Zscaler – A disruptor in the cloud security business


Zscaler – A disruptor in the cloud security business

Zscaler is a recent IPO and the valuation could be deemed high by traditional metrics given its early stage. Zscaler has a big TAM and can grow into its multiples. The company’s billings accelerated from 49% last year to 73% this past quarter. It is a leader in its category defining a new set of product offerings.

An introduction to Zscaler

Zscaler is a company in the leader’s quadrant with very few real competitors. It is rapidly growing in a market ripe for disruption. Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. I state what the company website highlight- “Zscaler’s flagship services the Zscaler Internet Access™ and Zscaler Private Access™, create fast and secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match”. Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyber-attacks and data loss in more than 185 countries.

According to the company, Zscaler’s award-winning web security solutions have been 100 percent cloud-based since the company’s inception in 2008, and boasts the world’s largest cloud-based security infrastructure built from the ground up, with innovations derived from more than 60 patents.  Zscaler’s security cloud processes over 35 billion transactions per day, for more than 5,000 organizations around the world. The Zscaler™ platform protects employees and data and users in 185 countries across 100 data centers with near-zero latency, and no requirement of on-premises hardware or software.

Zscaler advantage and offerings

“Security has always been based on our control of devices and networks,” says Michael Sutton, CISO at Zscaler. “Zscaler has turned that upside down. We enable companies to secure users, no matter where they work, what network they use or what devices they’re on.” 

Zscaler has been radically rethinking cloud security approaches for its clients and calls itself the World’s largest pure-cloud security platform. It  stands out in terms of Design, performance, and scalability,  and provides a great ROI compared to traditional security approaches… It does not matter if an organization is small or big, they receive the same security with much lower investments. One on the main benefits ZS claims, is protection “all time from anywhere “ because the cloud is always up to date. In terms of management and visibility, there is a single panel where one can configure the policies for the  entire organization worldwide, and ​after a proper implementation, the maintenance is very low.​

ZS cloud platform eliminates the need for traditional on-prem security appliances that are difficult to maintain and require compromises between security, cost and user experience. Zscaler platform offers two complementary services for enterprises who want to access applications on the public cloud without having to go through their data center –

  • 1. Zscaler Internet Access or ZIA for secure and fast access to SaaS applications and the internet. ZIA is designed to ensure malware doesn’t reach the user and valuable corporate data does not leak out.
  • 2. Zscaler Private Access or ZPA for secure access to internal applications in enterprise data centers or the public cloud. ZPA connects a specific user to a specific application based on business policy, without bringing the user on the network, resulting in better security while delivering the best user experience.

The ZIA product line has been their bread and butter for last few years and in addition, ZPA which was released last fiscal year, has been driving upsell activity for high-end transformation bundles, which includes the Cloud Firewall and Sandbox functionality.

How does the Competition stack up

OpenDNS founder David Ulevitch runs Umbrella as a SVP for Cisco Security, and he called the current competition “a race between ” between Cisco, Zscaler and Symantec. Ulevitch sees a multibillion-dollar opportunity as more companies move to cloud based security , explaining the difference between the newer and older approaches  as the difference between closed-circuit cameras at a club and a bouncer at the door.  Here is a comparison with Cisco and Blue coat ((provided above)) which was acquired by Symantec.

The market for Secure Web Gateway (SWG) solutions is traditionally characterized by legacy on-premises appliances, but as businesses increasingly look to securely transform from the old world of IT to the new world of cloud and mobility, it becomes apparent that security needs to move to the cloud as well. According to Gartner, “while SWG appliances still represent approximately 71% of the market share (as measured by revenue), the historical five-year compound annual growth rate (CAGR) of cloud services is 32% (as compared to the five-year CAGR for appliances at 5%)”. Enterprises are implementing the cloud-based SWGs to provide security protection for remote offices that are connected directly to the internet.

According to my analysis and validated by a few fellow contributors the solutions from companies like Symantec, run via virtual appliances in a data center ((DC))  and as a result  every call  has to go to the data center then back to the edge or access device. ZS has a wide moat letting SDNs to run on the internet without any redirects or VPN’s, and makes it unique in the market TODAY. This is possible because, they have set up their server software cross 100’s of locations, around the globe. It could be monopoly for a few years like  ANET was in the last few years or NEWR is today.

