Cyberark Software Ltd
NASDAQ:CYBR
US |
Johnson & Johnson
NYSE:JNJ
|
Pharmaceuticals
|
|
US |
Berkshire Hathaway Inc
NYSE:BRK.A
|
Financial Services
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Mastercard Inc
NYSE:MA
|
Technology
|
|
US |
UnitedHealth Group Inc
NYSE:UNH
|
Health Care
|
|
US |
Exxon Mobil Corp
NYSE:XOM
|
Energy
|
|
US |
Pfizer Inc
NYSE:PFE
|
Pharmaceuticals
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
Nike Inc
NYSE:NKE
|
Textiles, Apparel & Luxury Goods
|
|
US |
Visa Inc
NYSE:V
|
Technology
|
|
CN |
Alibaba Group Holding Ltd
NYSE:BABA
|
Retail
|
|
US |
3M Co
NYSE:MMM
|
Industrial Conglomerates
|
|
US |
JPMorgan Chase & Co
NYSE:JPM
|
Banking
|
|
US |
Coca-Cola Co
NYSE:KO
|
Beverages
|
|
US |
Walmart Inc
NYSE:WMT
|
Retail
|
|
US |
Verizon Communications Inc
NYSE:VZ
|
Telecommunication
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
211.68
329.71
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
Johnson & Johnson
NYSE:JNJ
|
US | |
Berkshire Hathaway Inc
NYSE:BRK.A
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Mastercard Inc
NYSE:MA
|
US | |
UnitedHealth Group Inc
NYSE:UNH
|
US | |
Exxon Mobil Corp
NYSE:XOM
|
US | |
Pfizer Inc
NYSE:PFE
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
Nike Inc
NYSE:NKE
|
US | |
Visa Inc
NYSE:V
|
US | |
Alibaba Group Holding Ltd
NYSE:BABA
|
CN | |
3M Co
NYSE:MMM
|
US | |
JPMorgan Chase & Co
NYSE:JPM
|
US | |
Coca-Cola Co
NYSE:KO
|
US | |
Walmart Inc
NYSE:WMT
|
US | |
Verizon Communications Inc
NYSE:VZ
|
US |
This alert will be permanently deleted.
Ladies and gentlemen, thank you for standing by and welcome to the CyberArk second quarter 2020 earnings conference call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, there will be a question and answer session. To ask a question during this session, you will need to press star, one. Please be advised that today’s conference is being recorded. If you require any further assistance, please press star, zero.
I would now like to hand the conference over to Ms. Erica Smith, Vice President, Investor Relations. Please go ahead.
Thank you Sharon, and good morning. Thank you for joining us today to review CyberArk’s second quarter 2020 financial results. With me on the call today are Udi Mokady, Chairman and Chief Executive Officer, and Josh Siegel, Chief Financial Officer. After prepared remarks, we will open the call up to a question and answer session.
Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements which reflect management’s best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the third quarter. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company’s annual report on Form 20-F filed with the SEC and those referenced in today’s press release that are posted to CyberArk’s website, as well as risks regarding the duration and scope of the COVID-19 pandemic and its related impact on global economies and our ability to adjust in response to the COVID-19 pandemic. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein.
Additionally, non-GAAP financial measures will be discussed in this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today’s press release or in the supplemental historic information, both of which can be found on our website, www.cyberark.com in the Investor Relations section.
Also, a webcast of today’s call will be available on our website in the IR section.
With that, I’d like to turn the call over to our Chairman and Chief Executive Officer, Udi Mokady. Udi?
Thanks Erica, and thanks everyone for joining the call.
During the quarter, the safety and wellbeing of our employees continued to be our top priority. We evolved our policies and procedures based on the rolling nature of the pandemic in the countries in which we operate. Our global teams are agile and have adjusted well to today’s new normal; in fact, we believe reduced travel schedules, virtual events and digital marketing have increased the overall productivity and focus across the company.
Before getting into the details of the quarter, I want to spend a few minutes talking about the trends we are seeing in the market, then discuss our Q2 results in more detail. I will recap our first ever virtual customer event held two weeks ago, and finally discuss the integration of Idaptive and positive response from customers and partners.
We continue to see identity security and PAM at the top of CIO and CSO priority lists. This was confirmed by customers at our recent Impact event held two weeks ago, as well as by recent industry analyst reports. In today’s environment, secure and privileged access is more important than ever to global [indiscernible] risk. Every geography and every industry is experiencing a sharp increase in attacks from those looking to take advantage of the distraction and disruptions that COVID-19 has created.
Our team is on the front lines. In the breach, we are often the second phone call after the remediation firm, helping lock down privilege activity, rebuilding the integrity of the environment, and restoring secure operations.
In recent engagements, we have been ransomware, including Maze, adding data exfiltration to data encryption tactics. Attackers move laterally across the network, escalate privilege access, steal unencrypted files and encrypt vulnerable devices, crippling organizations. This pattern can be seen in the headline grabbing Twitter event - attackers compromised internal administrative tools, changed email addresses to gain access, and hijacked high profile verified accounts.
