Palo Alto Networks, Inc. (NASDAQ:PANW) Bank of America 2024 Global Technology Conference June 4, 2024 10:50 AM ET
Company Participants
Nikesh Arora – Chief Executive Officer
Conference Call Participants
Tal Liani – Bank of America
Tal Liani
Thanks very much for joining us to our tech — Annual Tech Conference. We have a wonderful schedule for you for the next few days. We have over 540 registered investors. We have 135 companies.
I just want to remind you, I’m going to start from the most important part. make Sure to join us today at 4:45 for the reception. It’s going to be on the 32nd floor the panoramic level. And if you — the one-on-one meetings are on the second floor, third floor and 12th floor, if you have just what your schedule. And if you have any questions about your one-on-one schedule, just see the corporate desk — corporate access desk one level below here.
So with no further ado, I would like to welcome CEO, Nikesh Arora, of Palo Alto Networks. Thank you very much for joining us today.
Nikesh Arora
Good morning, everyone. First of all we have to wish them a happy birthday. It’s birthday today.
Tal Liani
At a certain age, you don’t celebrate anymore until you’re 80 and then everyone celebrates for you.
Nikesh Arora
That’s good.
Question-and-Answer Session
Q – Tal Liani
So Nikesh, thank you. Thanks very much for doing this. And I want to start from a vision question, a long-term question. The question for investors is how will Palo Alto look five years from now? How is it going to be different from now? What is the main stage when you sit down with big corporates that look at your road map and how the company is going to shape up, what’s the message for your customers or where you want to be years from now?
Nikesh Arora
Yes. First of all, thank you for having me and good morning everyone primarily. So if you look at the technology landscape, if you look at the cybersecurity subsector, one of the few subsectors of technology, which does not have a large player.
Our customers are still buying north of 20 to 30 products for cybersecurity. We’re only like 6% to 10% of the budget of any company’s IT spend. So to have to manage 20 or 30 vendors in 6% to 8% IT spend, is untenable, which means a lot of the owners of integration, a lot of the owners of connecting all these things lies in the customer. And our view always is, why should there not be a much more integrated, amazing set of products that works for our customers, so they don’t have to do all the integration themselves.
Five years ago, we were in two Magic Quadrants, which is enterprise geek speak for great products, top right and Garden Forster as this we in 24, which means we have proven to the market that we can have great products in 24 different categories. And our view is that the customers should not have to stitch them together. We should deliver a stitched platform. And if you look historically, this is possibly where the age thing showed up. And I started my career at Fidelity Investments 20 years ago. We have 22 systems which used to connect to one CRM system. I don’t think they have 20 anymore. It’s a thing called salesforce, oracle, Microsoft dynamics does it for you.
So if you look back and say, yes, 30 years, you go — you had so many disparate systems, which are now one platform. You think about your HR systems, you used to have 15 of those, they’re down to one co-workday. You look at your financial systems. I remember writing code in Hyperion, right? Now you have one financial systems platform. So it is feasible in the industry has proven that there are platforms that can be created and our aspiration is speed of platform for security.
Tal Liani
Got it. So just to put it in reference, what Nikesh just said, yesterday, we hosted the dinner and the Bank of America IT group was there and they said that Bank of America budget is $11.7 billion — IT budget? And of that $1.2 billion is spent on cybersecurity. So certainly a major part of our investment annually.
Nikesh Arora
So can you send them on?
Tal Liani
I can maybe send the $1 billion. I’m not sure about the other point two.
Nikesh Arora
We’ll take that.
Tal Liani
You spoke now about platform and you coined the phrase platformization and other companies said the same thing after that. What does it mean? With the word platform, what does it mean for Palo Alto?
Nikesh Arora
Look the word platform for us means that you don’t have to stitch multiple products to derive the solution that you want. That allows you to have consistency, lower cost of ownership, much more efficient security operations that allows you to get the security outcomes you need. And we’ve gone from 24 products to effectively three platforms, a network security platform that allows you to have every bit inspected infrastructure anybody else’s product except for us in the category, a cloud security platform, which means when you are moving your applications to public cloud those are Google, Amazon, Microsoft, Oracle, IBM to use one cloud security platform from us. And now with that product XSIAM, a singular platform for SOC. So for us, that means, on average, each of these platforms consolidate anywhere from 7 to 12 vendors. So if you go down from 20 or 30 to 3 or maybe 4, we don’t do identity, that’s a good start.
