Zscaler, Inc. (ZS) Earnings Call Transcript & Summary

Good morning, everyone. Welcome to Zscaler's Virtual Analyst Day. I am Bill Choi, Head of Investor Relations and the host for today's event. It has been nearly 3 years since our IPO, when we shared with you the notion that in the mobile and cloud-first world, users should access the cloud directly without going back to the data center and having security in the cloud. Since then, our vision and the approach has received very strong validation from the market in what Gartner now calls SASE, a secure access service edge, and also ZTNA, a zero trust network access. We believe we're just getting started, and we're very excited about our future. This, we will discuss in the next 3 hours of this analyst meeting. If you look at our agenda here, we have 4 segments. Jay will discuss Zscaler's vision and strategy, then Amit and Patrick will dive deeper into technology and products. After that, we'll take a 5-minute break then continue with Dali and Chris discussing our go-to-market engine. And we'll end the presentations with Remo stepping through our addressable market and financials. If you want to read more about our executives, you can select the speaker bio icon on the bottom of your screen. Now let me discuss today's format. We'll take a few questions after each segment. I will moderate this Q&A session based on your questions, which you can submit on the Q&A window on your screen. Now feel free to submit your questions anytime during the presentation, as this will help us compile the list of questions. I ask that you save your TAM and financial-related questions until after Remo has concluded his final presentation. At that time, we'll move over to a dedicated session for interactive Q&A with all of our executives. Today's presentation contains forward-looking statements. These statements are not guarantees of future performance, but rather are subject to risk and uncertainty. All forward-looking statements are based on information available to us as of today, and we assume no obligation to update these statements to reflect events that occur or circumstances that exist after today. Now I'll turn the session over to Jay Chaudhry, CEO, Chairman and Founder.

