Zscaler, Inc. (ZS) Earnings Call Transcript & Summary

Good afternoon, everyone. Thank you for joining us on day 1 of the UBS TMT conference. I am your friendly neighborhood software analyst here at UBS, Fatima Boolani. Grateful to have you all join us today. I am thrilled to be hosting Zscaler in our 2:50 time slot today. And I'm joined by the management team here: CEO and Founder, Jay Choudary; as well as CFO, Remo Canessa. Thank you, gentlemen, for joining me today.

Thank you.

Fatima, thank you.

Terrific. Well, before we kick start the discussion, Jay, I did want to turn it over to you to start off the session with some of your prepared remarks and some slides that you are presenting to really help those who are new to the story and even though who's familiar with the Zscaler story, to sort of walk through what it is that you are doing so differently and in such a unique and differentiated manner. So over to you, Jay, to kick things off.

Sounds good, Fatima. Thank you. You should have the slides that are sent to you ahead of time. Zscaler is about accelerating your secure digital transformation. We are not viewed as yet another security company but the enabler. Now if you look at the second slide I have -- or the first slide after the cover slide, you see this hub-and-spoke network, where all these branch offices come to the data center over a private network. Then you see the data center, which has lots and lots of appliances, security network and gear for WAN termination, for BMZ, for B2B zones and the like, with beautifully color-coded routers and firewalls and UTMs and load balancers. This made sense. When data center was the center of the universe, all applications sat there and your branches took straight path to the data center. Fast forward, in today's world, that's my next slide. In this thing, applications are sitting anywhere and everywhere. And your users are everywhere. And the users could be workforce, your employees or could be your customers. In this model, trying to do network security by having your own network and having the castle-and-moat security model doesn't really work. So in this model, Zscaler is sitting in the middle as a Zero Trust Exchange platform. Think of us as an electronics exchange or maybe in layman's terminology, we are an intelligent switchboard. A user comes to us. We validate who you are using your identity provider. We look at the policy. If the policy says yes, we connect you to the right application or service. So in this model, applications are simply destinations. So your data center just becomes one more destination like your applications in Azure or AWS. And your users are out there. They come over any network, often over the Internet. So Internet is becoming your corporate network. Cloud is becoming your data center, and we are a critical piece to enforce policy, a policy engine. So we don't do typical old-school network security where you're securing the network. We are a Zero Trust Exchange that connects the right user to right application. That's really what sets us apart. A network security vendor that's doing castle-and-moat security all these years can't just become a Zero Trust Exchange by flipping a bunch of firewalls in the data center. Now the overall view of transformation. Unite has become a buzzword, but transformation starts with CIOs' strong desire to modernize your applications. So this, my next slide, talks about 3 steps of transformation. The applications are moving to either SaaS or to your public cloud. And if you do that, all this hub-and-spoke network doesn't help. You're trying to backhaul to the data center and then go out. It's like flying from San Fran to Chicago via Houston. You want to go direct. But you can't because your security is sitting in the data center. That's where Zscaler comes in. We build this Zero Trust Exchange around the globe in 150 locations. So the employees headed to external applications, such as SaaS and Internet, goes through our policy engine called Zscaler Internet Access to make sure we block the bad, protect the good. And your employees trying to go to your internal applications, which are sitting either in your data center or they are sitting in a public cloud. So -- and the policy engine, Zscaler Private Access, make sure you have secure access to them without needing a VPN and also without exposing your applications and minimizing your attack surface. So with ZIA and ZPA together, we actually become a foundation for application, network and security transformation. So by doing so, the next slide shows that we can take your complicated network and make it a fairly simple zero trust architecture by connecting users to applications. In the process, we end up giving you far better security, much better response time, far lower cost and simplify your IT. We started at ZIA. Our next slide talks of 4 integrated pillars. ZIA, then we expanded to ZPA. ZIA and ZPA are the 2 big growth engines for us today. Then we added Zscaler Digital Experience so people can't just access applications fast, they can help us figure out if things are not going well. Maybe there's some slowness in network and the like. And then the next big thing we're building on, and we did 2 acquisitions in this area to make sure we had the most comprehensive portfolio that's fully integrated, protecting workloads in a public cloud because that needs to be secured as well. All this is built on a cloud-native platform. We're not trying to bolt things on. And clearly, from a sales point of view, we had to come up with a unique sales process because it's not like selling boxes through traditional VARs. We had to do a fair amount of thought leadership over the years. It's getting easier and easier. We don't need evangelism anymore because customers are educated. They all want to move to the cloud. They want to move security to the cloud, but they don't know how to do it well. That's very common. So a bunch of CXO events, working with SIs, SPs and some of these cloud-focused VARs are helping us build our pipeline. Then we have a very strong sales team that I -- that really figures out the transformation areas, goes through architectural workshops for demonstrating the change in architecture and show them the business value we create. That leads us to landing the deals. We don't have to sell everything upfront. So we land and then easily we can expand from there with very good deployment services, quarterly business reviews, the leaders as well as exactly briefings and whatnot. So with this process, the last point I want to make before we get into Q&A, is it becomes a very simple ecosystem, where we are sitting in line, in path to enforce policy almost like an international airport. We work with our leading ID providers like Microsoft and Okta. We integrate with end point management security vendors like Microsoft, VMware and CrowdStrike. We can take traffic for any routing devices. We can feed logs to your security operational solutions, and we had done tight integration with all leading cloud providers as less SaaS applications. So that's our overall story and positioning. With that, Fatima, over to you.