Tal Liani
Yes. And what are the benefits for the — outside of complexity, reducing complexity, what are the financial benefits, maybe or what are the benefits for customers? Is there any technical benefits, meaning system efficacy or is it just about prices? Just about bundling discounting?
Nikesh Arora
No, it’s not all about pricing discounting. That’s the whole — let me give you two examples. One, when I started six years ago, I met one of these CIOs who had $1 billion budget in cybersecurity and they proudly told me as a bank and said, we have 11 endpoint agents that run on our endpoints and our laptops. So I came back, I’ve back been in cybersecurity. I went to my Chief Product Officer, why did they have 11? So what happens is, we deploy one, it collects live data, analyzes that data, delivers a security outcome. The next one does something else. Third one does MDM, fourth one does EPP, fifth one does EDR. All three letter acronyms, we do protect our jobs, so you don’t understand them, don’t worry about them.
But you had 11 endpoints. The laptops will take five minutes to boot because there were 11 endpoints running them. So I asked him, why couldn’t one endpoint collect all the date analyze all of it. Nobody’s done it. So we went back and said, why don’t we have one agent that collects 200 megabytes of data, we analyze in the cloud and deliver the ten security outcomes you want.
Now that’s a lower cost of ownership because it takes us a lot less money to serve that capability. So it’s not about discounting or pricing. It is delivering the capability in a lot of lower cost because you’re consolidating across 10 different times with 10 different rollouts are doing that. That’s one part of it.
I’ll give you another example. Imagine you have those 10 endpoints running and you have other products running in infrastructure, if something bad happens, all of us will find some variant or some version of that bad thing, right? So like having 20 sensors in the room and having one bad actor and all 20 sensors that are trying the product, it’s like, I am on something bad. Then the customer’s job is to stitch those 20 pieces of information and say, was that one bad thing or two or three.
So give you an example, our XSIAM product, we consolidate alerts across multiple vendors. Sometimes we can sell 152 alerts to deliver one incident which means the customer has to go respond to 152 different alerts instead of saying there is one security incident we have. So in the long-term, it’s impossible to do this manually stitch it yourself. Bad actors can get in and out of company’s infrastructure in about three hours now. It used to be days now, 11 about two years ago, it’s down to three hours. I can get in and out of the company, extra terabyte of data in three hours. You have to be able to find in there, stop me, stop preferential trading data in three hours, if you can do it.
Tal Liani
Got it. When you sell a platform, it’s different than selling a point solution. So as you transform to a platform, what kind of changes do you have to make to your go-to-market and customer service organization?
Nikesh Arora
Yes. Look, when you go from selling point solutions to a platform, you have to focus on 4,000, 5,000 customers and keep that relationship going that they like one product, they buy the next one, they buy the third one, they buy the fourth one. So we showed some statistics in our earnings call, about 51% of our top 5,000 customers have at least two platforms from Palo Alto and 13% have all three. But that means you just landed. We haven’t fully expanded all of them in those customer bases.
We’ve discovered, any time we land with one platform and we fully expand to it, it takes our ARR from $200,000 to about $2 million. So we see a 10x improvement from landing and expanding into one platform. That goes to $14 million, if it’s all three are there. I think it can go up to 7x, depending on the size of the customer and what we can do. So we see the benefits of delivering more ARR revenue as very high.
If we can actually go persist with the customer and actually expand footprint and delivering to our platform. So that’s a lot better than having to go sell many $200,000 deal. So conceptually, this is why about nine months ago, we pivoted and said, look, let’s go focus on the top 5,000 customers and try and drive platform across them. Having said that, our team is still landing in next 57,000, there’s 52,000 active customers at any point in time. They’re still landing the other 57,000 customers and then they get incorporated, we trying to have a platform for them. So the only way we can go from $3.8 billion in ARR to $15 million to triple is to go triple the number of platforms you’ll deploy.
Tal Liani
And does it mean that you need to do more system integration now or came up with more system integrators because incorporating or deploying a platform is so much more complicated to our corporate?