Based on research from our labs team, we believe the privilege escalation used in the Twitter attack could have been mitigated with PAM controls, including isolating access, session monitoring, behavioral analytics, and lease privilege at the endpoint. The Maze, Twitter and recent COVID-19 vaccine attacks demonstrate that the privilege pathway is the attack vector of choice, putting PAM as a top priority.
Organizations have responded to the pandemic, rapidly adjusting how they support employees, how they go to market and service customers. After establishing their work from home operations, they are now focused on securing new environments, end points, applications, and access across users from IT [indiscernible] and third party vendors. There is little debate 2020 will be viewed as the great digital accelerator as companies embrace cloud and SaaS solutions to deliver efficiency, innovation and rapid time to value.
When you look at the quarter, we were pleased to deliver results ahead of all guided metrics with total revenue of $106.5 million, non-GAAP operating income of $17 million, and non-GAAP EPS of $0.42 per share. These broader market trends resulted in positive momentum in our business with record recurring license revenue, record SaaS bookings, record growth in end point privilege manager, as well as strong demand for application access manage and for our core privilege access security solutions delivered both on premise and in our privileged cloud. We were particularly pleased with our results especially given our revenue headwind from acceleration of our SaaS and subscription business.
On the new business front, we signed more than 170 new logos, including great logos like a Fortune 100 retailers, a born in the cloud technology company, a European car manufacturer, and various global government agencies. Our wins in the second quarter were across verticals, geographies and customer size, including the midmarket, demonstrating that every company needs to secure privilege access. Overall, the impact of the pandemic was in line with our expectations and was contained primarily to the speed of deal progression with prospects who more closely scrutinize budgets for new IT initiatives. Josh will talk about the new business dynamics later in the call.
At the same time, existing customers are increasingly turning to CyberArk as a trusted advisor to strengthen their security posture given the heightened threat environment. As privilege access proliferates through the enterprise, they are first expanding their PAM footprints with core privilege access then extending their deployments based on our PAM blueprint methodology to include application access manager and end point privilege manager.
As an example, a large existing S&P 500 customer described the foundation of its security strategy as CyberArk everywhere. In the second quarter, this customer added more than 2,000 core privilege access users to provide visibility and access across its data centers and Azure environments. This customer will also leverage application access manager to secure its robotic process automation, or RPA initiative as well as Kubernetes and Jenkins.
As I highlighted, SaaS bookings accelerated in the quarter and I want to highlight a few of our wins. An existing end point privilege manager customer purchased privilege cloud to lock down the privilege pathway, Alero for third party access, and application access manager to secure its applications as well as its vulnerability management solution.
A competitive rip and replace deal for end point manager, a major U.S. insurance company chose CyberArk to secure more than 130,000 end points with our SaaS solution because of our enterprise scale to support the new work-from-home or work-from-anywhere imperative, as well as our ability to block ransomware and prevent potential theft at the end point.
A global law firm was reducing its data center footprint and consolidating infrastructure. Because of the increased risk of this consolidation, this customer prioritized its comprehensive PAM program and purchased our three SaaS solutions: end point privilege manager, CyberArk privilege cloud, and Alero, as well as application access manager to secure its DevOps environment.
While interest has increased for PAM delivered as a service in specific verticals, the mid market and the low end of the enterprise, I want to highlight that we continue to see strong demand in the large enterprise for on-premise delivery. However, with the macro uncertainty in the first half of 2020, more customers are asking for the flexibility of subscription pricing for their on-premise deployments, which contributed to our record recurring license revenue and bookings in the second quarter.
From a geographic perspective, while our business continues to be well diversified, we were very pleased with APJ’s revenue growth of 20% in the second quarter, including early traction in Japan. Our partner ecosystem continued to play a key role in our success. Ten percent of our revenue was from indirect sales.
Our advisory partners like Deloitte, PWC, KPMG and Accenture continue to influence new and add-on business. C-cubed alliance partners like Automation Anywhere, Blue Prism and UI Path in robotic process automation, Tenable and Rapid in vulnerability [indiscernible] help differentiate CyberArk in the market.
I would like to make a few comments on our CyberArk Impact customer event. Our Impact event is always very rewarding for me. It is the world’s largest gathering of cybersecurity professionals dedicated to securing privilege access. By conducting a virtual event, we were able to extend our reach and engage more than 11,000 individuals globally. This year information security officers [indiscernible] help mitigate customer risk.
Our customer based views CyberArk as a meaningful layer of security [indiscernible] long term strategic goals. In meeting after meeting, they reinforced their reliance on CyberArk as a critical partner in securing their business success.
During the event, I shared our vision for identity security which directly aligns with the trends we are seeing in the market. In today’s mobile, digital and cloud world, along with remote workforces, access continues to grow exponentially. All identities - human, applications, machines and automation tool - can become privileged uncertain conditions. This expands the attack surface if not properly secured. We believe the traditional approach to managing identities is no longer sufficient. Our identity security strategy will provide customers with peace of mind knowing that privileged access management is at the foundation of our platform while also reducing user friction with intelligent access from Idaptive.