Thanks, Jay. And you touched on a number of different areas that I want to spend some time parsing through and peeling back. So maybe to just start at the highest level, I think it would be stating the obvious for me to say that this has clearly been a very unique year for most enterprise software companies, and certainly for you. And thinking about the myriad crosscurrents that have impacted Zscaler this year, what would you characterize as maybe the most significant external and internal factors that has impacted and positively impacted your business momentum year-to-date?

Yes. Overall, we all have gone through some challenging time this year with COVID and whatnot. So obviously, work from home was important. And we play a big role because we are designed, we are built where people are going to work from anywhere. But I think that the biggest change wasn't COVID. The biggest change is what COVID did to the mindset of CIOs who used to think that they need transformation, but transformation is tough. The network may take a long time to change because it's complex, it's expensive. How will I keep on running our business? With COVID, they realized that with a cloud platform like Zscaler with Office 365 or Zoom out there, they could do secure collaboration and engage with application access and whatnot. So changing the mindset, shaking off inertia where CIOs and CISOs that are realizing that they can go faster to become more agile and comparative is the biggest event. That's what's really accelerating our business even though the work from home is already happening. But the long-term trend is helping us to accelerate this transformation.

Jay, obviously, organizational priorities have shifted almost overnight because the drawbacks of current approaches are becoming that much more evident. And CIOs are certainly thinking about the architectural and operational themes around security that tie back to digital transformation. So with that in mind, where does the CISO, CIO appetite for Security as a Service stand today, even versus 6 to 9 months ago, so call it pre-pandemic, based on what you're seeing?

Yes. So it's interesting. What we do doesn't really sit just with the CIS or CISO. It's really an effort that's driven by CIO, Head of Networking and CISO together. In fact, most transformations are not led by CISOs. Most transformations are driven by CIOs because transformations are driven by applications because at the end of the day, it's all about being able to build, deploy applications faster and better to really make better business decisions with all the data that's being collected. So it's the application that drives it, but access to those applications in this new world becomes a challenge. Security becomes a challenge. So it needs transformation of both network as well as security. In fact, as a CIO would say, I call you the enabler of my transformation, not just a security vendor. All 3 parties come together. You can't do -- if you want a security box, you don't need to talk to a CIO and Head of Networking. Your box set at a certain place in the data center, and your CISO could replace one box with a second box. What we are doing is transformation of infrastructure and security. So it -- both parties come together driven by a CIO. That's how our sales process works. And then once they like it, then they need to take it to the architects, their network architect, their security architect, their application architects. They drill down to the next level to make sure this change in architecture works well. And that's how we win it. And traditional security vendors aren't really designed to do anything like that because they are meant -- they're built as boxes, and they may try to take a box and spin it in a cloud, i.e. with VMs and whatnot. That's what I like to say, you're trying to build a Netflix service using DVD players that really doesn't work besides being able to do some good demos.