Nikesh Arora
Yes. It’s less – you are right look, the deploying platform means that a company has to commit I’m going to take out these nine vendors, drifted and put Paul Alto in there is complicated, which requires some degree of systems integration work. We have people who help — but that is why the last 1.5 years, we get in striking partnerships the likes of Accenture, Deloitte IBM, Infosys, Gordmans and all others because they’re becoming a bigger and bigger part of channel architecture in terms of deploying the solutions. So yes.
Tal Liani
Got it. How does it work? So platformization by the way you answered basically you discussed it platformization is mostly a market of large corporates at this point. So that means the smaller customers, et cetera, they continue to buy point solutions. That’s the way to think about the market on?
Nikesh Arora
No. Actually, what’s interesting is more and more, if you see there are companies which are also drilling that integrated capability at the low to mid-end of the market and there’s things like Arctic Wool, Expel, ReliaQuest all these companies have decided that their small customers cannot handle this multitude of products and the complexity is we are delivering managed services at the low to medium end of the market. So economically, it’s a lot more profitable for us to operate the customers who are willing to spend $10 million, $20 million, $30 million TCV, the $1 million TCV arrangement range and that’s what economics in that.
Tal Liani
I want to maybe drill down a little bit to your success with next-generation security. So last quarter, you grew ARR by 47%. What are the components of this growth? What are the parts that are growing faster and where do you see more success or better demand, et cetera?
Nikesh Arora
So if you break it down to three platform, looking at network security. Five years ago, there was one player in something called SASE. And it was win or takes all market at that point in time. In five years, I think we’re the second largest player in SASE. Nobody expected that we’ll player in SASE. We do roughly about 40% to 50% of the business largest player in the market every quarter give or take. So it’s a fast growing field. What’s fascinating for us is for the first our SASE customers are replacing our firewalls and bringing us back into the build the platform. So good news is we can land at the firewall, hardware, we can land the firewall in the cloud, we can land with the SASE. It makes us the only player in the market who has the full network security stack from hardware software, cloud firewall to SASE. Nobody else in the market does it. So good news is the next question people ask me in platformization who is your competitors? Well network security, if you want a platform there’s only one that can stitch them together.
So there are fastest growing pieces are SASE and software capabilities that stitch our firewall in a network stack. Cloud security is a robust market, a little more competitive recently with some startups to hosting here but we’re still approximately 50% larger than next player in the market in cloud security. This is where we integrate about seven acquisitions put into to platform. You get one pane of glass, it’s all stitched, one code base.
And the last but not the least, our stock platform, which is kind of the category where you’re seeing an inflection point now, and I’ll go back to that in a second, is XSIAM. We did $400 million of TCV in 15 months in that product. In the history of security, nobody’s done $400 million with TCV in a brand new product that you’ve launched ever. So that’s where we announced this quarter. We are buying IBM secured our business, which is part of the same category, which should allow us to go work with them across thousands of curated our customers to be able to convert them into our product XSIAM.
Tal Liani
So maybe I’ll start with XSIAM. What does the acquisition give you? Why did you buy the assets from IBM?
Nikesh Arora
Look, the biggest challenge you discover in platformization when you go to a customer and listen, I have something that works. I’m very nervous. If I take it down, it’s not going to work. Whatever you put in there is not going to work. And the risk is that if I tell my other partner that they’re going to be out, they walk away, and then I’m left in the middle with not being able to execute your platform and be sort of abandoned. The good news is, now, in both ends of the transaction, I already have the current install of QRadar. I am their new partner in XSIAM.
I can manage this while I’m implementing this, and I can do a very smooth transition from their current infrastructure to mine. The good news is we bought the business, but we outsourced the business back to IBM, so they’re running it. So nothing has changed for the customer. It’s the same people, it’s the same operations. The only difference is now we control the contracts when the deal closes, which means we can go to the customer and say your contract is Palo Alto, you carry our customer, run it as long as you want. We’re going to work with you on the transition. We’re going to make it seamless and we can make the economic timelines match for you. So to us that’s great. And I think it’s public, we’re paying half $0.5 billion. That’s not a lot. People have paid billions of dollars to buy into that business.
Tal Liani
So staying still with the smaller parts of your business? I’ll just ask a question on Cortex before I go to the larger parts. Cortex, you mentioned previous quarter, I remember discussing with you and you said that now you feel that you are at par with standalone endpoint companies that have a platform. Talk about the Cortex success. What is the kind of deployment you’re seeing? Kind of — what is the kind of demand you’re seeing from customers? Where can you fit yourself in the market?
