The case to buy Zscaler shares now
Has the long awaited consolidation trade finally arrived? Tuesday, March 5th, was not a pleasant day on which to hold high growth IT stocks. Apple Inc.’s report (AAPL) of a 24% decline in its iPhone sales in China in the first 6 weeks of this year has taken much of the blame for that day’s tech market pullback. Algorithmic trading which dominates markets on a day-to-day basis, has taken Apple’s disappointment and sold the so-called Magnificent 7 aggressively. And in turn, this has led to high growth IT shares being significantly pressured with various portfolios in that space down by more than 4%. But somehow the market found its footing, mainly on the back of the strength of shares in the AI sector such as NVIDIA Corporation (NVDA) and Super Micro Computer, Inc. (SMCI).
This is an article recommending the purchase of Zscaler, Inc. (NASDAQ:ZS) shares at this price and at this time. But many things in the short term have and will impact the performance of the shares. The shares are highly correlated in the short term with the performance of the tech space, and with the performance of other cybersecurity companies. And perceptions of the macro environment are often a significant factor in the performance of the shares. Inevitably, expectations regarding interest rates and inflation are contributing factors in the valuation of this company and other high-tech businesses. But in the long term, of course, the specific relative operational performance of this company with regard to revenue growth and profitability will determine its valuation.
This is not a market commentary or market strategy post. There have been some high growth IT shares that are associated with AI which have seen a noticeable level of speculation recently. And most companies are just now starting to see growth acceleration based on AI-induced demand. For most software companies, the AI inflection is still months off. This has been a very mixed quarter for tech earnings with some noticeable casualties amongst companies who were recently considered to be stalwarts of consistent growth and rising profitability.
In fact, as I will explore later in this article, Zscaler’s TAM is being augmented by having more data and applications to protect as AI applications are deployed. Its Zero Trust Exchange is a policy engine designed to ensure data safety when using generative AI sites. And it actually has its own AI applications such as Breach Predictor, The company has a number of significant new products including its first solution at the branch level; many of these newer products will likely have some moderate positive impact on growth.
Zscaler shares, if not Zscaler’s business, have been impacted by the perception of slowing percentage revenue growth and potential margin pressures. Zscaler shares are down by about 18% since the company reported earnings. Like many casualties in the IT growth space, the specific reason for Zscaler’s fall from grace has been its guidance. I will review the specifics below, but the increase in billings guidance, and its cadence were thought by some to be disappointing. And one analyst expressed concern in his review of the quarterly results about the fact that Zscaler does larger deals that are inherently less easy to forecast.
Zscaler competes against Palo Alto Networks, Inc. (PANW) and has been a consistent share gainer vis-à-vis Palo Alto for many years. Readers will recollect that Palo Alto, in an apparent attempt to staunch a growth slowdown, took a step to offer some users in some situations an opportunity to acquire a Palo Alto platform offering with front-end payments abated. This has led to investor concerns about competition and the pricing environment in the space and that coupled with misunderstood guidance had brought ZS shares to around $200. I listened to and read the Zscaler earnings call transcript and then its subsequent investor presentation at Morgan Stanley to attempt to find whether or not the business environment has changed or if the company’s market position was at risk, or if some other factor was likely to cause results to deteriorate. Objectively, my read is that nothing has changed but the stock price, other than the introduction of a few catchphrases such as platformization and buyer fatigue. Zscaler has a strong platformization story and its buyers are not fatigued, or if they are, it isn’t influencing them in terms of their Zscaler solution acquisitions. I am going to quote liberally from the two transcripts indicated – basically, I think it is far better for the readers to see the specific comments of the CEO rather than for me to serve as a filter.
The case to buy Zscaler shares is fairly straightforward. I believe that the company’s earnings presentation and guidance were misread. I believe that Zscaler has been and remains a significant share gainer vis-à-vis legacy competitors in the zero trust/SASE space. I do not think demand growth for SASE is slowing – I think it is accelerating. I think that Zscaler is effectively pushing into adjacencies that will further enhance growth.