According to a pre IPO report Cisco offered a hefty price for a takeover and Symantec has a law suit against them.  This leads me to believe that  ZS has a highly disruptive take on the  traditional perimeter defense security model, and  represents the future of cloud based security that can easily deliver 30%+ growth for next 5 – 10 years.

Financial History and Future prospects

Revenues in the latest 3Q 2018 (the first one since going public) grew to $49.2 million, keeping pace with Zscaler’s 49% y/y  growth rate in prior quarters when the company was still private, and surpassed estimates by a nine point difference.

Zscaler has a typical contract of 1-3 years, hence new deals in any given quarter are typically not fully recognized as revenues upfront. Billings, which measures the quarter’s revenues plus change in deferred revenues, is a better metric to assess longer-term revenue growth and the billings results were superb. Zscaler exceeded expectations with 73% y/y billings , surpassing revenues from both a growth rate and absolute dollar  standpoint. This indicates that the company has added more revenues to the longer-term pipeline than it has recognized in the quarter, a strong signal for continued revenue growth. ZS will thus have a lot of deferred revenue with many of its multi-year contracts paid up front, and this gives them a great cushion to invest for the future, and protect their moat.

Remo Canessa, Zscaler’s CFO, commented that the company enjoyed a strong mix of longer-term deals that were billed upfront. Canessa notes that Zscaler’s billings would still have grown by 60% y/y, even when extracting for the contribution, of these longer-term billings.

Gross margin in the quarter was 80.8% on a GAAP basis, up 200bps from 78.8% in 3Q of 2017. I believe it is too early for me to speak on cost efficiencies and I would like to keep an eye on how it moves. I will delve into it after a couple more quarters once we see a pattern emerge.

3Q operating expenses grew 9% sequentially, and 38% year-over-year to $42.8 million, of which Sales and marketing increased 9% sequentially, and 43% year-over-year to $28.4 million. R&D increased 3% sequentially, and 20% year-over-year to $8.9 million, as the company continues to invest to enhance product functionality and to offer new products.

Consensus is $246 million for 2018, and I assume they should achieve close to $300 million given the 60% billings growth.  They have an amazing ARR of 120% and I believe their ZPA product line will increase that number substantially in the next few years.

Outlook and Valuation

A lot of pros on seeking alpha have been speaking about ZS being overvalued,  and I would agree with them but only partially.  As I wrote in one of my earlier blogs on how to value and  invest in cloud based businesses, the basic premise is , once a company has spent the costs on infrastructure and building the product or services, and the sales cost to acquire a customer, it’s just a matter of expanding the client numbers, to start seeing the effect of scale. And if it comes with little to no debt, and high inside ownership, I would jump on that bandwagon without anchoring to a price, which will eventually fetch great returns.

The IPO prospectus reads that an amount of $17.7 billion, is annually spent  on security applications, and  as per Zsacler, this amount  can be directly served by Zscaler’s disruptive products. When a company has such a big TAM,  I believe it will grow into its valuation, and companies like ISRG and NFLX have made that abundantly clear in the last decade. 


The big risk with any new technology is time needed to get it accepted, and get to an inflection point, and if some new entrant comes during this gestation period the sales multiples may come down. According to an eminent Investment analyst and former Managing Director at World Quant LLC Ishpreet Pandher, this cloud based architecture could be  a business risk for ZS, since switching costs would  be lower for a company to move for Zscaler to another newer innovation as there is no embedded devices and stickiness in his model.  Though that could happen , I believe that since ZS has so many locations with their servers  up and running it will take time for the new player to get to this breadth of the service infrastructure needed.

One can definitely expect to see some volatility with the impending lock in period expiring in Oct 2018, and the regular ups and downs with high growth mid cap stocks, post earnings releases.

In Conclusion

I would probably wait until the lock in period expires before I get a truckload of this company stock just in case we get a head fake.  In the meanwhile I would also be accumulating it in small quantities when the market gives an opportunity to pick it up on a lower sales multiple of 10 -12 X.

The author is an investment analyst and runs an investment advisory and consultancy – Sequity advisors (www.sequityadvisors.com). Sequity has been developing investment strategies helping generate 25% returns consistently in the last decade for investors in the US stock markets. Sequity also mentors start-ups in the APAC region to scale up their business in emerging economies like India, Vietnam and Indonesia.

Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Sudheer Soolapni
Sudheer Soolapni
2 years ago

Good read