Bill, thank you. In the next 20 minutes, I'll give you a high-level view of our vision and strategy for Zero Trust Exchange, the platform we play in. There's so much to cover. It's such a big platform with so many customer engagements. But in the interest of time, I'll move rather fast and highlight a few things. As you know, we pioneered this market. We're a leader in cloud security, especially doing zero trust-based architecture. Let me share with you our audacious goal, which is really to have 200 million users and 100 million workloads done on Zscaler platform. Our innovation is second to none that Amit is going to talk about, and our go-to-market machine to what we've done in the past 12 to 15 months has gotten in very good shape. It's firing on all cylinders. And with our open culture, with exchange of ideas and execution focus and customer focus, it's really becoming a big, big differentiator for us. Now if you look at the stats, some of these numbers, I don't need to go through everything here. But look at the value with our customers, the licenses, by 20 millions on seats, NPS score of 76. I mean, our scale. I mean, there's nobody who comes close to handling that type of transaction volume, 150 billion, some 7 billion security -- essentially, incidents or security tracks that we block every day. Small number of tickets for such a big volume that we end up doing. Very, very proud of that. And the third area is looking at growth numbers. Remo will talk a lot of those later. So I won't spend time on it, but in saying exceptionally, good numbers, billing side, revenue side, NRR in all areas. So with that, our overall mission, making cloud a safe place to do business and enjoyable for users. And they do this by securely connecting any user to any applications or application to application or even device-to-device type of stuff with zero trust being the center. It's the opposite of traditional network security architecture, which actually slows things down, which really is expensive and slow. All right. Now let's see. One second here. So audacious goal: 200 million users plus 100 million workloads. We've done a fair amount of work in this area, looking at where we are, where we need to go. With 20-plus million users today, we're just getting started. Our opportunity to grow falls in many areas. It starts with lots of new customers. We've got about 25%, just under 25% of Global 2000 and lots of upsell opportunities. We've got a big platform and a lot more functionality being added, not just features, but many new areas being added. And then they are expanding into new markets as well. We are going into -- we're also -- sorry -- let's say, we are going downmarket in some of these areas, and this downmarket for smaller enterprises, in addition to what we're doing for the federal market expansion and new markets like Japan for us. There are multiple tailwinds that had been helping Zscaler. We started up very early on, leveraging Internet. Network transformation, going direct to the Internet, has played a big role for us what, from any view, has been a big tailwind that will last for a long time. In addition, you've got public cloud migration applications. And IoT/OT is just beginning. And guess what, 5G. We're excited about the work we're doing with 5G. We think it can bring the further next level of disruption to make a big difference for companies to be more agile, to be more competitive and a big revenue opportunity for Zscaler. I'm going to give you my view of our strategic objectives, a look at how we look at our objectives to grow our business in 4 buckets. Market leadership. We've run on technology, highly differentiated, helping our customers' operational excellence because the cloud has to run -- cloud must run well. And then we've got ability to attract good talent and develop good talents. I'm going to dig into each of the 4 areas now. Leadership. Well, look at this chart. I don't recall having seen a Magic Quadrant chart where you are the only leader. And for us, it's not just the leader in a year. It's the tenth year in a row. I mean, it's taken a while, and the Secure Web Gateway by Magic Quadrant is not just about a small piece of web filtering or what some legacy vendors try to downplay it by calling it URL filter. It is the whole suite of offerings from Secure Web Gateway to CASB to zero trust, fiber as a service, browser isolation. It has expanded. It is the Magic Quadrant when it comes to going direct over the Internet. And by the way, many times, I get asked questions about legacy firewall being competing us in this area. Look at the Gartner side. They decided not to include any firewall vendors because to do proper content inspection for security, you must have a proxy architecture. Hopefully, that answers many of the questions where people think that firewalls are a good Secure Web Gateway. Our market leadership, you've seen our presence in some of the largest customers across all countries, the largest number of locations, like 30,000 with LDS Church, 1.3 million users with MCNC, an amazing amount of traffic like 2 petabytes with Office 365. And leaders... [Technical Difficulties] Bill, you can't hear me anymore? Hold on. We can hear you now. All right. You're back. Thank you. Good. So back to the diagram ahead. The users are getting extended all over. And guess what, if one user gets infected, the entire network can get infected because it's a flat network. Flat networks are dangerous. And then all these applications that are facing the Internet, those are dangerous things, too, because they can be discovered, they can be attacked. This is the state of security and networking today. No wonder all these companies are getting compromised. And I'm sure there'll be lots of questions on SolarWinds. Yes, SolarWinds came through a pretty sophisticated supply chain attack, but how does it spread in the company? Well, through a flat network. So in the Zscaler world with zero trust, we have a fundamentally different design. We don't secure the network. We are about securing users and applications because data sits with them. It's all about securing data. So what are the design