Nikesh Arora
So when we started in the XDR business, the endpoint security business, we were number 14 out of 14. That was three years ago. This morning, Forrester released their Magic Quadrant. We are number two from technical capability and competence perspective, the leadership quadrant after Microsoft, actually, surprisingly so. We have made technical progress in the last three years going from number 14 to number two technically and from scale and breadth perspective, we have north of 6000 customers. I think it’s down to a four player market now. I think the other ten are kind of gone or will be gone for the most part. And you can count them off in the four. I think it becomes a three player market at some point in time, which is not bad. We’re used to operating at 4% share in the security industry. If you can be a three player market, your share is likely more than 3%. So any category, I can have more than 3% share. I’m happy.
Tal Liani
And what’s the synergy between Cortex and the rest of the portfolio?
Nikesh Arora
So look, 85% of the enterprise data is inspected either at the endpoint or in a firewall. 85%. So if you want to understand what’s happening in a company, 85% of that is there. The rest is possibly in other point products and in the cloud. If I have access to 85% from the data, I can analyze it using machine learning models and deliver security outcomes as fast as I can. So that’s the imperative or that’s the rationale for us to be in that business. We already have 40% share in the firewall business. With reasonable large share in the endpoint business, we can actually become the security operations solution for our customers. This is why XSIAM does well for us because we have access to all this data.
Tal Liani
I want to go back to Prisma access and SASE. There’s a lot of entrants, new entrants to the market, right. So we have Microsoft and all the other firewall companies. How do you — what do you think is going to be — or how will the market look like on two vectors. Number one is, will the other firewall companies be able to also sell on top of their firewall SASE, is it this is the main selling point? Or are there any other factors that can drive success? And second, when we talk with Fortinet or with Microsoft, they talk about a very low pricing level. So do you envision price erosion in the market?
Nikesh Arora
So that’s going to be glib, but I won’t be. It’s too early in the morning. So let’s start with SASE. First of all, SASE is a very large market. And the way to understand it is if you think about — the two things going on. One, the whole cloud revolution, AI revolution forces half of a company‘s traffic to go to public cloud now. If you all you could stay away from public cloud, now the AI have to go there because nobody can actually manage to run and host their models on-prem in their data centers. Those things are going to be way further along. So even the reluctant companies didn’t want to go to the cloud are storing the data in the public cloud to do AI. So it’s possibly good for your friends and public cloud and the guys on the AI model.
That understanding, which means fundamentally your network architecture has changed the company. Used to have a data center, all the traffic whether you inspect it and firewall, it was contained. Now outward traffic is sitting in some other part of the world, which is sitting on a public cloud or a SASE application. So with that change in architecture, your network boundary and parameters have expanded. You have — we do it the same way you do in the data center you do it on the edges, which is what SASE does for you.
Every story you walked down in Union Square, used to have a modem and possibly when you went and gave a credit card, they sometimes hold the thing up in the air, trying to get signal because we want to charge you. Now every store is talking about AR and VR in the stores, they want very high bandwidth in every store, they want to be able to show you the thing through visualization, which means you need a lot more technology in every store, every $5 Burger King store needs large tech stack. So which means that’s got a huge deployment of SASE in other words.
So let’s go — it’s a big market. There are players, I’d say, which have proven their SASE credential in almost every scenario, right? We are in stores, we are in consulting companies, we’re in the federal government, we’re in manufacturing companies, we’re in defense. So we’re — we have north of 4,000 customers deployed. We have north of 15 million endpoints at any point in time using our SASE product plus another 50 million using our VPM product.
So yes, are there 10 more players in the market? Yes, they are. Are you going to see price erosion? Possibly, but price erosion requires commoditization of the space and consistent with the quality products. That’s not there yet. I’m not suggesting he’s never going to be there. And the question is, can you stay one step ahead of everything. So our SASE product is the only product in the market now with enterprise browser integrated into it.
We’re going to launch AI capability. AI access capability, so any AI can be inspecting that. So we’ll just stay on the innovation trend now, stay up there. It’s not a trivial decision. The average SASE customers take about six to nine months to make a decision and they run it through the ringer. So it’s not like I have it, you can buy from me. You have to actually run through the motion to make sure it works because is not a security product, we’re actually outsourcing operations to somebody else, which is a different.
