Zscaler: Cybersecurity Platform Build for the Cloud

Zscaler is a leading provider of cloud-delivered cybersecurity solutions. The company was built on the premise that the cloud will become the new corporate network and consequently, the traditional perimeter-based approaches, firewalls and VPN, will lose relevance. As organizations are undergoing digital transformation, we believe that we are on the cusp of a massive transition in network architecture, which requires different cybersecurity solutions. Consequently, as core business applications are migrating to the cloud and networks become distributed, the use cases for products such as Zscaler’s are expanding from securing users browsing the web to securing access for entire complex organizations.

Zscaler offers a unique architecture (Zero Trust Exchange), with an extensive network of POPs (over 150) across many geographies. The company operates at significant scale, processing 200billion+ daily transactions, enabling users to directly connect to apps with “zero trust” security and improved latency. The products are based on creating a secure gateway (SWG) that stands between the user and the cloud/applications, approving all access instances. The result is increased security, simple structure, at a lower cost, compared to complex legacy solutions.

SPEAR’s differentiated view:

While the market is concerned about growth companies, we believe that Zscaler has many tailwinds that will allow the company to power through interest rate increases. We estimate Zscaler will be able to maintain 30%+ topline growth rate for the next 10+ years as its products are in early innings of adoption.

Three key pillars behind our thesis:

  1. Superior product in a large $72bn addressable market allows Zscaler to grow at a 30%+ rate and still only account for ~MSD% market share by 2030.  
  2. Growing with existing users and moving down-market for new users. The company’s flagship solutions (ZIA and ZPA) still have the potential to expand annual recurring revenue ARR by 6X from existing users. Furthermore, while the company is focused on large enterprises, expanding down-market to smaller companies can be a significant opportunity.
  3. Cloud workload protection adds a large opportunity. New product introductions (ZCP) targeting cloud workloads, which work on the same principle as securing users, expanded the company’s addressable market by 50% and only accounts for high-single digits of new annual contract value (ACV) today.

Superior Product in a Large Addressable Market

Zscaler’s platform offers superior “zero trust” protection compared to competing solutions. Zero trust is a framework for securing organizations in the cloud that asserts that no user or application should be trusted by default i.e. always provides least-privileged access. Zscaler’s architecture is designed to directly and securely connect users to applications, no matter where the user or the application resides. Many vendors today claim that they offer “zero trust” products, but many are based on “workarounds”, while still using the legacy infrastructure.  

With Zscaler’s products, each transaction (or connection) is done through the company’s network of over 150 POPs located across many geographies, processing 200 billion+ daily transactions. The large volume of transaction enables Zscaler to feed its machine learning algorithms and better detect anomalies. Zscaler’s customers benefit from the company’s massive scale with 200,000+ unique daily security updates and 7bn daily enforcements. Zscaler’s Zero Trust Exchange is proxy based which means that it completely inspects all traffic, including traffic that is SSL-encrypted. Conversely, a firewall does not have the ability to decrypt SSL traffic. This is the reason behind attackers embedding more malware inside SSL-encrypted traffic.

While the Zsceler value proposition is evident to many large companies, we believe that increasing volume of attacks will expose vulnerability of legacy approaches (e.g. log4j, SolarWinds) and demonstrate why this is the only way to build “zero trust” cybersecurity. Consequently, we expect the company to be able to expand meaningfully beyond its current ~5,000 customers. For comparison, Palo Alto Networks has 80,000+ customers and Fortinet has 550,000+.                 

Zscaler has identified a $72bn serviceable addressable market (SAM) which is broken down between users ($49bn) and workloads ($23bn). The current revenues base of ~$1bn (2022E) would imply ~1% market share today, enabling Zscaler to grow revenue at 30%+ rate for 10+ years and still have only MSD/HDS market share, implying a significant growth runway. While meaningful part of the opportunity today is gaining share from legacy firewall vendors (~$20bn market today) we believe that there is significant “white space” that the company can go after in the long run. 

The User SAM of $49bn is targeting share gains from legacy firewall solutions and connects users to applications. The TAM is based on 335mm users each paying $145/per user. The company has two core offerings: Zscaler Internet Access – ZIA, which provides secure access to the internet and SaaS applications, and Zscaler Private Access  – ZPA providing secure access to internal applications. ZIA is essentially a replacement for traditional firewalls and ZPA is a replacement for traditional VPN.