principles with Zscaler? Well, number one, you treat applications as destination. Your data center, nothing but a destination. Your users are not on your network. So when your users need to go and access applications, they go over the Internet and they go through our switchboard. And once we validate them, once we apply a policy, we connect the right user to right application and right service, period. It's that simple. It's -- so in this approach, your applications are hidden behind Zscaler switchboard. They're not exposed, they cannot be discovered and they cannot be attacked. And there's no lateral movement because you don't have a massive flat network. So in this new world, you don't really have to have a network other than your network sitting in your data center, maybe in the headquarters and the like, but Internet is becoming your corporate network. This is the biggest difference that Zscaler brings. So it is -- so Zscaler architecture compared to legacy network security vendors is like trying to compare Tesla with internal combustion engine cars. Of course, both can take you from place A to place B, but that's where the similarity ends. And I don't think I need to say any more about this. So with our platform, the technology innovations we are driving is about securely connecting anything to anything. The 4 key areas of functionality, you are pretty familiar with Zscaler Internet Access and Zscaler Private Access. And then last year, we launched Zscaler Digital Experience to figure out user experience. And these 3 things together are empowering our users and they're also securing. The fourth area we expanded, we announced at Zenith Live last month, was Zscaler Cloud Protection. This is extending our zero trust from user to application to app to app, cloud to cloud, machine to machine and more, very exciting area. Touching base on go to market. Dali is going to cover a lot more about it, but we are starting with thought leadership. When you've got disruptive transformational solutions, you just can't say, "Oh, there are so many of these." We work with customers at the C-level, we land through consultative sales to architecture, workshops. Then as we're working closely with our customers hand-in-hand, we are able to expand, again concentrated showing ROI and business value to our customers. No wonder our customers love us, and I touched base on NPS score of 76, where the score of an -- every SaaS company is 30. The third area, operational excellence. I have said before, building technology like Zscaler from a clean slate was a massive piece of work. But running and operating a cloud with 150 million -- sorry 150 billion transactions a day is no trivial task at all. It also gives you some big benefits of security effect, just like networking effect; renewable energy, which is we are committed to; and an architecture that can scale like we had to scale last year. I mean this is a big, big barrier to entry for anyone. The fourth area I talked about, attracting and developing talent. I very much know that for us to grow with such a great technology and such a great sales execution, we got to be able to keep on hiring the best of the best. And the core values we have been using for quite a while have been -- have become extremely important for hiring and retaining our talent. And this is ranging from customer obsession to open communication to teamwork, innovation and passion. And diversity and global workforce is an extremely important measure for us as well. Culture. Making sure we are totally focused on customers, customers come to us. And I just came from a meeting with CIO and CTO, and just starting this because customers are extremely important for us. Diversity and inclusion, because diverse backgrounds bring new, innovative, great thinking. And hiring talent is not enough, developing them, promoting them, being able to work with them, are all priorities, and we have a number of programs put in place in the company to make sure it happens, it happens well. What's the proof of the work we are doing in this area well? Well, whether you read Great Places to Work surveys or you look at Glassdoor ratings or you look at employee engagement surveys of Zscaler, the numbers are fantastic. Our employee engagement, 87% overall satisfaction, far better than most of the companies I know of. The Glassdoor ratings of Zscaler, look at it. I mean you can compare the whole range of companies. We picked a few samples along with it. We're very proud of our overall rating as a company. And then you see a few other areas that are listed in this table. Our customers have a very positive view of the company. Even compensation, they feel we are paying them well, and they recommend Zscaler far more than any of the large other companies out there. We are very much a global company from day 1. I started as a global company. That's why some 50% revenue for Zscaler comes from outside the U.S. We follow the sun model for R&D, for customer support as well as sales operations. So with global presence, we have reach to global talent rather than being tied to The Valley and a few big cities. It is a strategic advantage for us. All right. Let me finish my last slide, and we can get into Q&A. If I were to summarize why we are very -- why we're so confident to really pursue an audacious goal that we put forward, it's because market is moving to the kind of zero trust technology we built from day 1, and we have lots of customer. It's a proven model. It's not something new and could be brought in. Our positioning, where are we sitting in the traffic path, we can add more and more services around it. Our scale, our cloud effect is so proven. It would be very hard for someone else to be able to come and do what we do. What we've done with go-to-market to take it from here to here in the past 15 months is remarkable. I'm very proud of it. I talk about culture. We are driving our great teams, great people. And our balance sheet, our unit economics because the right architecture, all that stuff is giving us some very good advantage. I feel very comfortable, very bullish about being positioned for success. With that, Bill, over to you.