Tal Liani
And when we spoke with last quarter, they are trying to differentiate by saying we’re going to eliminate the firewall. It’s a zero trust, we’re going to eliminate the firewall. This is — that’s where the market is going. Do you share the vision?
Nikesh Arora
It’s a good question for them. Look, I don’t know how you eliminate a data center firewall. How do you take 10 gigabits of throughput running your data center? If you have Visa or MasterCard, you’re running transactions at such volume that you don’t even want to go to a public cloud because public cloud has higher latency than a data center, what do you do with the data center firewall? Get rid of it how. How do you get rid of a firewall as a public cloud? How to get rid of itself?
I don’t think it’s an either or scenario. I think there are different course for different courses. We need high throughput, high bandwidth, hardware, the cheapest form factor in the world even today to do traffic inspection sitting in data centers, you need software firewall sitting embedded in the public cloud. What you do?
When I’ve got application talking in Google Cloud with each other, what are you going to do put it there? You got to have some inspection between the two. What are you doing on AI models? So you will need, fundamentally, a firewall is the ability to inspect traffic, right, wherever the traffic goes from point a to point b. If I can insert my submittal, I can see what’s happening, what’s coming from here, where is it going? Is there bad stuff in the middle? That activity will still be alive forever because volume is growing 2x to 4x every year. If you say the volume of traffic in the world goes up 2x to 4x times every year, the act of inspection is needed for every bit of traffic. That’s what security is about.
Now, which form factor is done in depends on your deployment. Whether it’s done using a SD-WAN box with software in the cloud or is it done in a firewall. It just depends on what becomes cheaper to inspect. When you talk to Fortinet, they’re deploying SASE and firewalls. If you talk to Cisco, they’re doing the same thing in router boxes. So I think that’s a bit of a competitive comment.
Tal Liani
And is there a synergy between your firewall revenues or firewall sale and your SASE sale is there?
Nikesh Arora
100%. Yes, the synergy is that, look, once you — there are two parts — three parts. One is you want to get in the traffic flow. Number one, you get in the traffic flow by putting a firewall or putting a SASE endpoint in your laptop.
Two is you have to be able to inspect and stop bad things. And three is if you find something suspicious, you have to go analyze that data and give a signal saying, there is something going on over here, I can go fix that.
Now, you want to do it consistently for every bit of traffic. You can’t say for this bit of traffic, I’m using vendor X. For this, I’m using vendor Y. For this, I’m using vendor Z. Let’s all try and figure out all this bad stuff together, because you want to run consistently the same way. So our benefit is we run the same analytics across any form factor. You buy our firewall, you get the same analytics, you buy our SASE, you get the same analytics, you get the same pane of glass to do the governance and the security policies. So that’s the benefit of having it. That’s the gold point of optimization.
Tal Liani
I want to switch maybe to Prisma Cloud another big opportunity for you. You and I had here a discussion two years ago and there are a lot of startups in the space. And you look at the market today, and most of these startups are having difficulties — serious difficulties rounding down or valuation going down in rounds. And the question is, how will the market look like in your point of view? Like five years from now, we know it’s going to be a giant market, it’s going to be a big market because that’s where applications are going. But from a player’s point of view, how will the market look like? Will you have the same competitors you’re having today, or do you envision entry of other players to the market?
Nikesh Arora
What’s fascinating is in security you discover there are two very large categories of products, let’s call them. One is called hygiene, the other is called real time protection. Hygiene is setting the configurations, figuring out if something stupid, somebody left a door open, somebody left a window open. You check the configurations, make sure nobody’s left anything unconfigured or badly configured.
Real time protection is when you see bad things. You can stop them in production from doing bad things to your enterprise. Your infrastructure, which is typically what happens on XDR endpoints or firewalls, or in the SoC, you stop that things from happening.
This cloud security industry has been heavily biased towards the hygiene factors. If you look historically, there have been companies that have come and gone. We had dome nine that got brought up by one of the vendors. There was Divi Cloud, there’s Aqua, Orca is here, there’s a whole bunch of companies. What happens over time? The companies have come and gone. And you discovered many of the larger players have started creating cloud capability in the market, which is fine, which is what part of the course is going to happen.