The company has been steadily achieving growth in operating and free cash flow margins and I expect that to continue. While the shares are notionally expensive, they are far less so now, given the growth of the company and the share price decline.
I am going to discuss the issue of buyer fatigue below. But overall, breaches, particularly in the US, are apparently spiking. Microsoft Corporation’s (MSFT) breach by Midnight Blizzard is making headlines, but there are thousands of less publicized incidents that are costing enterprises of all kinds hundreds of billions or perhaps trillions of dollars if the McKinsey analysis linked later in this article is to be believed. The recent SEC mandate obliging companies to report material cybersecurity incidents will be a further spur to demand for protection software. Companies are being held for ransom on a continuous basis. Threat actors are becoming bolder and more sophisticated. My own anecdotal checks suggest that if anything, there is more buyer focus on cybersecurity, simply because many enterprises are losing the battle – and have found it to be exceptionally costly. No one wants to spend money on security; and yet it is a higher priority now than ever, and it is hard to imagine when that changes.
Until a few weeks ago there had been a persistent positive trade in the space with almost all companies making new highs. The Palo Alto earnings, and then the Zscaler earnings have upended the perception of never ending positive business results. However, the demand for cybersecurity solutions continues to grow at exceptional rates. According to the study linked here, the market size is estimated to be about $182 billion. The McKinsey report linked here suggests that breaches are costing trillions of dollars and are rapidly growing.
Much of this spend is related to personnel costs and professional services. The market for software is growing faster than overall cybersecurity spending because automation is a key focus of many enterprises attempting to mitigate this significant problem. To the extent possible, users are trying to substitute software for personnel to improve efficiency and mitigate costs while improving results.
I believe there are some myths about Zscaler that need debunking. The market in which Zscaler competes is seeing, at the least, strong revenue growth that is showing no signs of slowing. Market demand continues to rise, and buyers are responding to real business threats by ramping up cybersecurity expenditures. This is not consistent with so-called buyer fatigue. Zscaler is simply not losing share in this market, either to legacy vendors or to best-of-breed/point products.
Zscaler is not facing a price war in its market. Palo Alto’s new bundling plan is an attempt to give away solutions that might be considered obsolescent. These are solutions with which Zscaler does not compete. Palo Alto is using bundling, which it calls platformization, to attempt to lock in users and garner the spend of those users on upgrades. I am not going to forecast how its initiatives play out, or at what level – but I very much doubt that these initiatives will have a palpable impact on ZS sales activity.
While there are some complexities, Zscaler has more than enough product differentiation not to be particularly exposed to price wars. Simply put, no one confronting a life-threatening potential is going to let price be a determinant in the kind of prophylactic treatment they seek; they want to ensure their continued health. That is really the analogy to consider in the cybersecurity space.
Zscaler’s dependence on large deals, while increasingly the case, is not particularly risky. It has been said that Zscaler has had a sales management turnover. The fact is that the company appointed a new sales leader, Mike Rich, who had been President of the Americas at ServiceNow, Inc. (NOW) for a dozen years. The company, at its size, simply has to emphasize larger enterprise sales in order to maintain its growth; Rich has the background and experience to do just that.
The seasonality of Zscaler’s billings is neither new nor alarming or increasing. Billings are a particularly difficult metric to forecast, and many companies nowadays focus on investors on their growth of ARR, growth of net new ARR, or growth of ACV. Basing an analysis on billings’ growth is likely to lead to inaccurate conclusions.
I don’t know why Zscaler doesn’t focus on ARR growth; it is obvious that they run their company based on ARR statistics. I think, overall, it is a negative in the valuation of ZS. But I am not likely to have the least effect on how ZS reports and I will simply accept that the company’s reporting is not all that I might wish.
While Zscaler shares are not cheap, particularly when considering EV/S which is around 11X when looking at the combination of EV/S and free cashflow margins, the shares are no longer trading at some outrageous valuation.