Okay. So first, I want to apologize for some technical difficulties we had. We lost Jay for about a minute or 2 when he was going over the legacy architecture and the flat network and the vulnerability there. But we received a question here that will allow us to answer part of this. This is regarding SolarWinds, Jay. But the question is, SolarWinds was a supply chain hack. How would a zero trust solution like the network security help in this situation?

That's right. SolarWinds has been one of the most sophisticated supply chain attack. That means it went in through supply chain, right? So in that case, yes, something like a ZIA would have bypassed it. But once it had gotten there, how does it spread? First of all, if you got a flat network, you could be really in trouble. So being able to connect to applications only through Zscaler exchange will limit where all this can go, okay? That's number one. Number two, in almost all cases, when breaches happen, data ex filtration goes to the Internet. It has to get back home to some command and control center. If your Internet-bound traffic goes through our ZIA exchange, and if you turn on SSL inspection and you're doing data loss prevention, we can stop all of that. So it's a -- we probably have better protection than anybody else in this area. So doing zero trust is the #1 thing you can do. Obviously, for zero trust, identity plays a big role. That's why we integrated identity to our zero trust. And one last thing. When we have all logs of any application or any process talking to any other application or process, this turns up analytics using machine learning we are doing. And we'll be doing more and more of it to make sure that any unusual behavior can be caught. Even if someone gets in, unusual behavior is one indicator that people are trying to do things they shouldn't be doing.

Great. We also have another question that's oriented with SolarWinds. The question is can you talk about any changes in the tone of your conversations with customers since the SolarWinds breach?

A lot. We think this is one of the biggest things. Maybe this has caused bigger impact than the Target breach several years ago. Target breach shook things up. That's the first time when C-level, even the CIO got fired. Here, every customer is shaken up. I have reached and I talked to many customers. We have about 6-plus dozen meetings lined up with CISOs of some of the largest companies who want to talk to us to make sure they have taken all the right precautions and steps in place. We know that. They know that we are actually the switchboard to go in and out to some, making sure the posture and all that stuff is set up, right? That's number one. Number two, we're seeing really the push for zero trust becoming bigger and bigger. And in the past 1 year, I've seen a lot more awareness and understanding of zero trust deployment. And that's really our core strategy. When I talk to C-level, about 7 out of 10 bring up the notion. When I ask them what are your key priorities, zero trust comes up without asking them for it.

Great. Next question, regarding your audacious goals. What are the big heavy lifting needed to get to that 200 million users and 100 million workloads? And when could you potentially achieve that?

Yes. So first of all, we're seeing great success so far. One of the big motivation behind this audacious goal was to align the entire company from development to sales and all towards one goal. So we're all -- we are all rightly walking towards the same goal together. That's number one. Number two, really to get to this goal, if you look at our overall market sizes overall, Remo is going to walk through some of the data, when you find that all the market that's available, this audacious goal is not actually overly, overly audacious. It's -- we thought through it quite a bit. Then so to get to goal, you start with do you have the market? Remo will walk through the numbers. I would say, yes, we do. Number two, do you have a real platform, an offering that really can get you there? Very comfortable with what we have and how rapidly we're building. And three, do you really have a sales machinery, your go-to-market machine that can execute it? We're very happy with that. And sorry, there's one more, can you support your customers? Can your cloud scale to deliver the service? Because it's not a matter of shipping a box and you're done. We're very good in that area as well. So very happy and excited.

Great. Another question is, if the opportunity can be as big as you say, that will surely attract a lot of new competitors to this market. Are there any or -- potentially, it could draw competition from the big public cloud companies. What are your thoughts about that competition?

Yes. A good question. Look, every vendor tries to figure out where all they can go or where all they should go. But the success depends, number one, on the core competencies of the company. Big cloud providers have core competencies in building big cloud application, development, SaaS and the like. Our core competency is in being the switchboard, exchange, connecting things to things after inspection. So I would say we've got a big advantage in the core competency. That's number one. Number two, every customer has multi-cloud strategy. We are the switch element that connects very well to all of those partners. It's similar to like databases. Azure has databases, AWS has databases, Google has databases. But a company like Snowflake, being able to say, I can really provide you the service, irrespective where you run, I think pretty well positioned as an independent security company. That's number two. There's one more. Yes, big companies can sell some of the security services. But I have talked to many customers who had told me that they were not -- they don't feel comfortable in a hen watching -- sorry, a fox watching the henhouse, okay? They want independence between the application and data provider and the security provider. So we believe we are well positioned to grow and succeed in this market well.