Jay, I want to stick to your about this transformation that's happening in 3 distinct pillars, right? You've got the network transformation, the security transformation, the application transformation. So maybe starting with the network pillar. It brings to mind some of the dialogue and conversations around area networking and to your point earlier about the Internet now becoming the corporate network. And so with SD-WAN and SASE, and pardon my alphabet soup here, can you talk about the dynamics that you're seeing in the marketplace for SD-WAN because it has implications for network transformation? And why is the MPLS replacement cycle, if you can educate us as to why that's still a relevant entry point for you and even your partner strategy as you go to market?

So before we started pushing for local Internet breakout, which means every branch office can directly go to the Internet rather than having to go back to the data center over this private network called MPLS. So every enterprise simply had this hub-and-spoke MPLS network. It is very expensive. It was ideal to go to the data center but not for the cloud. So we have been preaching and evangelizing the need to go direct. And we -- what have we done? We have basically gotten just shy of 25% of Global 2000 companies as our customers. I think -- and it's approximately 1/3 of the Fortune 500 companies. But the rest of the big world still needs to do local breakout. Local breakout of the Internet does not require SD-WAN, but SD-WAN makes it easier because SD-WAN is cloud-managed. It can be easily managed rather than individual routers at a time. So SD-WAN helps that transformation. I think what we saw with COVID was customers start to even skip the network transformation step. What do I mean by that? They used to think that I must do local Internet breakout from every branch office with SD-WAN or using the older routers. Then certainly, with COVID, you're sitting at home and working from home. You're not really going to the branch office. That's when Takeda's CISO said, "Huh, with Zscaler, I was protecting 7,000 branch offices. Now with COVID, I'm already taken care of with Zscaler, but I am protecting 75,000 home offices. There's no difference." So for us, it doesn't matter where you're sitting in a branch, behind SD-WAN or you're sitting at home, just on your laptop. We work equally well. So we integrate with SD-WAN, but we don't require SD-WAN. SD-WAN is better than old-school routers. But with COVID, everything is going direct. And I can do actually some of the deployments with employees sitting in home in a matter of days.

How does your position in the marketplace change when vendors like Silver Peak or being acquired, Viptela and VeloCloud, certainly with whom you've had integration relationships have since been acquired, and more recently, CloudGenix? I mean, how does that consolidation and M&A activity in the SD-WAN space impact you?

Yes. There's a lot of talk about SD-WAN and security must come together with WAN vendors. I really don't believe in that because networking skill set and core competencies, very different and security competency where you're inspecting everything. So also, if you look at zero trust security, in the zero trust world, you're independent of the network. You don't put people on the network. You connect the users to specific applications. The network is an important transport to go from A to B. But I don't think we need to do network security as we don't do network security. So it is important to have partnerships. So we have a great partnership with VMware. Yes, we have been working with Silver Peak a while. Even we work with Cisco because our customers basically bring us together and say, "I am deploying Cisco, and I need Zscaler to do security." So our position is that we need to integrate with SD-WAN vendors or known SD-WAN vendors such as [ algorithm ] switches. But security that we need to do as a switchboard is independent of where the traffic is coming from. So we aren't looking at buying any SD-WAN vendors. Partnerships is our strategy.

Got you. That makes sense. That makes sense. That's very comprehensive. Maybe shifting to the security pillar of the transformation. We discussed the network. So shifting to the security piece. Certainly, your roots and your launch in the marketplace nearly a little over a decade ago was within the traditionally defined web security realm. There's clearly been a lot of opportunities for organizations to reevaluate how limiting traditional web security and traditionally on-premise hardware-based web security and inflexible these form factors have been. So can you talk a little bit about your core ZIA product? That's a flagship product for you. How has the web security market changed certainly over the last year? And how should investors think about, call it, the legacy replacement cycle tied to the Blue Coats and the Ciscos and the Websenses of the world where some of your competitors in the past?