We are taking a unique modular approach to our identity security platform which will allow customers to leverage their [indiscernible]. Early feedback from Impact on the acquisition of Idaptive and our strategy has been incredibly positive from customer and partners alike.
The integration of Idaptive is well on its way and our first step is to offer Idaptive AI driven multi-factor authentication across our products and solutions. Idaptive’s team hit the ground running, winning new customers and building pipeline even with virtual introductions.
As we look at the remainder of the year, we expect the uncertainty of the global pandemic to continue to create some level of headwind, particularly with new customers. With that said, we are in a market that is rich with opportunity. We are benefiting from work-from-anywhere and digital transformation paradigms, demonstrated by the record quarter for our SaaS solutions as well as the strong momentum with application access manager.
Our customers are turning to CyberArk to reduce risk with core privilege access. We have a robust growing pipeline of new opportunities and a loyal base of existing customers. We are making smart investments and are executing our strategy and infusing the business with more and more recurring revenue. I am confident that this combination will drive long term growth and shareholder value.
Before turning the call over to Josh, we hope that all of you are safe and well during this challenging time.
Josh will now discuss our financials in more detail and the outlook for the third quarter. Josh?
Thanks Udi.
We are pleased to deliver results ahead of our guidance. Total revenue was $106.5 million compared to $100.2 million in the second quarter last year. License revenue came in at $47.9 million in the second quarter of 2020 compared to $52.2 million last year. As Udi mentioned, while COVID-related headwinds persisted for new business sales in the second quarter, we also experienced positive trends including our best ever quarter for SaaS, increased engagement and expansion deals with existing customers, and record pipeline growth across our portfolio for both existing and new customers.
If we dig deeper into the drivers of license revenue, existing customers continue to move forward with their mission critical PAM programs and add-on business, representing over 75% of license revenue during the second quarter. We were pleased to sign more than 170 logos, but we did see the combination of these customers making shorter term purchasing decisions because of the economic environment and an increase in SaaS bookings [indiscernible] deal sizes during the second quarter.
On the product side [indiscernible] end point privilege manager represented about 15% and 9% of license revenue respectively and had a record quarter. Consistent with our strategy, more than 75% of our EPM bookings were for SaaS, making the revenue contribution from this solution a lagging indicator of its overall success.
In the second quarter, we generated record revenue recurring license revenue of $12 million or 25% of license revenue amount. Our recurring license revenue breaks down to 10% of license revenue from SaaS and just over 15% of license revenue from on-prem subscription deals. For comparative purposes, in the second quarter of 2019 our recurring license revenue was $2.5 million or just 5% of license revenue in total.
Taking a step back from revenue, I want to talk briefly about bookings and pipeline. The second quarter was a record for SaaS and subscription bookings. Our strategy to infuse the business with more recurring revenue is working; however, our record SaaS and subscription bookings resulted in over a $9 million revenue headwind for the second quarter, reducing our total revenue growth rate by about 9%.
In terms of the pipeline, we had strong growth in the second quarter across new and add-on customers, our SaaS portfolio, application access manager, and our core privilege access security solutions. We have also seen an overall shift in the pipeline towards more SaaS and subscription deals as customers look for more pricing flexibility because of the macro environment, more efficiency from SaaS delivery, and increased automation from digital transformation strategies, as Udi talked about earlier.
Our combined maintenance and professional services revenue was $58.6 million, increasing 22% year-on-year. $48.7 million came from our maintenance contracts as our renewal rate continued to be strong during the quarter, reinforcing that PAM is mission critical within the security stack. In total, our recurring revenue which combines maintenance, SaaS and subscription, was about 57% of total revenue in the second quarter. That’s compared to about 41% in the second quarter of last year. The professional services revenue associated with this line was $9.9 million or 9% of total revenue, consistent with past period levels.
The business was well diversified across geographies. The Americas revenue in the quarter was $64.5 million, representing 61% of total revenue, up from $61.8 million in the second quarter last year. EMEA revenue was $30.4 million or 28% of total revenue in the second quarter, also up from $28.7 million last year. APJ generated $11.6 million in revenue, representing 11% of total revenue and growing 20% year-on-year, up from $9.7 million in the second quarter of last year.
In terms of verticals, we experienced strong year-on-year growth in insurance, pharmaceuticals, telecom and healthcare during the quarter. We did close deals in the industries impacted by the global pandemic. The bookings in retail, transportation and travel declined as a percentage of total during the second quarter.
As I move through [indiscernible] discuss on a non-GAAP basis, please see the full GAAP to non-GAAP reconciliation in the tables of our press release and posted to our website.
Our second quarter gross profit was $90.7 million or an 85% gross margin. That’s a decline from 88% gross margin in the same period last year. The decline is primarily related to the increase in our SaaS revenue mix during the quarter, including the acquisition of Idaptive as well as ongoing investments in our cloud infrastructure.
We continue to make disciplined investments across the business. R&D grew by 34% year-on-year to $19.5 million as we made key investments to deliver innovation and enhance our SaaS solutions. Sales and marketing increased 18% to $45.4 million to extend the reach of our sales team globally, and G&A increased 10% year-on-year to $8.8 million. In total, operating expenses for the second quarter increased 21% to $73.8 million, and that’s compared with $61.2 million for the second quarter last year. Still, our operating income was ahead of our guidance at $16.9 million or 16% operating margin.