The Workload SAM is targeting the ever-increasing number of workloads on the cloud. The estimate is based on 150M workloads priced at $155/workload. The core product is Zscaler Cloud Protection –ZCP which was introduced in 2020. Public cloud spending itself is growing at double digit rates and public cloud workloads are expected to grow at a 25% CAGR for the next 5 years. This is key for Zscaler, because as companies re-evaluate new workloads and structures, they are likely to go with a simple solution such as ZCP. 

Growing with existing users and moving down-market for new users

Zscaler expects that the company’s flagship solutions (ZIA and ZPA) still have the potential to expand ARR by 6x just from upselling products to existing users. The largest driver is further adoption of ZPA which currently accounts for 16% of revenues. Other drivers include expanding access to Zscaler products to all employees within an enterprise, upgrading to higher end bundles, and incorporating “add-ons”.

The company launched Zscaler Digital Experience (ZDX), in November 2019 which is now the fastest growing solution in the company’s history. ZDX can diagnose performance issues and can improve performance of some highly used aps such as Microsoft Teams and Zoom.

In addition to upselling current users, Zscaler has a significant opportunity to expand down-market to smaller enterprises. Currently ZS is focused on larger organization which comprise of Majors (40K employees) and Large Enterprise (6-40K employees). Expanding down-market to enterprises with 2-4K employees is a significant opportunity for the company. Zscaler has only 5.6K customers today compared to Palo Alto at 80K+ and Fortinet 550K+.

Cloud workload protection adds a large opportunity

Zscaler introduced Zscaler Cloud Protection (ZCP) in December 2020 which expanded the company’s addressable market by >50%. ZCP is comprised of three components: (1) Cloud Security Workload Posture (CSWP), (2) Workload Communications, and (3) Workload Segmentation, effectively extending its existing “zero trust” framework to cloud workloads. With ZCP, companies can protect traffic between cloud workloads in the same way ZIA/ZPA protect users. 

ZCP accounts for only HSD% of new ACV today, according to the company, which we estimate will surprise to the upside given current cloud dynamics. We expect that public cloud workloads will continue to take market share and grow at ~25% CAGR.

Valuation Framework

Revenue growth is the principal driver of our thesis and valuation upside for Zscaler. The company has grown revenues at a ~52% revenue CAGR (FY18-FY21) with an attractive subscription-based business model. Zscaler recently reached $1bn in Annual Recurring Revenue (ARR) and is now focused on achieving $5bn in ARR, although management did not provide a timeline.

We expect Zscaler will be able to growth at a 30%+ rate for 10+ years, which implies meaningful upside from the current share price on a DCF basis. This strong growth will be driven by:  

  1. growing with existing users – as much as 6x, per the company. Zscaler has a Net Retention Rate (NRR) of ~130%, which is a metric that shows the percentage of recurring revenue retained from existing customers, and takes into account upgrades, cross-sales, downgrades and cancelations. This metric is key in assessing the progress that the company is making towards its potential
  2. product and SAM expansion. As an example, expanding from ZIA/ZPA to ZCP resulted in a 50% TAM increase that the company can now harness. Similar opportunities exist in expanding to IoT/OT
  3. differentiated product in a large high growth addressable market. Cybersecurity as a whole is expected to grow at a double digit CAGR (see our cybersecurity primer) with innovative markets, such as the ones that ZScaler participates in, growing at 20%+ CAGR.

Unlike most companies that are growing at 50%+ growth rates, Zscaler is actually profitable and generated positive FCF margins of 21% in FY21. Zscaler has an attractive subscription-based business model with strong 81% gross margins. Although profitability is not the key metric we are focusing on in the near term – we are focused on revenue growth and market share, it provides a valuation floor, especially in an increasing interest rate environment where investors are wary of undercapitalized companies that are burning cash flow.



SPEAR publishes original research about industrials and industrial technology.
To subscribe please fill-in the info below:

You are leaving our main page and visiting our ETF on a separate website 

OK, let’s go Never mind, close