Cloud Security with the Zscaler IPO

In case you haven’t noticed we’ve seen an acceleration of enterprise cloud adoption. Stocks like Nutanix (NTNX), Twilio (TWLO), MongoDB (MDB) and Okta (OKTA) have all taken off in the past few weeks on the back of improving fundamentals.

The shift is captured in a quote overheard during an industry conversation – “large companies are now moving their core IT to the cloud.” For the last decade there has been plenty of cloud “adoption” but it’s been part of a “hybrid” strategy. Now it’s full-on.

Corporate networks have not evolved fast enough to keep up with cloud adoption. Anyone who has had to use a “corporate VPN” to access their applications outside the office knows how creaky these approaches have become.

Zscaler (ZS) preaches a new approach to network security which is to stop thinking about data center as “castles” and security as “moats” designed to protect assets. They refer to the resulting network topology as “hub and spoke” which is inherently not very cloud-like.

To be fair Zscaler has kind of “snuck up” on this vision as a result of their individual product strategy. One product, ZIA, provides secure access to external applications and another, ZPA, provides secure access to internal applications.

You can review the whole ZS IPO slide deck and our transcript of the ZS IPO roadshow presentation for the full story.

By bringing these two products together Zscaler is able to offer an end-to-end security solution that can bypass some of the intermediary components since – reducing cost and complexity while enhancing scalability and performance.

It’s not perfect but they are the leading vendor in this space with a widening lead according to Gartner Group.

Symantec (SYMC) is also positioned in the leaders quadrant thanks to their $4.65B acquisition of Blue Coat in 2016. Given that Zscaler is taking share they will have room to grow their valuation form the proposed $1.3B. (Our IV is below.)

Parallels with Akamai (AKAM)

Another way to think about Zscaler is to consider how Akamai (AKAM) pioneered content delivery on the internet. Back in the day every time a user accessed a website the contents were served from the host to the browser. But the more people that accessed the site, the slower it got.

Akamai took the simple idea of using a local “cache” of the data, putting servers everywhere and wrapped it with network math to be able to serve massive amounts of content in a highly-distributed manner.

The result was that the more heavily accessed a site is, the faster the content can be served which fixes the scalability problem – at least when it comes to static images, graphics, files and streams.

Thus the “Content Delivery Network” or CDN was born. It’s a core feature of our infrastructure today and now multiple vendors including Amazon (AMZN) offer their own versions. Akamai is still a big player but the CDN became more commoditized it reduced their TAM and they have never been able to really succeed in developing a large adjacent business.

Zscaler has done something similar by deploying in over 100 data centers around the world. (Much of that aligned with new growth of cloud applications like Microsoft Office 365.) One way to think about this is imagine a “mini-stack” of security software deployed everywhere in the cloud.

Does anyone get hurt?

The Zscaler approach begs the question “will traditional network security vendors get hurt?” Companies like Palo Alto Networks (PANW), Fortinet (FTNT), CheckPoint (CHKP), FireEye (FEYE) or F5 (FFIV) certainly know about the shift to the cloud. The security appliance market is $17B so there’s plenty of spend there.

For example FEYE has already been moving to a software-based security solution. They still sell appliances for customers that want/need that kind of solution but it’s not like these companies are going to be blindsided by Zscaler approach.

Security technology has been so strong for so long that it’s been a growing pie for nearly all the players. At some point there could be some pressure on security budgets and if there is indeed “a better way” to secure cloud applications without as much heavy investment in the network then we could see some fallout.

One more interesting loser might be Symantec/Blue Coat (SYMC). They are still a leader in secure web gateways but they are already losing share to ZS. Without a strong position in network or even endpoint security, Symantec might have more risk than the other security vendors.

 

Investment Conclusion

Zscaler is still a small company at $150M in sales with low penetration of the enterprise market. They haven’t “broken though” to be considered with the “big boys” like NTNX. However we expect the company to continued to grow on the strength of their individual offerings and trade up towards their IV of $30.

As ZS grows up we may see a “Battle Royale” between the big network security companies and cloud-centric vendors like Zscaler. For that reason owners of PANW, FTNT, CSCO and CHKP should keep a close eye on ZS (and maybe a small position just in case!)

There’s more work to do on Zscaler once it’s public and we see how they do over the next couple of quarters. Their product positioning and go-to-market strategy are promising.

 

Leave a Comment