But I think the bogey shifts to the real time protection parts more and more, as opposed to the hygiene parts. The hygiene parts are commoditized because all you do in hygiene is you are basically taking APIs from Google, Microsoft, Amazon, Oracle, IBM and saying, here’s all the configuration data. Let me go give you a way to make sense of it.
Hygiene is cheap to do, so there’s always pricing pressure on the hygiene part. It’s a good start because people are still configuring, but as you go into production, you have to start doing real time protection and production. Industry moves there where again, that is where we’re putting our bet on XSIAM in the cloud — for the cloud. So we built cloud security capabilities and our XSIAM capability. We think over time the enterprise converges to enterprise security and cloud security into one pane of glass in the socket.
Tal Liani
You mentioned you made seven acquisitions. How streamlined? No, within Prisma Cloud, how streamlined is the solution? Have you managed to integrate all these seven acquisitions into a unified experience for customers, et cetera?
Nikesh Arora
Yes, I think we did that in the first instance. We could have done a better job. We relaunched it by doing a better job. So our volumes grow 30% to 40% a year based on consumer –customers cloud data that we have to inspect. But because of the competitive nature of the industry, there’s been tremendous pricing pressure, which I expect from the hygiene side, you’ll see the bogey shift towards the production side. So the market hasn’t grown at the same rate as the volume has grown because of pricing pressure on competitive behavior. But I think the long-term is going to be great.
Tal Liani
Same question I asked you about Prisma Access. How synergistic is Prisma Cloud to the rest of the business?
Nikesh Arora
At the SoC or take endpoint, you have this product called XDR. It’s basically a detection response agent that sits on your endpoints. The same agent now sits against your cloud workloads or cloud VM, the cloud hosts. So you don’t need two different agents doing detection response for different parts of your infrastructure. The synergy is there. Our XDR agent works both for cloud security and for enterprise security. We ingest the data into our SoC. In XSIAM, we don’t have two different XSIAM, or we don’t have two different SoCs. One for enterprise firewalls, one for the cloud, they all go in the same place.
So it’s very hard over time. The customer doesn’t want two different installations saying this is all my cloud traffic. This is the my on-prem traffic because eventually many of these applications talk to each other. A lot of the legacy systems are still sitting on-prem.
So, if you have a beautiful mobile banking app, it still has to go touch an on-prem data center or some legacy data that’s sitting in your infrastructure. You need to be able to inspect that application across both infrastructures.
Tal Liani
So the market went through, the market itself went through a period of elevated demand and then a period of absorption. Talk about the outlook for firewall, overall firewall growth. And we spoke a little bit about it but is there a different environment going forward? Then forget the last three years, it was different, unique. But if you look at the three years prior to that and the next three years or the next four years, do you see different environments or is it going to go back to what we’ve seen before?
Nikesh Arora
So Tal as you will appreciate, I’ve been very consistent that the underlying firewall market grows at 5% to 8% and sometimes goes zero to 5%, sometimes goes 5% to 8%. There are all kinds of extraneous factors, like supply chain issues, pandemic or price increases because of supply chain. That happened. All those are getting normalized and you’re discovering that the underlying growth is still zero to 8%, sometimes closer to zero, sometimes closer to 8%. I don’t think that trend changes.
The confounding factor, as you know, is as the migration of the cloud happens, it puts a damper on hardware, and you should see the benefit of software. So our software firewalls grow 3x the space than our hardware firewalls because we’re seeing more volume in the cloud than we’re seeing in hardware. I think the industry grows at still at zero to 5%.
I think the question is how many vendors are selling as much software firewalls as they’re selling hardware firewalls? The traffic is growing, the volume is growing, the pricing pressure is not there. It’s like — it’s firewalls are adequately priced and there’s like — it’s not like that it’s competitive that people go win a firewall because of price. They win firewalls because of existing install base, because of competence, capability and comfort of the customers with that capability.
So I think that market goes in the zero to 5% range. I don’t think it changes. I think the individual companies in the market, it depends on who’s taking share from who, because there are still some donors in this market, which we appreciate and some of the other players get more share. But I think it’s a steady business. The value we see is once you have a firewall, what else can you do? So we’ve launched IoT, we’ve launched advanced DNS recently, advanced WildFire.