Included in our results that I just summarized are approximately six weeks of revenue and expenses related to the acquisition of Idaptive. Overall as Udi mentioned, we were pleased with the early traction of Idaptive. Total Idaptive revenue recognized in the quarter net of the purchase price accounting adjustments was approximately $1.5 million in SaaS revenue and $300,000 in professional services, totaling $1.8 million. For context, if we had not made any accounting adjustments, total revenue from Idaptive for the same six-week period would have been approximately $2.7 million in the quarter.
The impact to our expense line from Idaptive was approximately $1.1 million in cost of goods, lowering our gross margin by about one percentage point, and an additional $2.8 million in operating expenses. In total, Idaptive lowered our operating margin by approximately 2%.
[Indiscernible] are related to headcount. We ended the first quarter with [indiscernible] including about 125 employees from the acquisition of Idaptive. This is up from 1,254 employees at June 30, 2019. Of our total employee count, 752 employees are in sales and marketing compared to 588 at the end of second quarter last year.
Net income was $16.7 million or $0.42 per diluted share for the second quarter of 2020, that’s compared to $23 million or $0.59 for the second quarter of 2019. We were pleased to generate $53 million in cash flow or 25% margin for the first half of 2020. This cash flow contributed to our strong balance sheet and we ended the quarter with $1.1 billion in cash and investments. This cash balance reflects [indiscernible] payment during the second quarter related to the acquisition of Idaptive.
We ended the second quarter with $226 million in total deferred revenue, that’s a 30% increase from $174 million at June 30 last year. Approximately 12% of total deferred revenue or $27 million is related to recurring SaaS contracts, that’s compared to 3% of total deferred related to SaaS contracts at June 30 last year.
Now turning to our guidance, as a reminder, our guidance does not consider any potential impact to financial, other income or losses as we do not try to estimate future movements in foreign currency rates. [Indiscernible] for the third quarter of 2020, we expect total revenue of $107 million to $115 million [indiscernible] headwind from our increased mix of SaaS and subscription bookings expected in the third quarter of 2020, that’s compared to the bookings mix from a year ago. We expect non-GAAP operating income to range between $8 million to $15 million and non-GAAP net income per diluted share of $0.19 to $0.33 [indiscernible] assumes approximately $3 million in SaaS revenue from the acquisition of Idaptive net of purchase price accounting adjustments and approximately $8 million in expenses for the full quarter [indiscernible] assumes 39.8 million weighted average diluted shares and [indiscernible] for the third quarter.
In the near term, we expect ongoing economic uncertainty and the roaming nature of the global pandemic to impact our ability to predict our results, particularly for new business and in various industries. In addition, while we have a robust pipeline, we also do not yet have full visibility into potential budget flush for the fourth quarter at this time. As a result, we are not providing guidance for the full year 2020. We did want to provide, though, a bit of color on our hiring in the back half of the year, and we expect to add approximately 30 to 35 people in the third and fourth quarters each.
We continue to see strong momentum in our business and a real business need for reducing risk, both from new and existing customers. We are making the right investments in the business across our cloud solutions and in core privilege access that we believe will position CyberArk to accelerate growth as the environment improves.
I will now turn the call over to the Operator for Q&A. Operator?
[Operator instructions]
The first question comes from Shaul Eyal from Oppenheimer. Please go ahead.
Thank you, good afternoon guys. Congrats on the results. Udi or Josh, I have a question that could be a bit tricky here.
We understand that SaaS is gaining steam, whether it’s the product agility, the payment flexibility that was noted also by Udi in his prepared remarks. Knowing and understanding that CyberArk carries a predominantly on-premise business model, can you maybe qualitatively talk about the potential long expansion, have you looked into it? You know, we have [indiscernible] that is coming as a platform, or maybe slightly more in a modular manner depending on the customer, but do you have a rough estimate about the potential [indiscernible] up to this that you could be seeing from a gradual migration to more of a subscription model?
I would say, Shaul, first of all I think--thanks for the congrats, and we’re really pleased about the ability to accelerate the SaaS contribution. I would say [indiscernible[ has consume our on-prem solution and the fusion strategy is really working - we’re seeing more and more adoption and while in parallel, we’re increasing our SaaS portfolio, so it’s coming together. We’ve been growing adoption and we expect more of that with Idaptive [indiscernible] other companies, we believe that both customers and of course the financial strength here will benefit from the fact that the more and more we have recurring subscription as we expand our offerings, the more value both our customers will get and of course CyberArk will benefit.
So strategically this is going in the right direction, the way the customers want to buy, because that’s been very important for us - deliver on-prem, deliver SaaS based on how the customer want to buy, but in the long term I think we will benefit from the fact that there’s a growing portfolio and we can get this loyalty and growth with subscription.
For sure, thank you for that. Also, Josh, the few dozens of employees that will be added within the second half period to your headcount, is that mostly R&D or some sales and marketing? When are you expecting to fill those positions mostly?