Yes. So web security market was dominated by proxy vendors, means vendors were a proxy architecture to inspect the user traffic. In fact, Blue Coat had -- some 5 or 6 years ago, had published a data point. They said they are deployed in 85% of Fortune 500 companies because they've built a good proxy for traffic inspection. But what has happened is, as the world moves to the cloud, unless these proxy vendors could pivot and build a good multi-tenant, cloud-native proxy platform, they couldn't succeed. So that's where we come in. If you look at a lot of replacements we are doing, it's a starting point is -- almost all the large enterprises, someone like Blue Coat, or maybe in some cases, McAfee; in some cases, it may be Websense; or in some cases, they have been Cisco products. So replacing them and doing them in a multi-tenant fashion. Now all these vendors I just named, these proxy vendors, actually have built and deployed cloud-based offerings, but it lacked one thing. They were all single tenant. Generally, they are trying to spend virtual machines in the cloud and say, "I'm a cloud service too." Really doesn't work. That's what Siebel software tried to do to compete with Salesforce for years. Salesforce was tiny. Siebel was a dominant player. We know what happened. At the end of the day, the right architecture won. So that's kind of one part. The second part that's needed, that evolved over time was beyond going to the cloud is a fuller platform. When web proxy vendor had started, they had started out with -- have basic security like antivirus and web filtering type of stuff. Then we needed more stuff. The customer said at the gateway going to the Internet, "I need advanced protections. I need sandboxing capabilities. I need data protection capabilities. And I need even bandwidth optimization so I could deliver quality of service." So it has evolved into a full-blown platform, even the ability to inspect non-web traffic. So that's kind of like a firewall supporting all ports and protocols. So what we did was we built a platform that has full functionality so you don't have to buy any other product sitting in line to inspect traffic. That's number one. Number two, we built a multi-tenant architecture. So the 2 together is giving us very great advantage, and that's why we're winning over these large incumbent vendors.

And would you say the incidence of a replacement -- or call it, the replacement cycle, has that accelerated, would you say, over the last -- over the course of 2020? And how much room do you think there is for you to sort of exhaust that displacement opportunity?

Yes. Well, I would say acceleration is beginning to happen. Financial services, the big banks were low but slower. The manufacturing companies and all the others have moved over the past several years. I was talking to a large bank and they said, "We thought that we had 2 or 3 years to replace my Blue Coat proxies and talk to Zscaler. And now, we know that I need to do a lot faster." So we are seeing acceleration of that happening. So that's clear. And we are the beneficiary of it. In almost all the cases, if you talk to Fortune 500 companies that are generally high-end proxy Blue Coat kind of vendors, most of those deals are coming to us without any competing with anyone else. The only competition is Blue Coat in that case, but these guys have -- just don't have a meaningful cloud-based solution. They have a cloud solution, but it just doesn't work. Now the second part of the question is, how much market is left? I'm kind of reading all the data out there from IDC and all that stuff. I don't have the exact number, but I think IDC believes that about $1 billion worth of replacement opportunity or renewal opportunity on an annual basis. The total size of installed base is several billion dollars. So that's a starting point. Also what happens with Zscaler is that they may have deployed a Blue Coat proxy with just antivirus. When they look at Zscaler platform and say, "Wow, I can do DLP. I can do outbound firewall. I can do sandboxing all together." So we end up starting a discussion around a Blue Coat replacement, and it ends up being with Transformation Bundle, which has most of the platform functionality of ZIA we have to offer. So we think it's a good, long-term, multiyear opportunity for us.