So we have more advanced capabilities that sit on top of the firewall. Because once I’m in the infrastructure, the customer shouldn’t have to deploy more sensors to do more things. The rest is also. So the hardware acts as a control point. On the sensor enforcement point, I should do a lot more software capabilities that sit on the hardware. To give you an example, every company is now, on average, 20% of their employees are using AI, some AI app, and the AI app is very tempting. It says, hey, take your beautiful marketing blog, upload it and I’ll show you how to do a better job as an LLM, which means approximately 20% of people are experimenting within companies. Now, you’ve got to inspect that to make sure they’re not sending corporate data or proprietary data into some public LLM and training it because that’s a bad thing.
Now you have two choices. You go to a new startup who say, let me get in the middle of that traffic flow so I can inspect it, or I say, well, I already have a SASE flow in there. Let me just create that capability of inspection, which means I can go sell another 20% of revenue to each of my customers without deploying any new hardware or any piece of software. So I think five years ago, the secure industry was very orderly. Everybody played in their swim lane, and they didn’t mess with the other guys. We did our firewalls and somebody did the endpoint. Somebody did identity. I think we’ve unleashed fury in the market where we’re saying, look, you can play in other swim lanes, so now you’re seeing a lot more cybersecurity companies want to be in other swim lanes compared to the one they started.
Tal Liani
Financials you and I spoke about billings versus bookings and for the right reasons, you say, focus on bookings. That’s the important part. Talk about both ends. What do you see in the market in terms of bookings? And what do you say to investors on the billing side?
Nikesh Arora
So I think I’m going to keep saying this until somebody believes me. I think billings is a broken metric. I think for all of you very astute investors, you know the differences. But I can’t hide my bookings. Bookings is going to go sell amount of business to a customer and there’s a duration of that deal. If it’s one year, two year, three years, four or five years, customers like commit to paying you $10 million a year, in five year is a $50 million of bookings this shows up on the RPO. This business I have — services I have to deliver, they have made the commitment, it’s contractually agreed.
As customer says, bill me every year, my billings are $10 million. The customer says don’t bill me for two years now and the other three years is going to happen, it’s $20 million. If I tell the customer, why don’t I lend you money and you pay it back to me and my billing is $50million. Because I lend them $50 million and I got $50 million. So billing is the metric that really depends on when the customer invoiced for the services. We’ve lived in benign interest rate environment for a very long time, 15 years, the customers didn’t care. They’re like, hey, do you want the money upfront, what discounting wouldn’t give me.
Well, you’re only making 25 basis points here for three years, I’ll give you 3% off. You give me the money now it’s great. 3% upfront is better than 25 basis points a year and give 3% now. They want a 20% discount because their cost of catalyst 6% to 7% a year, if you’re lucky. So nobody has to pay mid-year, you ever try to go like — would you want to pay your Netflix subscription upfront for the next five years? No. The world has changed. I don’t think going back to 25 basis points anytime soon, you guys know better. I don’t, but I haven’t seen it yet.
So of the conversation in payment side different, which means billings is a number I’m trying to manage on a constant basis. The number I cannot hide from is RPO and bookings. I can’t hide from that number. No company can. So any company and you start looking at billings and companies like, you got to watch out what the RPOs at the billings, it’s kind of where it is. And we spend way too much time in trying to go into a customer, we did $150 million customer. Hey, do you want borrow $150 million. What for? So you can pay me upfront, really, that sounds like a silly idea.
I’m going to CFO saying, please borrow $150 million from me, I’ll give it to you, you sign a promise note and you can buy my services. It’s a long and a tough connotation and unnecessary because all that does is, it doesn’t change my business. It just moved $150 million from RPO to billings. You want me to spend time doing that? Great. That’s a bad idea what users who want me to be doing that.
Tal Liani
Maybe I’ll talk here with my line of questions, I have a few more, but I want to leave enough room for questions from the audiences. Is there a question in the audience? Anyone wants to ask a question, just raise your hand? We should have a microphone going around.
Nikesh Arora
Say them for the one-on-ones.
Tal Liani
Yes. (To shine ) how do you define — you mentioned the last quarter, 65 platformization deals. How do you define the platformization deal?
Nikesh Arora
I sell my network security stack and I have 80% penetration in the customer platformization. If I sell my cloud stack, they’re using for multiple modules platformization. It’s a minimum threshold of $1 million at least, platformization deal. It’s just a metric. Remember, I said I’ve got 900 platform deals done. When we do triple my business, I need to get a ($2,500, $3,500) in the next five years to triple the business. And this is just a way to keep track. If I’m showing a 65, you do the math. I need about 70 a quarter on average, give or take in the next five years to get to my number. So if I’m too far off the 65 reported then you are not at pace to get to triple my business.