Yes, hi Shaul. Definitely the majority will be R&D, and then the second place will be on the sales front as we start to think about already in the second half building sales capacity for next year. R&D and sales.
Thank you for that. Good luck.
Next question comes from Saket Kalia with Barclays.
Hey guys, thanks for taking my questions here. Maybe first for you, Udi, just maybe a little higher level. Can you talk about the competitive landscape a little bit? I guess more specifically, are you seeing anything from some of the players that were acquired within the last 18 months, or perhaps others that have changed in the last couple quarters? Just talk a little bit about the competitive landscape as you see it over the last couple quarters.
Sure Saket, thanks. First of all, I would say that in general, we don’t see a real change in the competitive landscape. CyberArk has really been extending our market leadership, both in PAM again with our growing innovation and growing SaaS portfolio, but further now with our identity security vision after acquiring Idaptive. I think we continue to break away and lead this market.
I think in this environment, the strong financial position has become even more important for customers, so on top of course of the technology and leadership in the space, we benefit from being that trusted customer that customers in this environment can continue to invest in.
I would say that the opposite applies to the PE-backed ones that find it harder to invest in innovation in this environment, so I would say overall continued market leadership, some vying for the distant top two and three positions between themselves.
Got it, that makes a lot of sense. Maybe a follow-up for you, Josh. Can you just maybe remind us of the cash flow profile for your SaaS and on-prem subscription contracts, if you will? Are they annually in advance or any other model, and just maybe compare and contrast that for us to your traditional perpetual license-slash-maintenance model, if you will.
Yes, thanks. Absolutely. When we think about the SaaS and subscription, where we’re typically going to be seeing cash on an annual basis for those projects and for those transactions, whereas in perpetual we saw the perpetual upfront together with a one-year or greater maintenance contract, so I think that’s one of the things that we’ll see different, so one respect we’ll be spreading out a little bit the cash over the contract of the SaaS and subscription terms.
You know, we were pleased in the first six months that we generated $53 million in cash flow from operations - that’s eight percentage points above our net income margin, and that’s kind of as we continue to build out and sell more and more SaaS, that’s kind of playing out nicely for us. We see over time we’re going to be building in a lot of future cash flow off of the new SaaS and subscription contracts.
Got it, makes a lot of sense. Thanks guys.
Next question comes from Sterling Auty with JP Morgan.
Yes, thanks. Hi guys. You mentioned a couple of times the pipeline. I’m just wondering if you can at least qualitatively describe where the pipeline sits versus pre-COVID, or maybe a year ago, and what you’re seeing in terms of sales cycles.
Yes, hi Sterling. I’ll start here. What we’re seeing actually this year in our pipeline is really across all of our products and across even existing and new customers, we’re seeing really record growth in the pipeline, and that was not impacted by COVID. We saw it in Q1 and we saw it continue as well into Q2, and that’s compared to Q1 and Q2 of last year. We’re pleased to see really where the openings are coming from and the pipeline developing and progressing, and again not just for core pass but also for our application to access manager for our new SaaS products, and of course for EPM [indiscernible].
I think one of the things also we look at is coverage growing as well, which in this environment we also like to see.
Absolutely, and then one follow-up. You mentioned coming in after incident response has happened as a first call. Are you actually being brought in directly by the incident response companies, and if so, who are you seeing the most traction with?
Yes Sterling, hi. Yes, we’re often invited either by the customer or recommendation from the incident response firm. It’s very interesting and often gives us the opportunity to help in the recovery and, of course, get that trusted advisor position that later follows on with privilege access management as a layer. When it’s not driven by customer, I would say the incident response firm that invites us the most is probably Mandiant, but we’ve seen several others invite us, including I would say vendors that have incident response arms that call us in.
Got it, thank you.
Next question comes from Fatima Boolani with UBS.
Good afternoon, thank you for taking the questions. Udi, I’ll start with you. I think on a number of different occasions in the prepared remarks, you alluded to the pandemic’s impact to new logo and new business progression, so I just wanted to get a little bit more detail on what were or what are some of the gating factors around new logo and new business activity, particularly if the priority for PAM and PAS projects has catapulted to the front of the line. Then I have a follow-up for Josh.
Absolutely. First of all, I think we’re really pleased to see the add-on business muscle really behave normally and with normal cycles and be such a big lift for us, and also with the ability to bring 170 new logos in this environment. I think we were very happy with that.
But what we are seeing, and I think it’s natural, across the board that you can be and PAM can be a very high priority, but just given the environment, there is much more scrutiny in priority, much more scrutiny in looking for budgets, and longer approvals. That’s kind of the new normal on the new logos, and therefore we’re factoring that and making sure we have a wider pipeline, like Josh mentioned, and that we’re factoring for right now longer cycles when it comes to new accounts. But again, there is some mitigating factors on the fact that we have the SaaS portfolio to address some of them, that we can offer subscription pricing to some of them, so there is growing mitigating factors.