I believe that Zscaler has many years of hyper-growth ahead of it and that is now linked with significant growth in margins – free cash flow margins being our preferred metric.
What did Zscaler report? Picking out the wheat from the chaff
The reality is that Zscaler reported a decent beat and also raised guidance. Here are some specifics:
Prior Expectations Actual
Revenue: $507mil. $525 mil. Non-GAAP margin: 17% 20%.
Free cash flow-(year-to-date margin) NMF 33.5%.
EPS $0.58 $0.76.
Calculated billings 26% 27%.
(full year projected growth).
The company does not specifically forecast quarterly calculated billings. During the conference call, it indicated that billings last quarter were above expectations. It increased its forecast for full year calculated billings by 1%-2%.
It also increased its revenue forecast by a bit more than $30 million at the midpoint and increased its full year EPS forecast from $2.48 to $2.77. This is conservative guidance which is fairly typical of ZS; for the most part, companies are guiding very conservatively at this time citing stabilizing macro trends but internal uncertainty. It would be hard to cite poor guidance as an objective cause for the share price implosion.
Like most large high growth IT vendors, Zscaler has a lengthy track record of offering conservative guidance. At the start of the current fiscal year (ends 7/31/24) Zscaler had been forecasting revenue of around $2.06 billion. It is now forecasting revenues of $2.12 billion after 2 quarters of results. Its history is that it has beaten most quarterly revenue estimates by 2-3% and most start of the year revenue forecasts by 5%-7%.
The following comments by the CFO might emphasize that point.
If you take a look at our guide for the year, it is slightly up, we’re being prudent. The key thing, I think, is for our investors to recognize and what Jay said, this is a large market opportunity. It’s a huge market opportunity. And when it’s a huge market opportunity, when you look at companies giving away things for free, especially in security, that’s one area that basically I wouldn’t shortchange. So what we’re seeing with the market opportunity, our engagement with our customers, with Mike Rich on board, we feel good about our guidance going forward.
The company continues to focus investors on billings as a forward-looking metric. From my perspective, billings tend to be very difficult to forecast and not really indicative of the success of a sales motion. The billings metric is composed of actual reported revenue in a quarter coupled with the change in deferred revenue. Deferred revenue is not a metric that can be accurately forecasted because it requires insight into the percentage of orders that will be prepaid and the duration of those contracts. Since there is no real incentive provided to either sales people or users for prepayments, there is very little control that companies have when in terms of forecasting prepayments. In addition, contract duration is a key component of billings, and again, it is not something that is readily controllable by vendors.
A better, although not perfect metric is RPO balance. This metric reflects the change in committed backlog regardless of prepayment status. The RPO balance is committed backlog and the change in RPO balance reflects in period sales activity. In the case of Zscaler, the RPO balance showed growth of 29% for the quarter, some positive divergence from calculated billings. The best metrics to use in analyzing growth -and which apparently the company uses internally are ARR growth and ACV growth. The company has now surpassed $2 billion in ARR. Unfortunately, the company does not consistently disclose specifics about ARR growth by quarter. It is a drawback in terms of analysis, to be sure, but ultimately Zscaler continues to grow at hyper rates, with billings moving up and down in differing quarters as users elect to prepay or not without any particular impact on the business outlook.
The following quotes from the CEO neatly summarize the demand and competitive environment, at least from his point of view.
Before getting to the details of our fiscal Q2, let me share a few observations on the business environment. Based on my conversations with hundreds of CIOs and CISOs, I expect demand for Zero-Trust security to remain robust in 2024 and expect customer budgets for Zero-Trust to be up this year, particularly in light of the recent surge in the number of high-profile breaches.