That's really interesting. And maybe shifting to ZPA because that's sort of really catapulted to a very important growth engine for you, especially this year and certainly in the 9 months just past and especially with new logos. I'm curious if you can kind of talk us through the conversations you're having with customers who maybe deployed ZPA on, call it, an emergency basis earlier on in the year but really are now taking the time to think very long term and architecturally about ZPA. How has that changed? And frankly, how much of that was activity that you pulled forward or accelerated? And how much of that is really sustainable and durable from an installed base growth perspective around ZPA adoption?

Yes. It's a very good question. It gets asked quite often. So first of all, ZPA was launched about 4.5 years ago. Okay? And we started working on it 6 years ago; 2.5 years of serious R&D was done to create this zero trust architecture. And we had pretty impressive growth. Year 1, we had 4% of new ACV; year 2, went about 10%; year 3 was at 15%; and year 4, which was the last fiscal year we ended in July, was about 27%, 28% of new ACV, which is great. Now what's driving it? Overall, I mean even before COVID, the growth has been very impressive. Because with the combination of ZIA and ZPA, you can work from anywhere. With ZIA, you access internal -- sorry, external applications. With ZPA, you access internal applications. But it's all transparent. You don't even think about what's internal, what's external. We figure it out. So it makes it very, very easy for customers. So when COVID happened, most of our customers already had ZIA because they were our customers. And a number of them were evaluating ZPA. So they went on to really get ZPA so they could work from home with zero trust. Now still, in spite of all that, when was -- the last quarter or so, maybe a quarter ago, we looked at it. Only about 31% of our customers -- ZIA customers who had ZPA. All others were still looking at it, evaluating it. And I think the number went from 30%, 31% to about 38%, 39% in the recent quarter. This is ZIA customers who also bought ZPA. Because the 2 together becomes very nice. We -- it's my expectations that it's a matter of time than -- when every Zscaler customers, every employee will have ZIA, ZPA and Zscaler Digital Experience. Because of the combination of those 3 things, you need nothing else other than your end point with a directory service going through Zscaler can not only give you secure and fast access but also tell you if there's a performance issue so you can troubleshoot and figure those things out. So we think we've got a big long-term opportunity with ZPA. I don't believe the notion that ZPA was just a COVID thing. It's going to slow down. We don't see it slowing down.

And Remo, maybe to get you into the fold here, just with respect to putting some numbers around the financial performance and the financial ascent of ZPA as a contributor to the model. How has that trended? And what are some of your expectations of contribution here from ZPA?

Yes. Good question. Also, that 38% that Jay talked about, that 38% is the -- our G2k customers. So that's based on our G2k customers.

Right. Thank you.

Yes. ZPA, because it has increased our new [ net cell ] business with COVID last March, hitting 43% of our business in that April quarter, has been basically high 20% in Q4 and also high 20% in Q1. The revenue contribution, it's gone up on a quarter-to-quarter basis. Q4 was 12% of our revenue. Q1 was 13%. Certainly see that trending up. Pipeline indicates healthy ZPA contribution. As Jay mentioned, COVID was basically the start with now digital transformation. And if you're trying to do digital transformation, it's both ZIA and ZPA and ZDX. So we do see the contribution to continue to go up for ZPA.

And Remo, as you look at the pipeline, which has given confidence for this trajectory for ZPA to continue. In a similar analog to what Jay was talking about with respect to the replacement cycle for ZIA, is there a similar dynamic for ZPA that you're seeing, where maybe you're coming to hearing some budgets that used to go to other access-type vendors or technologies?

I can start there. Yes, I can start there. The starting point, our replacement budget comes from VPN, virtual private network. VPN is a security issue. VPN is a response time issue. Whether you do it on-prem or a vendor tries to say, "I got a VPN in the cloud," it's still the same problem. So starting point is replacement VPN. Then it starts expanding from their own words. For example, zero trust architecture has become very, very important in the last 12 to 18 months when I talk to even CIOs. I mean, CISOs talk about zero trust all the time. But when I talk to CIOs, about 7 out of 10 will tell me that zero trust is one of the key priorities for us. So ZPA gets bought in as Phase 1. Eliminate my VPN. I got the budget to get it off it. Phase 2. I need to access my applications sitting in my public cloud in Azure AWS by going direct. Without ZPA, you'll be going back to the data center. And then tromboning from the data center over a site-to-site VPN, not a good idea. And then they want to move on and bring zero trust to the data center and the like. So it is a zero trust, really, acquisition. It's a purchasing for zero trust. That's why most of the deals for ZPA are being done as 3-year deals, not as short-term 1-year deal. Remo, anything you want to add to it?