Fair enough. Josh, a question for you. If I look at the sequential compression in gross margins, I think you talked through about 100 basis points of that 300 basis point compression due to Idaptive. I’m wondering what the other dynamics were that caused that level of compression in gross margins, particularly if the recurring license mix is largely skewed to TBL versus SaaS this quarter. Just wanted to parse that impact out as to why the impact to gross margins would be so dramatic. That’s it for me. Thank you.
Yes, thanks for that. Absolutely, 1% coming from Idaptive and then really the other percent and a half coming from the SaaS business, from [indiscernible] really increased its SaaS on EPM, started to sell into Alero and we saw a really large uptick on the organic side of our SaaS products, so that also impacted as well on the gross margin.
Very helpful, thank you.
Next question comes from Brian Essex with Goldman Sachs.
Hi, good morning, and thank you for taking the question. Udi, just a real quick question on deal progression and the nature of some of the large deals that you’re seeing on the privilege access side, particularly with regard to some of the consulting firms that you called out as partners. How many of those deals are larger--you know, particularly with respect to Deloitte and Accenture and so forth, how many are multi-vendor larger identity deals versus explicit privilege access deals, and how often is this kind of a larger consolidated effort on behalf of the customer to just revamp their identity management profile?
Brian, I think it would be hard to generalize, but if we look at the engagements, very often what the big four and the consulting firms, the PAM practice at those firms, we may have a beachhead at the account or we’re coming together at the account, and they would drive a PAM [indiscernible], so we see that phase. Very often it could be part of a larger identity initiative and more and more in recent year there’s a PAM first approach - let’s secure the keys to the kingdom first before doing the others.
But you’re right - in some cases if you zoom out, we can see that identity initiative and that in these firms the group, that PAM effort is also collaborating [indiscernible] team that’s doing identity.
With our expansion to identity security and with the acquisition of Idaptive, we of course will continue our modular approach and to collaborate with other identity initiatives that have started with other vendors, but believe we will also be able to take an even greater share of those identity programs.
Got it, that’s very helpful. Maybe just as a follow-up for Josh, could you put a little bit of a finer point on the guidance for the third quarter operating expenses, elevated to costs relative to Idaptive, soon to be a little bit higher in this quarter. Maybe just pointing where we should expect, I guess outside of sales and marketing headcount, R&D headcount, I don’t know if that’s the lion’s share of it, but how we’re thinking about spending for Idaptive’s expansion integration relative to other potential opex increases?
Yes, hi Brian, thanks for the question. As we’ve [indiscernible] million dollars of total expenses, of which $6 million are in opex--sorry. Because if you recall, when we talked about the increased expenses in the first--for Q2, was only for six weeks, so that’s the jump in the [indiscernible] expenses for the full quarter of Idaptive.
When we think about where we’re going to see those increased expenses, it’s really going to be on the R&D from the recruit, like I talked about the majority of the headcount will be on the R&D side, and as well as on sales. The R&D is really focused on still building out our SaaS infrastructure for our SaaS product, but also for the integration of Idaptive products with CyberArk products. I would say it’s going to come out in the R&D and then next in sales.
That’s helpful color, thank you very much.
Next question comes from Jonathan Ho with William Blair.
Hi, good morning. Congrats on the strong quarter. I just wanted to maybe start out with the cross-sell opportunity that you’re seeing with Idaptive and your core products, and maybe how often do you think the two will be purchased together? Will Idaptive be sort of a separate tip of the spear? I’m just trying to understand how you think about [indiscernible].
Hi Jonathan. It’s relatively new, but the timing for us was great because we announced the acquisition to gear up initial integration and then really come out with it in our Impact event and really test the waters with customers. I think kind of ideal to have an acquisition, begin to integrate, and then have the opportunity to showcase it to our customers. I think the strategy right now is really to leverage the amazing customer base that we have, and they’ve selected CyberArk for this critical area in PAM and now extend with Idaptive to other use cases around their regular users.
As I mentioned in my prepared remark, first out of the gate we’ll be offering integrated MFA into the CyberArk solutions, but we will be able to up-sell the rest of the Idaptive suite to the CyberArk customers. In parallel, we’re going to keep the muscle and enhance the Idaptive muscle to also go after standalone opportunities, but that would be a new element for us where really the bigger access to market is leveraging our [indiscernible].
Got it, got it. That makes a ton of sense. Just as a follow-up, when we think about the opportunity in the midmarket, I think you called that out as an area that saw some strength this quarter. Talk about maybe the dynamic here and what’s making that market more attractive. Thank you.
Yes, I think what we’re seeing is we could be very strong in where we’re coming from in the enterprise space, but that PAM demand is also growing in the lower--in the smaller enterprise and the high end of the midmarket. The fact that CyberArk now has a SaaS portfolio makes it easier for us to go after that market as well, so I would say dynamics are obviously smaller deal sizes but often shorter sales cycles, and nicely augmenting the enterprise approach which is still the most strategic for us to keep the leadership and expand.
Next question comes from Rob Owens. Please state your company. Your line is open.
Yes, it’s Rob Owens from Piper Sandler. Good morning, guys.
Thank you for the visibility in and around the headwinds created by the SaaS business, and appreciate you impacting that for us, but can you give me a sense of relative to the Q3 guide and the headwinds, given your commentary around pipeline, why it would be a flat quarter-over-quarter headwind in terms of dollar amount.