Spinning up firewalls and VPNs in the cloud and calling it a sassy solution doesn’t solve cybersecurity challenges. While customers want to consolidate point products, they’re looking for a fully integrated platform that delivers zero-trust architecture. Cyber is so mission critical that customers will invest in industry-leading solutions rather than rely on cheaper or less effective products that are included as part of their ELAs. They want best-of-breed platforms with the best functionality that integrate with other platforms, thus eliminating dozens of point products. Zscaler’s Zero Trust platform is an integrated and purpose-built solution that delivers comprehensive security and provides a compelling user experience while reducing costs. Strong customer interest in our platform drove a record first-half total bookings with nearly half of net new bookings coming from new logo customers.
We added a record number of new logos for our Q2. This demonstrates the momentum in our business and we’re increasing our outlook for revenue and billings for fiscal 2024. We are operating in a strong demand environment for zero-trust architecture. To capture this demand and scale our business to $5 billion ARR and beyond, we appointed Mike Rich as our Chief Revenue Officer last quarter. Mike joined us from ServiceNow where he established a scalable go-to-market engine to drive deeper engagements with large enterprises.
Zscaler’s AI Position and Strategy
According to many comments both in the press but also through anecdotal sources, there is no serious conversation about the acquisition of new IT solutions that doesn’t start and end with a discussion as to how a solution is related to AI. I imagine there is a fair share of readers who are tired of reading about AI. Then, again, I imagine there were investors in the 1830s who were tired of reading about railways, and investors in the pre-WWI era who were tired of hearing about automobiles. I know I had some fatigue reading about the internet and how it was changing civilization. When it comes to Generative AI, the fact is that it is still in spring training for most companies.
Zscaler has products that are based on AI. These include Risk360, Business Insights and Breach Predictor. Breach Predictor is the realization of a long-desired capability. The company introduced the linked set of tools designed to maintain security of typical generative AI deployments.
There are many companies who have tried to use their technology, with various levels of success, to identify threat surfaces of their customers and where these threat surfaces create vulnerabilities that exist in an organization. Breach Predictor, whose formal title is Security Autopilot apparently has achieved that level of capability. Here is a link to some specifics of the offering.
That said, I think the following discussion best suggests the impact that Generative AI is having on the cyber environment. This is an extract from a discussion by the Zscaler CEO on what is actually happening in the space:
1. Generative AI will increase ransomware attacks:
The utilization of GenAI technologies will expedite the identification of vulnerable targets, enabling cybercriminals to launch ransomware attacks with greater ease and sophistication.
- Before, when launching a cyberattack, hackers had to spend time to identify an organization’s attack surface and potential vulnerabilities that can be exploited in internet-facing applications and services. However, with the advent of LLMs, the landscape has dramatically shifted. Now, a hacker can simply ask a straightforward question like, “Show me vulnerabilities for all firewalls for [a given organization] in a table format.” And the next command could be, “Build me exploit code for this firewall,” and the task at hand becomes significantly easier.
- GenAI can also help identify vulnerabilities among your supply chain partners and optimal paths that are connected to your network. It’s important to recognize that even if you strengthen your own estate, vulnerabilities may still exist through other entry points, potentially making them the easiest targets for attacks.
- The combination of social engineering exploits and GenAI technology will result in a surge of cyber breaches, characterized by enhanced quality, diversity, and quantity. This will create a feedback loop that facilitates iterative improvements, making these breaches even more sophisticated and challenging to mitigate.
Defense Strategy: Using the Zscaler Zero Trust Exchange, customers can make their applications invisible to potential attackers, reducing the attack surface. If you can’t be reached, you can’t be breached.
2. AI will be used to fight AI:
We will be witnessing a promising development where AI is being harnessed by security providers to combat the ever-evolving nature of AI-driven attacks.
It has been fairly common to bemoan both Zscaler’s valuation, but also its valuation in the wake of falling growth rates. The falling growth rates have been real, but the conclusion that this is a permanent condition is one with which I totally disagree. I simply think it is impossible to either overestimate the impact of generative AI on essentially all phases of the IT business or to quantify that impact with any precision at this stage of the evolution. I try to present a balanced picture, but I imagine that my bias shows through.