No. That's it. That's perfect.

Okay.

And Remo, just on the deal sizes here. Historically, when VPA was still in more of an awareness building mode, perhaps you were deployed in a smaller subset of the organization. I'm wondering fast forwarding to today and knowing what we know, how have you seen the, call it, estate that you're now capturing with ZPA that otherwise would have just been smaller? Has that been an important contributor?

Yes. I mean if you take a look at our upsell, strong upsell with net retention rate of 123%. More of ZPA is being deployed. I mean, for example, in our April quarter, we had customers that had limited deployment of ZPA. COVID hit, and they couldn't get their employees basically to access internal applications. They then basically turned on ZPA for all employees. So as companies are making this digital transformation, you want employees to be able to access the Internet. You want the employees to access internal applications. And you want to know if there's an issue related to performance, you want to know where that is. That's ZIA, ZPA, ZDX. So as we go forward with our platform, we feel that the uptick will continue to increase.

Yes. If I may add one more thing here, Fatima. It is true, a year or 2 years ago, the number of ZPA licenses would be somewhere in the 25%, 30%, 40% or 50%; and in some of the high-tech company, maybe 70% or so. But now everyone working from home, the numbers have gone up. But then the question is, what happens afterwards? If zero trust wasn't a big initiative, you would kind of think that maybe they'll use less. But zero trust architecture basically saying, whether you're in the office or your home, you should be viewed as untrusted and you should not be on the same network that the applications are. So they're extending Zscaler zero trust, not just for home use but for office use as well. So that's why I basically say it's a matter of time that every user will have ZIA as well as ZPA for a given customer.

That makes sense. Maybe taking a step back, the portfolio has certainly expanded over the last year with a whole new slate of product capabilities that you're actively now monetizing, including the CASB solution, browser isolation, et cetera. I'm wondering if you can kind of talk to us about how you're monetizing these new capabilities? How do these capabilities compare and contrast to what has really, frankly, been a simple consumption model between the good, better, best bundling strategy that you have? And how do you make those decisions, especially as you move into the cloud workload protection area and the portfolio expands even more?

Right. So as you see in the presentation, we have 4 pillars on our platform: ZIA; ZPA; ZDX; and now Workload Protection (sic) [ Segmentation ], the youngest, the newest one that's evolving. So we aren't really trying to add a long list of products of independent. They all fit in a given area of the pillar. For example, CASB and browser isolation, they expanded our portfolio of ZIA offerings. ZPA has more offering. In fact, browser isolation also fits with ZPA and you'll see more products come in that area. So 4 key pillars and several growing products in each area. That's one. Two, in many cases, we'll add the new products as a part of our bundles. So bundles are changing. Bundles are growing, which is a natural thing for us to do. Number three, the cloud protection, the workload protection you mentioned is a relatively young and new area, which we want to be there early on sooner. We think we can disrupt the workload protection area, which is being tried to done -- people are trying to do by doing old-school network segmentation, firewalls and the like. We think we can do it by zero trust, the way we disrupted the ZIA/ZPA traditional market. We can disrupt that market as well. So very excited about the fourth new area. And also coming on ZDX. ZDX is a new market. It's a new offering. This became a problem when people started to work from anywhere and everywhere. And we think we are seeing a lot of traction in that area and excited about the opportunity.

That's really helpful. And of course, the breadth of the portfolio would be nothing without the investments that you're making on the go-to-market front. How should we think about your priorities for your go-to-market and sales organization in fiscal '21? And maybe give us a couple of reminders of the steps and efforts and changes that you've made over the last 12 months that have really given a little bit of a turbo boost to the business and the growth profile.