Okay. Can you give us an update on your hiring progress and give us a sense of how difficult or easy the hiring environment for Zscaler is today compared to 6 months ago?

I made a comment during our last earnings call that Zscaler has become a top destination for top talent, okay? And that's because of several reasons. One, our approach to hiring, training our leaders to go through a proper process has become much better. So we are doing a good job in recruiting, interviewing, hiring, all of those things. Number two, our brand awareness has gone up quite a bit. And customers love us. I've talked to so many candidates. He said, "I really stuck with Zscaler after talking to the CIO, who said Zscaler is a great place. It's a great company with great services." So we are tracking our aggressive hiring plan for fiscal '21 very well. In fact, we had increased our hiring plan twice since the start of the year so because we feel bullish about the opportunity. And Remo and I have said many times, we will pursue aggressively the market opportunity in front of us. So top line is very important for us, though Remo and I both are very mindful of the bottom line all the time.

Okay. You talked about 5G being a big revenue opportunity for Zscaler. When do you think it would be material for Zscaler?

I believe in going after opportunity that disrupt incumbents. I think 5G will bring next level big incumbency. We got some serious work going in this area, but I'm used to investing in the long run rather than looking for investing in something to give me revenue in 6 months. I look at offerings, just like a pharma company looks at his drug pipeline. There's growth engine A, growth engine B, then there's something in trial and something in just research. So keeping the pipeline this way is how I look at it. I think 5G will take time. It will come, in certain areas, fast. And -- but we will be there to educate the market starting now. And revenue will come. I'm not worried about the product areas. While I want to build more, I -- we've got so many offerings on our platform today to grow our revenue multi-fold. So we'll keep on investing in the long term while driving sales in the short term with a lot of offerings we already have on the plate.

What do you think is still the single biggest investor or analyst misconception regarding Zscaler's multiyear opportunity?

It surprises me that after all the discussions we have, they still compare us with network security vendors. I tried to talk about DVD players and Netflix and Tesla versus others. When things are architecturally different, you can't just add on some features and make it up. You need to start with a clean slate. I think that's the biggest advantage we have and biggest misconception really.

Wonderful. All right. There are a lot of questions in the Q&A box. But as we mentioned, we'll have dedicated time for Q&A at the end of our presentations. I know we've had, like I said, the technical difficulties here. We will have replay video within several hours. Also, the presentations will be made available on our IR website once we're all done. So next, we'll move on to discuss architectural differentiation and new products. Our speaker will be Amit Sinha, President and CTO; and Patrick Foxhoven, Head of Emerging Technologies and CIO. Interestingly, Amit and Patrick have been both with Zscaler for over 10 years and -- at this point and lead the innovation engine that's powering our results and competitive moats. So with that introduction, I'll hand over to Amit.