That said, when looking at CAGRs for this company specifically the factors of Generative AI leading to a heightened threat environment coupled with the use of AI to fight AI suggest to me that ZS is likely to see a significant growth inflection in the not distant future. Zscaler seems a much less highly valued investment when considering the opportunities laid out by the linked article.
The entire article, which I have linked here is well worth the few minutes read for investors looking for a discussion of the market opportunities being created by Generative AI for cyber vendors, and for ZS in particular. While the impact of Generative AI is not yet a significant factor for ZS in terms of its revenue generation, it is, at the least, on the midterm horizon.
Price wars don’t work when alternatives aren’t really fungible
I believe a misconception that has apparently arisen amongst some investors, some analysts, and maybe even some SA contributors is that there is a price war in the cybersecurity space. The genesis of this belief probably stems most to the unfortunate commentary of the CEO of Palo Alto to the effect that he has seen some “buyer fatigue.” Here is what he said, from the recent conference call transcript.
The demand story is no different from prior quarters and on the margin, continues to get stronger. There are multiple drivers fueling this. The threat landscape continues to challenge our customers with the increasing scale and sophistication of attacks.
We’re beginning to see rogue behavior by some vendors in the space who are keen to retain their customers, primarily in the legacy vendor space and the start-up space. We intend to combat that by investing in this space and trying to accelerate platformization and consolidation for our customers.
We see the results of these disclosure mandates recognizing the need for expedited action in security, visibility, and remediation in [indiscernible]. The part that is new, despite the many demand drivers we’re seeing, we’re beginning to notice customers are facing spending fatigue in cybersecurity.
This is new, as adding incremental point products is not necessarily driving a better security outcome for them. This is driving a greater focus on ROI and total cost of ownership amongst most customers.
I certainly don’t have the resources to track down how buyers actually feel about their cyber spend. This was obviously the subject of significant dialogue during the ZS call and this is the comment from the CEO.
We really do not see any cyber spending fatigue among our customers. In fact, many of the CIOs that told me that cyber is a priority for spend. But they do have ELA fatigue because a lot of stuff has been becoming shelf wear and it’s being scrutinized. Regarding free stuff, many vendors have been trying to give it away for a while and we have been successfully winning against this strategy for a long time. I mean look at our retention rate. It used to be been 90s at IPO now, now it’s high 90s and fundamentally cyber is so mission-critical that customers will invest in the industry’s leading solution rather than rely on cheaper and less effective products that are included as a part of an ELA bundle.
Often CEOs, and particularly those CEOs such as the Zscaler CEO, Jay Chaudhry who was a founder of the business, are unable to acknowledge any specific shortcomings of their companies in my opinion. So, I tend to take their comments about competition with a grain or a pinch or a sprinkle of salt. In this case, however, the preponderance of the evidence suggests that Mr. Chaudhry is simply relating the facts he has garnered through numerous customer contacts over the last 90 days.
I have owned shares of ZS for a very long time now – basically since the company launched its IPO 6 years ago when the price was $30. I have actually written 5 articles about the company for SA, the latest about a year ago. I recognize the dangers of confirmation bias. But sometimes preconceptions can be confirmed, and based on anecdotal checks as well as management commentary and 3rd party analysis, Zscaler is still the leading vendor in the SASE space, broadly defined.
In looking at that year earlier article, some of the concerns that analysts and investors had then, particularly concerns about legacy competitors, are precisely the current concerns. And concerns about billings also were a feature of the bear case at that time. This is what the CEO was saying then:
In terms of competitive positioning, we haven’t really seen any change. In fact, I would say that on the higher end of the market, we actually feel like we are stronger than ever before because we have established that. We actually have the right architecture, right solution with thousands of customers well deployed and very happy customers.
