in person next year.
Remo Canessa
Looking forward to it. Thank you.
Jay Chaudhry
Thank you so much. Thank you. Bye, bye.
Trevor Walsh
Thank you. Bye.
Gloss