I'll give you the qualitative view, and then Remo can add from the quantitative side of it. So I think we knew that to scale our business from a few hundred million dollars to $1 billion or $2 billion, we needed to scale and put some of the things in place. That's why we brought in a strong leader who could do that. So over the past 4 quarters, we have shared with you quarter-by-quarter pretty transparently some of the changes we are making. And we are monitoring the results, the leading indicators and the like from sales enablement to really enlarging our leadership team on the frontline, really providing them better tools and better training on -- better training our reps and as well as tools, so they could really do better inspection on a weekly basis. All those things were big, big steps. We accelerated it and did them in the past 4 quarters. The results you have seen quarter after quarter is kind of -- is a proof of all those things are working. So that's kind of one big piece, but we are not done yet. We see a bigger opportunity. Remo, you can talk with some of the expansion plans further and even the expansion we did last year versus where we are headed next.

Yes. So what we called out on the call, we hired net hires in Q1, over 260. And that compares to 200 in Q4, 150 in Q3 and 100 a quarter before that. Generally speaking, over the...

Remo, across the company -- sorry, across the -- Remo, across the company, not just sales, just to clarify.

Yes. Across the company. And about 60% of those hires were in sales and marketing. That's generally kind of what it's been over the 4 quarters. The head count increase we had on our field quota sales reps was 60% last year. And with the change we made in the leadership -- we put the leadership in place in the first half of last fiscal year. And basically, the field quota sales reps, the vast majority came in, in the second half. We had a record quarter hiring field quota sales reps in Q4. And in Q1, we were comparable to our hires we had in Q4. Also, our sales productivity went up in Q1 and year-over-year. And what's important with that is when you take a look at the amount of hires that we had in the second half of last year and also the new hires we had in Q1, a lot of our reps are still ramping. So it's a positive -- very, very positive sign that we're seeing. And things you're seeing also, as we talked about on our earnings call, we had a record quarter for 7-figure deals, not in Q1, any quarter. And so Q1 typically not as strong because the Q4, people are trying to sell stuff. And so another sign. We're seeing more customers buying both ZIA and ZPA together. As Jay mentioned, this high-30% range, and that's been increasing. So a lot of positive things related to the changes that were made in the sales organization and go-to-market.

And Remo, maybe just to round out that thought, the new product adoption is really picking up steam, gaining a lot of momentum. Now that you are in your fiscal '21, now that you have had an opportunity to reflect back and really digest a lot of the changes from last year. Is there anything that you're doing differently, thinking about differently vis-à-vis pipeline and forecasting? And frankly, any specific incentives to drive the adoption of some of the newer capabilities on the platform?

Yes. So no additional incentives. So the field has a quota, and they're selling what we have. Related to things that I've seen, it just -- we have a process, and we had our go-to-market process. We've refined it. And what we're seeing basically is that things are working, and things are going well. So yes.

Yes. And we are aggressive. We are -- we think we are confident, and we keep on accelerating our investments in sales and marketing.

Yes. On a go-forward basis, the comment, Fatima, is that when we did the earnings call for year-end for July, we said we'd increase our field quota sales reps at a higher number. We didn't talk about percent, substantial higher number than we had in the prior year. In this call here, the comment we made is that we've upped it. So we're actually accelerating our hiring. The key thing is that, from our perspective -- and when you have a SaaS model, it's easy to do a lot of things with, especially when you have 80% gross margin. And there's a lot of levers to pull. And the lever that we have right now that we're pulling because of what we're seeing is we're stepping on the gas. And that is across the board in the entire company. It's not only in the sales organization, it's also R&D. Since our year-end call, we also increased our head count that we're going to do in R&D. It's just that -- we just see a very significant opportunity. And we did 14% operating profitability last quarter, and we hired -- net hire's 260. And so when you have that type of leverage in the model, it's easy to slow things down and get to the high operating profitability free cash flow. Where we are right now, we feel that we have a significant advantage. We have a real opportunity to capture a significant portion of this market, and we're going to -- we're going after it.