In fact, the other thing we are beginning to see is that some of the solutions that are sold by firewall vendors and SASE solutions, and when customers can deploy them, they’re falling apart. I have been asked many times in the past two years, hey, are you replacing some of our firewall-based solutions? Answer I used to give is, I haven’t seen very many out there, now beginning to see some of them. The large retailer I mentioned on my call with 20,000 stores tried for over 18 months to deploy a firewall-based SASE solution, so to speak and eventually gave up, and we are really taking care of it.
And this is what he is currently saying:
Tal Liani
Hi, guys. I have a small question and a big question. The small one is about billing. You guide it down 7% sequentially and then guide it up 53% if I take the implied 4Q, which is the highest growth in billing. You had the same problem last year. What’s the meaning of it? What’s the meaning of billing being weak and then billing being so strong in the fourth quarter? What needs to happen for it to materialize? So that’s a small one.
The bigger one, Jay, maybe you wanted me to take it one at a time or you wanted me just to ask both?
Jay Chaudhry
No, go ahead.
Tal Liani
Jay, the second one is a bigger question. SASE used to be a very secure, a very safe market for you because there were only two players and maybe two and a half players. And now we’re seeing tons of competition coming in. And competition is coming at very low pricing. And Fortinet is talking about one-third of your price. The newcomers are coming either through bundling, which enables them to reduce price, or as an add-on to a firewall, which again enables them to bundle and reduce price. And if I ask the question in a provocative way, I’ll ask it, what prevents this market from turning into what happened to FireEye, and what happened to Sandboxing that when competition started, pricing collapsed in the market?
Jay Chaudhry
So, Remo start with you.
Remo Canessa
So, the things that we’ve got going on in the third order, first of all, this is our normal range, a much of decline over the last five years from Q2 to Q3. I talked about on a prior question the go-to-market changes that we’ve made. That certainly plays into things. Related to the back half in the fourth quarter with the implied increase basically in billing, it’s related to pipeline close rates and the forecast that our team has come up with. Again, from our perspective, we feel it’s prudent guidance. We feel good about it, and we feel that we are in a great position to go forward with the team that we have and will build in our sales organization.
Jay Chaudhry
Okay, regarding your bigger question, that’s SASE, the market and the competition. Let me put it this way. They are point products and the platforms. You absorb point products into platforms. And then there are products that are mission critical, the products that are not mission critical. FireEye, Sandbox was a feature from day one, it’s not a much barrier to entry. Everyone could build it and add it into the main platform. CASB was a point product all along, became that way. Cloud Security Boston Management, a point product gets bundled with something. And then there’s something called platform. For example, the code of our platform, Zero-Trust Architecture proxy based, sitting in line, inspecting traffic, and you add things to it. So it’s almost like ERP. You see lots of product going out in many areas. Customers don’t remove and put in an ERP for vendor A or vendor B because somebody feels like I need to enter the ERP space. I think SASE market is almost like that. This is so mission critical. All traffic goes through us. In fact, a CIO told me, Jay, Zscaler is more mission critical than Microsoft Office 365 because you must work all the time. So with that in mind, our customers may look at this thing. Price is a secondary factor. Reliability, availability, and effectiveness of doing cyber protection is an important factor. My customers also tell me that they have so many firewalls, so many VPNs, and the threats are growing so the credibility of firewall vendors overall is less.
Maybe I can use another analogy. You want to buy a pacemaker; you don’t try to cut corner and buy one at sale. You want to buy something else, yes, you may be able to do so. Yes, competition is coming. We see that, but I can tell you some of the new firewall vendors that announced the SASE act entrance, I haven’t come across them in the recent months as I’ve seen out there. I think the platform keeps on growing. We started with outbound traffic, now inbound traffic. The platform must have the most comprehensive data protection. None of these firewall vendors can do a lot of data protection. Data protection starts with the proper SASE architecture. Then we moved on to expand to workloads, to IoT/OT, and on to B2B. And the pace of innovation is kept on going. I’m very comfortable with our platform story. We need to keep on focusing on go-to-market to keep on going faster and faster. I hope that helps.