Hi Rob, this is Josh. Good to talk to you. I think again we’re anticipating certainly some transition headwinds also in the Q3 guidance, and I think what we tried to do here when we gave a range on guidance was really to capture--also knowing that we’re not certain exactly where that mix is going to come out. The pipeline is growing, as you said, it’s robust. We have good visibility particularly on the add-on customers, on the existing customers, but as we’ve said in the call, when it comes to the new customers, the progression through the pipeline and the visibility for when those are going to close becomes a bit harder to predict.
Then on top of that, you have the mix of whether or not they’re going to go off the SaaS or the subscription or the perpetual, so I think we feel comfortable with where we are in the guidance. We tried to provide a range that captures a few different types of scenarios for us, and we like where it’s heading over the next several quarters based on the pipeline.
Great, and then following up, given we are in the third quarter, any high level thoughts around the U.S. federal opportunity, and would you expect this to be a normal U.S. federal quarter or do you think that COVID will have an impact on that? Thanks.
Yes, I think it’s a new normal for everyone, so I think it’s the first federal quarter in this environment. We’ve had a lot of success throughout the year in federal, and so again we’re counting on a close to normal in the new normal environment and leveraging some of the, I would say, access to customers that we’ve gotten.
We’re also investing in getting our SaaS products fed-ready to be able to take that to the federal market as well.
Is there any time frame around when those might be fed-ready, and how long it typically takes?
It’s a process. I’m not ready with an answer there yet, and Idaptive has just gotten onboard, but super important for us. Some of them--it’s a pipeline, like some of our solutions are already in play and now we’re adding Idaptive to the fed ramp mix. But we’ve successfully sold, of course, our core PAM, our application access manager, our EPM to the federal market. It’s super strategic and important for us.
Next question comes from Hamza Fodderwala with Morgan Stanley.
Hi, how are you? I guess first question is for Udi. I wanted to dig into a little bit more on the prioritization of PAM and the more distributed work environment. As far as what you saw in Q2, did you start to see that increased demand in prioritization come later in the quarter, and is the expectation that it will start to translate more to the actual results into the back half or next year as budgets start to come back? Is that the progression that you see as it relates to your PAM portfolio?
Hi Hamza, Udi here. I would say that the linearity is the linearity in our quarterly sales, and not really a reflection of PAM, the PAM opportunity. As we walked into COVID, first we saw organizations really just trying to get that initial [indiscernible] but that was last quarter. In this quarter, we saw that when you engage with the customer, they understand that the perimeter basically evaporated overnight and there is no perimeter, and it may take one step, it could take two steps, but an attacker can get privilege access to the heart of their IT infrastructure, so the priority is up there.
It’s also in--I would say the analysts in the industry are putting it really as the top thing to do, but with a new account we obviously have to go through the regular education and prioritization that we need to go through. I think it’s only getting up there, if I reflect a couple quarters ago in terms of awareness. I look at meetings at Impact with chief security officers, they start with this is my most critical control. Some say this allows me to somewhat sleep at night - CSOs don’t really sleep, so we’re seeing that continue, but we have to navigate the COVID environment when it comes to new logos.
Next question comes from Andrew Nowinski with DA Davidson.
Great, thank you, and congrats on the nice quarter in a tough environment.
I want to start with a high level question. It just looked like the Twitter attack that happened this quarter was largely a privilege access management attack, so I’m wondering if that resulted in any improvement in the pipeline when it hit, because it does highlight why PAM is such a high priority.
Yes Andrew, I think once every couple of months, there’s just an event that is a Super Bowl commercial for PAM, but I think the CECL community this will be an incremental effect because they get it, so I wouldn’t say that this would dramatically drive pipe. Pipe is growing because the awareness is there. It’s just another example for organizations to help prioritize this, to just get into the nitty-gritty of understanding that two hops and it’s down to privilege access to defend from a takeover.
So I would say it’s another positive, and kind of latching onto the education of past events, industry reports and so on.
Next question comes from Daniel Bartus. Please go ahead.
Hey guys, thanks for taking the question. I guess I’ll just ask one for Udi - nice quarter on the AAM side of the business. Curious, has the competitive landscape changed there at all, and who are you seeing most in the market competitively on this side of the business? Thanks.
Yes, absolutely. When I answered earlier that no change in the competitive landscape, I know of referred to the regular PAM vendors when it comes to PAM. But you’re right - at your point, the one vendor we see with regards to securing secrets is Hashi, which come from the-I would say the developer, the developer world and less from security. We’ve seen great growth especially in--and that’s the most strategic piece of our portfolio, in the product lines that’s securing modern applications based on our acquisition of Conjur in 2017, dynamic applications and [indiscernible] secrets, and we’re coming in more from security. We see them often seeded through open source. We get a lot of wins when it’s a security-driven [indiscernible] piece of our portfolio, and we [indiscernible] story and platform, deliver a full PAM platform to the customer for humans and for applications. We’ll continue to invest in this line and also continue to invest in partnerships, like the partnership with Red Hat.