I hope you can hear me. So I wanted to spend the next 20 minutes taking you through our technology and platform differentiation. And some of the key messages I want to drive is, one, how we've built a scalable global platform and it has a significant barrier to entry. And on that platform, we are delivering rapid innovations because it's really extensible. Over the years, it's grown. And now we have unparalleled security and visibility with the vast amounts of data that's fueling our AI and ML engines and also delivering cloud effect. The bigger the platform gets, the smarter it gets. And then finally, as we grow the platform, we get strong economies of scale with lower support and operations cost, and we'll dive into some of these topics. So Jay shared our overall data center map in one of his slides, and I wanted to reiterate some of the salient points there. We've built this platform across 150-plus data centers, and it's not built on any single service provider. We choose the best data centers that serve any geography. We bring in the best transit providers and Internet exchange connections that provide the best connectivity options for customers in that region. The cloud has grown, and we now are at north of 150 billion transactions per day. 5% of those transactions, approximately 7 billion, have policy and security issues that we stop and protect our customers with. And the cloud is getting smarter at a very rapid rate. It gets about 200,000 unique security updates on a daily basis. We provide strong SLAs for our service at 99.999%, and I'm very proud that 75% of our platform now runs on renewable energy. Over time, we've added a lot of security hardening to the platform, and there's no compression algorithm for experience. We've gone through a lot of operational compliance, both for the platform as well as how we run it. We're now FIPS compliant, ISO 27001, FedRAMP, SOC 2 and many other regular regulatory requirements have been met. To put 150 billion transactions in perspective, I thought it's important to put it on Internet scale. Here, you're seeing a simple graph, and they're not apples to apples, but it'll give you an idea of the scale at which we are operating. There are about 700 million tweets on Twitter on a daily basis. Maybe that number is a little down since our President was banned. On YouTube, we have about 6.9 million daily views. Google, it's estimated, does about 7 billion searches daily. And that's 150 billion transactions per day on that same scale. So we are operating at a massive scale, and it takes a really scalable platform to be able to deliver this. So let's talk about how we have grown to 150 billion. This graph that shows what I call the Moore's Law for Zscaler. We've been doubling our transaction rate in terms of usage about every 20 months or so. And the reason we are able to sustain this growth is because of our core multi-tenant architecture. It's designed to scale the business. When we add 500 gigabits per second of capacity in Chicago, all 4,500-plus customers can benefit from it. Think of it as building a high-speed rail versus customers in individual cars. So the multi-tenant architecture is the core of this growth engine that allows us to scale with demand. It is also globally fault tolerant. As I mentioned, we're not using any single provider. The platform proved this elasticity during COVID-19. Between January and March of last year, we had a 10x surge in ZPA traffic, and the platform handled it beautifully. And over time, we've added a lot of engineering into the platform to allow it to scale both horizontally as well as vertically. One very important distinction between how we built this platform and how some of our legacy competitors try to achieve this is the fact that we are not -- we're not built on any one service provider. We're not built -- we have not built this platform on AWS or GCP. Zscaler service is fundamentally destination-neutral and built as an edge cloud service. So let me explain how that works. Our users, our workloads can be anywhere in the world, and they can connect to the nearest of the 150 Zscaler data centers. For example, if a user wants to go to Office 365, they come to the nearest Zscaler data center. We peer with Microsoft directly in most of the sites worldwide, and they get a straight path to the destination, Office 365 in this case. Legacy competitors try to take their firewalls, for example, virtualize it, run it in GCP. And here's what happens when you try to connect to Office 365. You connect to Google. You go deep into Google's core to run your virtual machine, come out, then go to Microsoft to access the destination. As you can see, building a Zero Trust Exchange requires you to be fundamentally destination-neutral, and it has to be built as an edge cloud service with complete compute capabilities available in every location and not just some of the core compute regions that service providers like Google and Amazon give you. I mentioned that all our data centers now are striving towards renewable energy. This is the latest snapshot. About 76% of all transactions we processed last week were based and powered by renewable energy. And our mission is to get this to 90-plus percent by 2025. Not only do customers get global protection, they also can dramatically reduce their carbon footprint. The fact that the data centers themselves are green is one thing. The other important factor to remember is the multi-tenancy and our high-performance software gives 10x efficiency to the processing that we do, which dramatically reduces their carbon footprint compared to providing this service based on legacy appliances. Over the past decade-plus, we've shown a rapid history of innovations. Pretty much every year, we've launched what I would call a full company on the platform. We launched the first multi-tenant platform back in 2008, and since then, we've added DLP, SSO capabilities, in-line CASB, cloud sandbox, firewall and DNS security. In 2016, we launched Zscaler Private Access. We added Microsoft integrations. We've started doing significant things with AI/ML and enabling our partner ecosystem. We've added browser isolation, API-based CASB, Zscaler B2B. And last year, we launched Zscaler Digital Experience and Cloud Protection. So it kind of shows how extensible the core platform is and all of this while we've been going through that exponential growth that I showed. We achieved 1 billion transactions per day in 2011, 10 billion in 2014, 50 billion in 2018 around the time of our IPO, and we are operating at 150 billion transactions per day. You can see all the accolades and some of the milestones we achieved during this journey. We became a visionary in the Gartner Magic Quadrant in 2010. And fast forward to 2020, we were the only leader in the Gartner Magic Quadrant. Along the way, we became ISO 27001 compliant. And in 2019, we achieved FedRAMP compliance, which is extremely rigorous and shows the operational maturity that we've obtained. One of the questions that people often ask me is how extensive is the Zscaler platform. And I wanted to show how much IP we have created and how easy it is for us to add new IP to the core platform, which is extremely extensible in volume. So if you look at the lines of code, this is kind of a good sense of how much IP has been created. We're sitting at about 10 million lines of code. To put that in perspective, 10 millions of lines of code, what is that? Well, if you look at the Mars Rover project, there was about 5 million lines of code. Linux 2.6 was about 5.2 million lines of code. So a massive amount of IP has been created. We've now filed over 200 patents that have been granted or pending. But if you look at how we've grown the service, the core platform is about 2 million lines of code. When we added Zscaler Internet Access use cases and services on top of it, that was another 4 million lines of code. But then to add ZPA, the amount of work that we had to do was lesser because it leveraged a lot of platform components. Similarly, by the time you had ZCP and ZDX, you can see the amount of extra work on the platform keeps going down because newer products are leveraging a lot of the IP that the platform already provides. I wanted to spend some time and give you a little more color on the breadth and depth of the Zscaler platform. You're all familiar with Zscaler Internet Access. That was a core platform we launched. And it provides a lot of use cases. It sits between users, workloads and public Internet destinations, making sure nothing bad comes in, nothing good leaks out through that Zero Trust Exchange. And the use cases that we are able to provide are threat prevention, full native SSL scanning capabilities, cloud sandbox, DNS security. We provide complete access control capabilities through our cloud firewall. Users can optimize bandwidth. They can prioritize, for example, Office 365, and make sure that YouTube and streaming media are not affecting office