At least the analyst who asked the question was convinced by this answer and maintained his buy rating and a $265 price target.
I think there is a misapprehension on the part of some as to the degree of fungibility in this space. I am not the person to claim to have the knowledge/education to evaluate different cybersecurity solutions. There are such people; it is a highly complex field and that complexity continues to grow.
I have linked here to some Gartner research on Zscaler and its competitors. The company has been a leader in Gartner’s Magic Quadrant for some years now. Gartner reviewers actually consider Cisco Systems, Inc. (CSCO) to be the leading alternative to ZS. I have also linked to the Forrester Wave analysis which shows Zscaler alone in a leader position. It is somewhat unusual for these kinds of analyses to show just a single leader. I don’t want to put more weight on these reports than is warranted. But there really are differences in the efficacy of solutions, and the consequences of a breach are perhaps more extreme than almost any other kind of a disaster.
There is a vast difference between the price of a SASE solution and how much it might actually cost to own it. Zscaler has a set of very effective tools that it has developed over the years that highlight the differences in what a particular zero-trust solution actually costs when it is deployed.
The concept of Platformization
Until a few weeks ago, platformization was not a real word, now it will probably enter the dictionary. Software vendors all want users to adopt their platform. The statistics suggest that platform customers spend several times more than customers who just buy a single solution. But not all platforms are created equal and not all platforms provide equal value for customers.
Palo Alto has some growth issues. For some time, those issues were covered over by the unexpected growth in the company’s hardware business. That has come to an end. This is not an article about Palo Alto, so I am not going to parse everything good and bad that is happening at that company. With all respect to the CEO who has had a good run, platformization antedates his adoption of the strategy.
In order to offset some growth headwinds confronting Palo Alto, the company adopted an approach that is the equivalent of providing users with free service for some time period if they agree to adopt the Palo Alto platform and sign up for a multi-year term. There are a variety of offers that Palo Alto is now making to displace what it describes as legacy point solutions. These offers include extended roll-out periods, and pricing abatement for the period before the expiration of competitive lease commitments. Palo Alto has a variety of offerings, and it has different specific available contract terms for different bundles of services.
There really is a vast difference between the way in which platformization used to be considered, and how it is now discussed amongst some investors and analysts. From my own understanding, the original concept of platformization was very positive, both for vendors but also for users. It ought to be more efficient to provide users with a well-integrated set of services with a common UI, and common operating characteristics. I could go back and find numerous articles that I have written lauding my understanding of the concept of platformization.
But that said, some vendors have tried to make a virtue of necessity as the saying goes. The quote below is from a comment by the CEO of Zscaler at the recent MS Tech conferenced.
Unfortunately, the word platform has been hijacked just like the word Zero Trust has been hijacked. Platform is supposed to be a common set of services on which you build application A, B and C. It’s not supposed to be a collection of acquisitions and label them under a bundle, okay? That platform is really nothing, but ELAs labeled as platform, which is becoming shelfware
Of course, the above is both a commercial, and it can’t be proven. But there is a key concept here that resonates with many users according to some industry contacts. The key here is shelfware. This is not a hit piece on Palo Alto. Their numbers will play out, and the most likely scenario is that the company’s latest guidance de-risks its forecast with revenue growth expected to be 10% in the current quarter and in the mid-teens percent over the next 12-18 months… But the other side of the coin is the concept that Palo Alto’s offers are the start of an industry price war, and that is just not the case. Giving away firewalls, for example, when the world is moving a different way, is not likely to impact the growth prospects of Zscaler. And Palo Alto’s recent strategy pivot is really not an indication of a price war in the cybersecurity space in my opinion.
