Mar 29 2020 - The Difference With Zscaler
The market barely budged to the record jobless claims as the ~T emergency relief package comes to the rescue.
Zscaler has shaken off its weaknesses to ride a new wave powered by fresh catalysts that will propel cloud security players.
Investors have largely baked in the projected gains and late entrants should remain wary of buying into the overvaluation territory.
Amidst the COVID-19 induced panic, investors keep sorting through stacks of tech equities to recalibrate their portfolio and possibly add companies whic are in great shape to survive a possible recession. Like its cybersecurity counterparts, Zscaler (ZS) hasn't been spared in the market volatility that has ensued as VaR shocks trigger stop losses across asset classes. For investors who are in doubt about the potential of Zscaler, the answer is simple: Zscaler will win; however, the win will come at a huge sacrifice. This means you should demand a huge risk premium.
Demand for Zscaler’s offerings will play a more significant role in its valuation in addition to its cash flow dynamics and financial leverage. My previous thesis on CrowdStrike (OTC:CRWD) highlighted the net positive effect of COVID-19 to top endpoint players. While I tried to sort through the top players, I left out Zscaler and its role in the future of digital transformation. My initial hypothesis was that enterprises that are jostling to protect remote endpoint devices want to snap up endpoint platforms like CrowdStrike and BlackBerry/Cylance (BB). However, that's just one approach to securing endpoints, data, and networks. After SA contributor Harris highlighted the partnership between Zscaler and CrowdStrike, I took more interest in Zscaler after realizing it is equally as formidable as CrowdStrike in acquiring more market share as companies go remote.
My approach to infosec has always been to protect devices and networks. However, the proliferation of data and apps means security can be approached differently. Zscaler's offerings are structured to protect access to cloud networks and apps, which means by serving as a web proxy, CASB, or VPN; it can inspect communication between a remote device and a network or cloud infrastructure. This means we can either choose to protect all endpoints or protect access to critical business infrastructure when setting up a remote network. Better still, you want to protect both. Though, I expect an endpoint security solution to have the capabilities to protect devices at rest, in transit, data at rest, and data in transit.
In an environment in which SMBs and large enterprises will grow increasingly tightfisted due to market uncertainty, I don't think most companies will be deploying multiple security solutions. Though, at some point down the line, they all have to follow cybersecurity best practices. This austere financial environment naturally favors cloud and endpoint security solutions as IPs are mostly stored in cloud platforms and accessed via endpoints.
Going forward, the wave of cybersecurity attacks are expected to increase due to the growth of internet traffic and data in transit bouncing across multiple internet nodes, networks, and devices.
While the rise of ransomware attacks will also favor the adoption of endpoint security solutions, the cloud-centric network topology of most businesses will make it easy for Zscaler to make its case. In Gartner's latest magic quadrant for secure web gateways, Zscaler and Symantec are the leaders. So I expect Zscaler to continue to compete strongly in top access security RFPs. Zscaler recently beefed up its sales leadership, indicating its preparedness for the task ahead.
Zscaler has typically had the opportunity to gain a lot of wins during refresh cycles when companies choose to do away with their hardware appliances for more nimble cloud security deployments. Right now, any refresh will favor Zscaler if it can offer a cheaper and easy to deploy solution. However, winning those product refresh cycles won't come as easily as anticipated. This has spurred a gradual revenue growth decline and lower than expected forward revenue guide. The Street has a 29% revenue growth estimate for 2021. This is based on the assumption that Zscaler will continue to succeed in its push to drive the adoption of its zero-trust network access approach to security. This isn't the only security deployment approach; however, it is one of the most compelling and adaptive to the cloud-centric nature of enterprise networks. This means opex will continue to be on the high side, and the recent sales events further solidify my conviction that Zscaler is spending to rewrite the security adoption narrative in favor of its approach. For this growth strategy to be successful, Zscaler needs to be lucky with the crop of talent it recruits. They either produce a performance akin to what the kick-ass sales team at Palo Alto (PANW) produced between 2016 and 2019, or the music stops before we know it. DBNER further decelerated last quarter, which means the task ahead isn't going to be easy.
This means valuation is not a bet on products (the products are great) but on sales to deliver on the forward growth guidance. As a result, I want to demand a huge risk premium when calibrating my valuation. This means not going beyond the upper boundary (40x) of its historical P/S multiple (currently 50% off high) or the peer average P/S ratio. This also means buying into weaknesses while sitting aside when the stock becomes frothy. Zscaler is already trading close to the average analysts' price target of , which means there is little bargain opportunity left. It’s tough to achieve what Palo Alto did in the past five years, though it's not impossible. However, at any FY 2021 P/S multiple above 10x, you want to tread with caution.
I see Zscaler making a strong case to help enterprises accelerate their digital transformation projects by provisioning them with its ZTNA approach to security. This will come at a huge capital cost, which means margins will continue to be sacrificed. Given its strong balance sheet, there is no reason to worry about the health of the business in the short term. Zscaler will win deals; however, investors need to be careful buying into the overvaluation territory.
I'm grateful to commentators who have shaped my ideas and thoughts about cybersecurity over the years by making a great case to refine my competitor analysis approach as most cybersecurity vendors don't offer competing products. They mostly complement each other to ensure cybersecurity best practices. I want to point out that my methodology is borne out of my desire to try to predict who wins key RFPs before enterprises decide to double their security spend. Most companies still consider security as an afterthought. Given the rise of data privacy laws and regulations, most companies will no longer be able to get away with doing the barest minimum.
While my approach isn't the best at informing the public about the need to adopt cybersecurity best practices, investors should note that the point of my competitor analysis is to pick who wins in the worst-case scenario assuming enterprises have little to no discretionary spend to commit to buying best of breed cybersecurity solutions. This optimizes for valuation not product adoption and it is important that readers note the difference.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.