That's helpful. And maybe just to round out the discussion and the final question from me. Clearly, there's a big opportunity. But clearly, there are a lot of competitors who are trying to catch up and make noise in the space. Can you give us or share a point or 2 and sort of your observations around how your competitive set has evolved, especially as you've seen the type of growth and momentum you have? And how should investors parse out competitive landscape between the hyperscalers, some of the CDN providers who are making some noise here and even the network infrastructure players that are talking about this intersection of security and networking that you've been preaching for some time?

Network infrastructure players. Who are you thinking about there? Folks like?

Oh, the Ciscos and the VMwares and even the Palo Altos of the world. So just in broad strokes, these categories or vendors, how do you internalize them in the landscape?

Yes. So I think if you look at all the vendors you talk about, they dominate certain areas. And what we have done here, we have taken advantage of the mega shift, which required building a different multi-tenant architecture. Let's talk about some of these areas you talk about. Take CDN providers, right? They sit in front of servers as the marketing servers. So they could really provide content faster pace. Yes, it's natural for them to be able to do DDoS kind of stuff because you're protecting the server. But they don't even sit in front of the users. To sit in front of the users as a proxy architecture to inspect traffic is not a tribute to ask at all because you need to do it without slowing it down. The vendors who actually were able to compete in this area were the vendors who built proxy because for outbound traffic or user traffic, that becomes critical. Remember, you must have seen that folks like Akamai have been trying to be there for the last 5 or 6 years and where they bought a young -- they bought a company in the U.K. based on a proxy architecture, which is good, but it couldn't scale. I'm sure Cloudflare of the world will try to do the same thing. So we're hearing a bunch of noise, but we haven't really seen them in the field. I've yet to see a single deal where we competed with either Cloudflare or with Akamais of the world. So that's kind of one. I think you need to have some core competencies to be able to do certain things. Look at our firewall guys. Firewall has a door. It's meant to protect servers. Their architecture is on. It's a pass-through architecture, great for firewalls, not for inspecting user traffic. I think these guys will make some noise just like -- even Blue Coats than Websense of the world made so much noise that, "We have appliance. We have cloud. We give you everything." What is wrong with that model, with Blue Coat and Websense? They have the right proxy architecture, but they couldn't do multi-tenant. What's wrong with firewall company? They have a wrong architecture to start with for traffic inspection because they're a pass-through architecture, and they're the single tenant. So I think to compete, you have to have the right architecture. Then on the ZPA side, we have 6.5 years of R&D effort to create a true zero trust architecture. And what do the competition have? VPN largely, essentially out there. And then the platform is growing. Now a customer is no longer buying and say, "I want ZIA." The customer now are saying, "I would rather buy platform." There's pricing, there's pressure to consolidate and reduce cost by CIOs. In fact, they are buying bigger platform of Zscaler now than they used to buy before because when the discussion happens with us, they kind of say, "What else can you replace and reduce my cost and simply from the IT." So I think we have a platform that's wide and deep in 4 key areas with some serious technology out there. And we're innovating at a fast pace. But even if someone does build from technology, trying to build technology is tough, especially for traffic inspection and the like for policy enforcement. But running a cloud with five nines of availability in uptime is much, much harder because you have to have responsibility for that. I did not realize when I started Zscaler that I need to really become almost an ISP where we are controlling the routes. Okay. I mean, we have to control routes, how the traffic comes to us. I got 4 service providers connecting the 100-gigabit-per-second connection to a typical large data center. And if one of them has packet losses, we figure out and we route the traffic differently. So the barrier to entry to run a massive cloud is enormous. So I think I'm less worried by these competitors. I'm more focused on execution on sales and marketing because as we can scale it, the way we've shown you over the past 12 months, I think it will be wonderful. That's what we are shooting for.

Well, I appreciate that and a very comprehensive view from both of you, Jay and Remo. So we will cap it there. Thank you, again, gentlemen, for sharing your perspective. It's always a good opportunity to catch up with you. Thank you.

Thank you.

Okay. Bye.

Take care.