Zscaler’s business model – steady improvement
In the midst of all the angst regarding the growth of calculated bookings, it is easy to miss the strong margin improvement this company is reporting. Overall, non-GAAP operating margins rose by 700 basis points year-on-year, and by 200 basis points sequentially. Like many other tech companies on a margin journey, the instrumentality is really leverage at scale. The company is increasing opex, and research and development opex actually rose by a robust 39% year-on-year last quarter, non-GAAP. But overall, while total opex grew by 21% year-on-year on a non-GAAP basis, revenues rose by 35%. Sequentially, Zscaler revenues rose by about 6% while non-GAAP opex actually fell marginally. Gross margins rose year-on-year, and were flat sequentially.
Zscaler’s free cash flow margin has risen significantly and for the first half of its fiscal year it had reached 33%. This compares to a free cash flow margin of 23% in the year earlier period. The increase in free cash flow margins was driven by improving profitability, and balance sheet items, including receivables. The company is expecting full year free cash flow margins in the low 20% range; it expects to incur significant CapEx to expand it cloud and AI infrastructure. So far this year, CapEx has been around the 6% range. The company is forecasting that CapEx for the year will reach the high single digits; mathematically, that seems a stretch. I imagine, that like many other forecasts, the Zscaler free cash flow margin projection is designed to be significantly exceeded.
Zscaler does use stock-based comp. Last quarter’s stock-based comp was about 28% of revenue compared to 29% of revenues in the year earlier period. I look at dilution as the real cost of SBC, and not the number reported by GAAP. Last quarter, dilution was about 2.8% year-on-year and less than 1% sequentially. The company does forecast outstanding shares and its forecast for dilution over the next 6 months is less than 1%. I have used 163 million weighted outstanding shares in calculating valuation metrics, slightly greater than the company forecast.
Zscaler’s EV/S ratio has compressed notably, and is now at around 11X. The combination of free cash flow margin and expected CAGR leads to a valuation that is below average for the company’s growth cohort of around 30%.
Wrapping Up – Reiterating the case to buy Zscaler shares
Zscaler shares have fallen 18% in the wake of a forecast, particularly for billings that has been poorly received. This reprises the scenario of a year earlier in which a billings forecast drove the shares significantly lower over a 2-month span before the shares turned around and inflected higher. I tend to regard billings as not indicative of future revenue growth performance due to the many limitations in the metric. Zscaler bookings are growing noticeably faster than billings. The company doesn’t report the best metric for measuring growth, the increase in net new ARR, consistently, if at all. That said, on the last conference call, the company CEO said that ARR growth has been strong and gave a single metric coupled with an aspirational goal. I would like to see lots more granularity.
The company’s shares have been under pressure as part of a sector retrenchment after a significant run. Precipitating that pressure has been the company’s guidance and commentary by Palo Alto. Palo Alto’s platformization strategy has been seen by some as the opening salvo in a price war. I view it far differently. That company has chosen to embark on a bundling strategy. There has been no sign of industry-wide pricing issues and Zscaler, in particular, has seen gross margins continuing to improve/stabilize in the low 80% range.
Despite some confusion regarding the remarks by the Palo Alto CEO concerning buyer fatigue, all indications are that cybersecurity software demand growth is accelerating and not compressing. Threats have ramped up, losses to cyber criminals have increased and the advent of Generative AI has presented yet another massive threat surface which will need to be protected.
There does appear to be a trend encompassing vendor consolidation; Zscaler offers a tightly integrated platform that it has continued to extend, most lately into branch-level protection that has facilitated its growth significantly in the recent past and seems likely to continue to do so. While market share measurements in this category are not really reliable, anecdotal checks suggest that Zscaler’s position in the zero-trust cybersecurity market has continued to strengthen.
Zscaler’s valuation has always been cited as elevated. While the company’s valuation is not at deep value status, it is no longer an outlier when it comes to valuation. With billings’ expectations reset to what seem to be exceptionally prudent levels, the set-up for the shares seem to be favorable, of course with the caveat that overall market perturbations are likely to have a significant impact on the shares.
I continue to recommend Zscaler shares and expect they will produce significant positive alpha over the next 12 months.