Tal Liani
Another thing that we discussed before was the federal segment, you derisked your guidance and you remove federal contribution. What is — first of all, what are the current trends in federal? And how do you see it playing out the next few quarters, a few years?
Nikesh Arora
Federal is very interesting. They spent a lot of money in cybersecurity approximately $18 million to $20 million a year, but it’s a 75% business. A lot more of that is services — professional services people do very customer specific things. Half this federal government gap, they don’t want your cloud processing of the federal data. So it puts you in a very interesting situation. What happened to us, we have worked very hard for about 1.5 years or 2 to get into the pool position, which you did on selling SASE across the entire missions in the government, a project called Thunderdome.
And we discovered that eventually got fragmented and everybody can make their own decision. So it was a strategy that they had, which got fragmented and we kept trying to sell it. So that’s going to happen more organically than as one-time. We just put that out of our forecast because we don’t want to rely on it, a large number tracking our forecast, which we don’t know the third tier. And it’s still a robust business to do — so large single-digit percent of our business comes from the federal government on a regular basis. So it’s not like it’s a bad segment to be in. It’s just a big, lumpy deal.
Tal Liani
Got it. Another thing you spoke last quarter was $150 million deal in the health care space. Can you provide details? I mean this is a giant contract. Can you provide details on what are you doing for the customer? How did it start? And what did you replace with? So, just a little bit of details on your participation.
Nikesh Arora
Well, nothing focuses the mind of a technology team more than a bad cybersecurity incident, right? It’s very hard for them to ignore it. And unfortunately, one of our customers ended up in that situation. We have a team called Unit 42, which goes and doesn’t sit in response. They were come on there, they went there and the difference between what we do and what most other people do is we just don’t fix tell you what happened from a security breach perspective, we actually can go implement the solution for you, unlike most people. And given our expansive platform, approach we can cover 75% to 80% of the stack and replace everything in short order because everything is stitched and work.
So we were able to see eye to eye with the customer. Our team pretty much lived there for three months, rebuild the connectivity with the tens of thousands of pharmacists in the United States so that — and every pharmacy wanted a net new clean connection. So the underpinning of that is SASE, Prisma Access now connects a lot of those pharmacies. They are protected by endpoint in our SoC platform and our health capability. So across the board is public knowledge that we are currently working on the next health care act that has gone to the market. It’s far as big as the last one. So we just want to put any numbers in the forecast.
Tal Liani
Great. My last question is just on margins. Margins were strong last quarter up to 100 basis points. What’s the outlook?
Nikesh Arora
I think if you step back and think our forecast is to get close to $8 billion of revenue this year, it still makes us the largest independent cybersecurity business $8 billion. I think we’re beginning to hit scale economics from a cybersecurity industry perspective, which is good for us. If you think about the P&L, most R&D costs are between 12% to 16% for the company. Most G&A costs are 4% to 6% if you’re — unless your broadcom is a lot cheaper, but that’s a different state.
Your majority of your cost outside in your gross margin is cost of sales and marketing and customer support, it ranges anywhere from 40% to 70% depending on size of the company. That’s where scale matters. And that’s our larger deals per customer matter. Because if I can do $10 million to $1 million deals, I have to still need the same amount of reps, I do $10 million deal they’re going to need to do $1 million deal.
So I think the entire platformization approach, the entire approach towards the larger presence in our customers is margin accretive in the long-term. And I’ve heard rumors that people expect AI is going to deliver even more savings in the future. So I’m looking forward to those. We’ve tried a few experiments. We see some benefits. I think it’s going to take a little longer than most people think. But it will come. It’s not — there are clear productivity instances you can see. It does require a change of behavior. It won’t be like you can take these 500 people and have them go away. It will be all of us who will get 30% or 40% more efficient. The question is how do we manage that as organizations, how do we take that 30%, 40% more productivity out of each individual and turn that into economic value. But prognosis is the margins should continue to see positive benefit over the next few years, both from a scale perspective, cost of goods perspective and from the cost sales and marketing perspective.
Tal Liani
Great. Nikesh, thank you very much.
Nikesh Arora
Thank you for having me.