productivity. Similarly, on the data protection side, we've added a lot of capabilities on DLP, on CASB using both in-line and API-based controls, and we recently added browser isolation capabilities to the platform as well. In 2016, we launched Zscaler Private Access, and that allows our customers to connect to private applications using a zero trust architecture. And in the process, we eliminate a lot of the legacy solutions, where there are traditional VPNs, firewalls, DDOS prevention and network segmentation things that have to be done in the old way of accessing internal applications. ZPA also provides smart capabilities like load balancing, app discovery and app health monitoring. And we are also integrating browser isolation capabilities. Recently, we launched private service edge with ZPA that simplifies access in a site survival way. Our customers came back and said, "You're sitting in between all our users, workloads and destinations." In this distributed world where we don't control the end point, we don't control the network, the user might be at home coming over a Comcast connection to a mission-critical application like Office 365. When problems arise, where do we -- where are the problems, right? And ZDX is the perfect solution for it, and we're getting a lot of traction. It gives you hop-by-hop network analytics. It can tell you if there is a problem on the end point. Maybe it's your WiFi. Maybe you had an update and you're having CPU issues. It can also monitor the response times, if you have critical apps, whether it's Zoom, whether it's Office 365 or whether it's an internal application. And then finally, last year, at Zenith Live, we launched Zscaler Cloud Protection. And this is a massive new area of investment for us, and Patrick is going to give you a deeper view of the capabilities around ZCP. One important point I want to emphasize is our Zscaler Client Connector, which provides a footprint for us to land and expand. It is a single end point that supports ZIA, ZPA as well as ZDX. It eliminates multiple different agents that IT had to manage for firewall and VPN access, for example. Today, ZCC, Zscaler Client Connector, runs on over 70 million devices. It works seamlessly on all platforms, Windows, Mac, Linux, iOS, Android. And it provides easy land-and-expand capabilities. Customers might start off with ZIA. If they deploy ZPA, it's just a license that they need to enable. They don't need to roll out a new end point, which can be a friction point for deployment teams. And then it's extremely lightweight and extensible using a SASE concept where you keep the end point light. You don't reduce performance on the end point, and you do all the heavy lifting in the cloud. ZCC is becoming very, very central to our overall platform. Another question that comes up is once you've done all of this, once you've deployed and embraced zero trust, what is the real security benefit. And probably the best way I've seen this characterized is by National Oilwell Varco. It's a Fortune 100 oil and gas company. And the way we measured security effectiveness within IT was to see the number of computers that got infected and IT had to reimage them. Before they deployed Zscaler, on an average, NOV IT had to reimage anywhere from 50 to 200-plus machines every month. And you can see as soon as they deployed Zscaler, the number of machines pretty much vanished, and there were little or no infections. There were a few 1Z, 2Z infections, and they were around new locations that were added or devices that weren't fully enrolled into the service. Another area of significant investment for us is leveraging the big data that Zscaler has amassed. 150 billion transactions is a staggering amount of data. This is metadata. It tells us where a user or workload is connecting from, what type of location, what type of IT, et cetera. And we're able to leverage that to solve very important security and usability use cases for our customers. Example, we are able to use big data to improve our security capabilities. We offer smart quarantine and zero-day malware detection. Once you've seen millions of ransomware strains, you should be able to predict when a new ransomware strain shows up, even if you don't have signatures for it. We are using machine learning for content classification. A new website shows up, and you don't know what category it belongs to, and we're able to leverage our machine learning capabilities to do that dynamic content classification. Similarly, we are using content classification to auto-segment workloads and apps. It's very common for us to see millions of different apps pop up, and to manage them becomes complex if you don't use machine learning capabilities. We're able to leverage machine learning and our big data to detect anomalies. Maybe a user simultaneously shows up in 2 locations, which is impossible. Similarly, you might have app and user anomalies that are lurking that machine learning is very effective at detecting. And finally, we're using machine learning in ZDX to improve end-user experience, find out root cause, look at correlations. Maybe a particular location in the world is having a systematic problem. Maybe a group of users that have a certain type of an app is having a correlated set of problems. Our customers want to compare themselves to peers. And all of these are powered by our machine learning capabilities. The other data point I wanted to share with you is the number of points per day. We talk a lot about transactions. Transactions is the metadata. Think of points per day as statistics. For every user, we are collecting thousands of statistics, the number of times they went to a particular destination, for example. For every workload, we are collecting thousands of statistics every second. And that results in just north of 300 trillion points per day. That's a massive amount of information. With 300 trillion points per day, we can fire up anomaly engines that can give you very detailed assessment of anomalies by user, by location, by workload, by -- across countries, compare them to different organizations in the same peer group, et cetera. One other interesting point I want to share is the efficiency of the software stack we've built. There have been many cases where Zscaler has replaced high-performance legacy appliance solutions. And one good metric to remember is the power of our software delivers about 10x efficiency. In fact, if you look at some of our deployments, we've taken a rack full of 10U appliances and replaced it with what would be an equivalent of one 1U worth of Zscaler hardware. And the reason for that is, again, the relentless engineering, and true to our name, Zscaler, we've been scaling the capabilities of what our platform can do, both horizontally as well as vertically. And this is showing you the vertical scale capabilities that we've delivered from 1U worth of server capacity. Back in 2013, if we were doing 1x of unit processing, architecturally, we have refined it with multi-instances with load balances with active-active load balancers. And the same 1U can now deliver 12x of processing capabilities just by the sheer power of Zscaler software. And that directly translates to our gross margin and COGS strength that we have talked about in the past. And finally, let's talk about supporting the platform. The graph on the left shows our quarterly transaction volume. And you can see that it is following that Moore's Law, growing exponentially. But what is interesting is while those transactions have grown through the platform, we've been able to reduce our unit economics when it comes to supporting. And the graph on the right is showing the number of support tickets for 1 billion transactions in any quarter. You can see a while back, we were at 7 tickets per 1 billion transaction. And now we are at about 2.7 tickets per billion transaction. And that results in 2 things. One, our higher NPS score. You have lesser problems because the platform has become mature and robust. And number two, it drives down the cost of supporting as our customer base grows. So hopefully, that gave you some insights. I wanted to reiterate the key messages. We have built this massive, scalable global platform. There's no compression algorithm for experience, for architecture, and it offers a significant barrier to entry for folks who try to replicate what we've done. You've seen the pace of innovation, the extensibility of the platform. You've seen the unparalleled security and visibility with the vast amounts of data that we now use to power our AI and ML engines. And then you've seen a little bit of the economies of scale, how the platform is getting more efficient, more cost effective, from a support and operations perspective as we continue to grow. With that, I'd like to hand over to Patrick Foxhoven, EVP of Emerging Technologies and our CIO. Patrick is going to give you a deeper view of Zscaler Cloud Protection. Patrick, over to you.