Next question comes from Daniel Ives with Wedbush Securities.
Thanks. Just a question in terms of hiring. Can you talk about maybe you just getting a lot more inbounds from a sales perspective than you were, and maybe just talk about the type of sales person that you’re looking for in the field, especially given the broader sales push?
Yes Dan, I would say that the people are very amazingly adjusting. I look at our sales team, they adjusted amazingly to this environment, and also credit to the customers and prospects out there - people are engaging, people are meeting, people are having proof of concepts. I would say we’ve always hired very dynamic people and as you look in this environment and as we bring on the new type of sales persona is one that’s able to navigate and environment where you can’t have a series of face-to-face meetings, where you are leveraging the technology partnership, you’re leveraging the big four. It’s more people who know how to work in a team or an ecosystem to drive value all across.
We’ve seen an increase in--great contribution in our indirect business, so really that’s a great way to navigate this environment, leverage the access that the channel partners have, bring value, and close the deal.
Next question comes from Gur Talpaz with Stifel.
Okay, great. Thanks for taking my question. Udi, you talked about a large EPM displacement. I was hoping you could talk about what you’re actually displacing and then, more importantly, how do you view the overall displacement opportunity across the business as we look into the future? Thank you.
Yes Gur, I was thinking about that as I was answering the competitive landscape. One attribute that we’re seeing--again, there’s a lot of green field out there, but there is a displacement when customers turn strategic. I would say we’re seeing a displacement across the board, and in that specific example I believe we replaced another technology that could not scale. I can’t recall if that example was BeyondTrust or thycotic, but it was one of them, when it came to the ability to scale, and that’s been a big advantage for us again when the customers go for a full PAM program.
EPM has been a big one on displacements. There’s also more and more CA, Broadcom CA type displacements going on, and we had some important wins in the quarter on that front too, but that was classic PAM.
Next question comes from Gregg Moskowitz with Mizuho.
Okay, thank you and congrats on the quarter. I think it’s a big deal that SaaS and subscription made up 25% of license revenues versus 5% a year ago, and that SaaS is 12% of deferred versus, I think you said 3% a year ago. You mentioned that more customers were requesting on-premise licenses to be delivered as a subscription. Now that is in motion, what I’m wondering is why not go on offense and actually try to sell more term licenses? I realize that there is a near term cash flow headwind, but conversely more on-premise subscription contracts would drive obviously more recurring revenues and very likely a higher LTD as well. Your perspective on that would certainly be appreciated.
Yes Gregg, it’s a great question, and you’re right - we’re very pleased, and like Josh said, we’re very pleased to see that part of the business accelerate. Again, the infusion with SaaS, which was very deliberate, but then also seeing that the customers wanted on-prem but as a subscription as another way to increase our recurring revenue, so we’re very pleased with that. But right now, for that example, for the on-prem as subscription, it’s hard for us to determine how much of that is--of that acceleration is COVID related and how much is going to be the new normal, where they want to go term based for the on-prem.
Actually what we did is we put together a cross-functional team here at CyberArk led by Matt Cohen, our CRO, to determine how this--if this will persist, what are their buying patterns going into the future, and right now the leading strategy is we’re going to sell to the customers how and where they want to buy, do they want perpetual, do they want on-prem but subscription, do they want of course the SaaS portfolio, which we are--we are promoting, and after we finish that deep dive, we’ll decide, to your point, do we further accelerate on that strategy.
Great, thank you.
Next question comes from Catharine Trebnick with Colliers.
Thanks for taking my question. Could you put a finer point for us on the split you see between licenses and maintenance more on the quarter? I know you’ve been saying [indiscernible] can’t really predict it, but could you at least give us a little bit more of a hint - you know, traditionally you do well second half of the year on license revenue, especially in Q4? Thanks.
Hi Catharine. I think basically if you want to--you know, for a further breakdown into license and maintenance, I would follow the model, which is basically maintenance will continue to be what we carried last quarter with the additional licenses going forward. I would say that the maintenance will probably grow in line at about 20% of the licenses that we’ll do for next quarter.
All right, thank you.
And also, kind of a finer tune, a finer point on professional services, we’re still running really the 7% to 9% of total revenue will be in professional services.
All right, thank you very much.
Next question come from Imtiaz Koujalgi. Please state your company. Your line is open.
Hey guys, thanks for taking my question. A question for Josh. You mentioned about customers chose to go with subscription for your on-prem offerings. Can you tell us how much deal compression happens when customers choose a subscription form factor versus, I guess, on-prem? How much is the deal size lower when you go from a perpetual to a subscription?
Hi Taz. It kind of depends on how long of a subscription contract they take. If they’re taking a three-year, then it’s going to be pretty close very much to a perpetual transaction, and if they’re taking a one-year, it’s going to be closer to probably half of that.
Got it, thank you.
At this time, I’ll turn the call over to the presenters.
Hi everyone, Udi back again. I just want to thank our customers, partners and employees for continuing and contributing to our success in the second quarter, and to everyone here, stay safe and be well. Thank you.
This concludes today’s conference call. You may now disconnect.