Thank you very much, Amit. So we wanted to give you just a quick 10-minute deep dive into the newest area of our platform like Amit gave a good introduction to, what we're calling Zscaler Cloud Protection. And let me kind of set the stage. If you think about the origins of Zscaler and the history of how we started, I don't think it's unfair to say that we've pioneered bringing zero trust to what I would call North-South traffic flows, meaning between users and applications or public Internet destinations. We're doing the exact same thing just for kind of an adjacent set of traffic flows. So while ZIA and ZPA have been very focused on north-south traffic, what we're doing in cloud protection is extending the same principles of zero trust to East-West traffic flows. So that's not users to applications, but machine to machine, server to server, East-West traffic flows, workload to workload. The reason why making that comparison is because while it's a new area for us to go into, the underlying principles of doing Zero Trust Exchange that we're characterizing on the right are exactly the same. How you scale an offering, how you secure it, all the underlying foundational points of North-South or East-West traffic flows, applying a Zero Trust Exchange to remain the same. So while it is a newer area for us, we've actually already addressed the foundation required to be able to tackle some of these solutions. So let me give you a deeper view of there's -- under the cloud protection umbrella, there's 3 key parts to the solution today. The first one is on the top left. And this is what the industry calls cloud security posture management or CSPM. This is all about addressing the proper configuration or compliance of when you deploy workloads to the cloud. I'll go a step deeper there in a moment, but that's one piece of the pillar. The second piece is the underlying communication itself. When you're talking about providing security for the workloads, how that communication occurs is very important. And so this is getting into not the configuration or governance of the environment but then getting into the real-time or runtime protection of communication between different workload components. And that can be whether it's going from one app to another app or from a cloud provider to a cloud provider or even that cloud workload environment to the Internet. So this touches on actually a couple of different parts of our platform, which I depicted down at the bottom. This is not only our core ZIA and ZPA offerings but then new components like what we're calling a Zscaler Cloud Connector, which I'll provide an overview here in a moment of as well. And then last but not least, the third part of our cloud protection package is doing workload segmentation itself, so taking the zero trust concepts that you're probably familiar with from North-South traffic flows, keeping a user off the network, but doing the same exact kind of extreme segmentation to the actual workload payloads themselves and how they communicate, and we'll go deeper there in a moment as well. So these 3 pillars are kind of what make up the Zscaler Cloud Protection solution overall. And it's -- at the end of the day, comparing it to ZIA and ZPA, this is all about securing users to application access without exposing things. I don't think it's very debatable that this momentum or this trend is here and is only accelerating. Just like in the ZIA and ZPA offerings, the advent of users working across all kinds of devices, all over the -- from any location, the same kind of megatrend is happening to how workloads happen, which is, in essence, saying a lot of applications are moving from the company-owned data centers to the cloud providers, to the IS providers. And there's a quote here at the bottom that I think is quite good from Gartner, which is -- they make a very bold claim that say, almost 90 -- almost every company on the planet will have at least some form of multi-cloud deployments hosting their applications. They say 98% by the end of 2021, which is quite a bold prediction. But I think it's true, it's here and that it's happening. When companies migrate their resources to the cloud, one of the benefits of the cloud is to have simplicity, but what's unfortunately happening is it's actually introducing -- the reality of these migrations is introducing a lot of complexity. And let me walk you through what this looks like. So you don't want all your resources or all your applications running in one data center or one provider. So you do multi-cloud deployments inherently. And to do a deployment within even a single cloud provider, right, you need to be in multi-region. And you also have to be within a region, go across different availability zones or individual locations. So what that looks like on the right, we're not trying to make too much of an eye chart here. But let's say, it's an organization that is large, and they're running in AWS and Azure, they're going to likely deploy a work loading in usually 3, 4 different regions to start with. So that's times 2 for each provider's environment. And then in those regions, those map out to individual locations. You probably want to do at least 4 locations within a region for availability. So it starts to introduce a lot of complexity, and I'm going to depict this in showing how organizations choose to secure those environments today. And the high level theme of this slide is, I think the big challenge is organizations are taking the same principles of how you would deploy an application in a company-owned data center and what that network model and architecture would look like. And they're trying to apply the same building blocks or concepts in an IaaS environment, and it doesn't make a lot of sense, and let me show you why. So if you recall that last slide with all the different availability zones and regions and multi-cloud provider deployments, you zoom into one in terms of what they look like. It's usually -- in this case, I'm showing an AWS availability zone. You've got a VPC where one workload is running. And if you're doing extreme segmentation. Often, you'll firewall everything within that VPC from anything else. If you've got another workload, you often will deploy that across multiple different VPCs. As that grows, you have to introduce these concepts of adding things like transit gateways. And then as you have traffic coming in or out of this environment, you'll create an outbound VPC that secures these workloads as they go out to the Internet. Often, another pair of firewalls get deployed there because it's shared among all. Same thing happens when users need to come in. You have an inbound VPC that's in front of these transit gateways to allow people to come into where the workloads are running. You've got, obviously, multi-cloud provider deployments where you may need applications or resources in AWS, talk to Azure or talk to the corporate data center. And so there's often this concept of bidirectional or side-to-site VPN VPCs that get introduced. And then because you have all this complexity and complications, you have to have a management layer to orchestrate simple things like all those firewalls that you deploy in these VPCs as well as just keep sanity around this overall network architecture. This comes at a lot of expense and complexity. And what often happens is we'll see things like workloads get deployed in these environments. And because the barriers of that happening are very low, you can substantiate these things very quickly. Sometimes, DevOps even circumvents corporate security policies, and we've seen not just the cost and complexity be a concern but also how high risk this kind of an architecture is. So let me extrapolate that even further in terms of how complicated it is and depict what that network looks like. You'll see this diagram on the right looks an awful lot like what a traditional MPLS or corporate hub-and-spoke environment looks like. You have an any-to-any like connectivity model because the principles are secure the network where the applications are running, which means you have to extend the network to where they are and also extend the network for the users to get access to them. And that is quite crazy, in my mind, because this comes with a lot of risks. This is, one, a huge attack surface. Everywhere that you have a firewall deployed and listening, it's potentially a point of entry to this environment. And we've all seen lateral threat movement being such a huge risk. The model on the right is more or less a flat network, which is a bunch of firewalls with access control policies, but there's still attack surface there, and there's still risk, especially as things get misconfigured or overly permissive in terms of what they're allowing. So our approach to this kind of craziness is to simplify it, meaning extend the attributes of our Zero Trust Exchange and deploy what we're calling cloud connectors. Those are the little blue Zscaler clouds that run within the VPCs. You deploy a cloud connector or two for redundancy. And you can completely dissolve that transit gateway, all those different VPCs for traffic coming in and out scrubbing. You can replace that with what we're already doing today. We're already -- customers already are deploying us in this manner even before we have the cloud connectors, where they have a workload environment and it needs to connect to the Internet, have them go through our ZIA offering and get the full security stack capabilities of that traffic to secure it as it goes out to the Internet. We're obviously already often providing inbound access from a user coming into the private applications with our ZPA offerings. And a newer area is leveraging these cloud connectors that we have and allowing traffic flows to be not just North-South or user to app, but server to server, site to site, cloud workload to cloud workload. That's what we're depicting on the bottom with those new cloud icons as well is we've got these cloud connectors. So while it's a new area, it's leveraging a massive foundation that we're doing already. And we're already doing this in a lot of cases already. So we're extending the biggest new areas, cloud connectors, and governance with CSPM and so forth. So if I show you the same model depicted in terms of what the network looks like, getting rid of all the spaghetti lines that you saw on the prior slide, the principles around what we do here is all about securing users and data with the Zero Trust Exchange. You're not securing the network. You'll see there's not really a network here. If you believe the Internet is becoming the new corporate network, that's why we're not depicting any flat network anymore. It's users, devices, locations, things that have outbound connections to us. And then we are providing as a service the capability that they were trying to replicate on their own in the traditional ways. And when you embrace a model like this, you're dramatically minimizing the attack surface. It can become completely dark or invisible, so to say, when you truly embrace this kind of an architectural model. And as a result, because there is no network, there's a massive reduction in risk of traffic moving laterally within this environment. So with my last slide, just to kind of solidify what we're doing in our cloud protection capabilities. You'll see that I'm drawing out, at the bottom, our ZPA offering is securing users going into where the cloud workloads are running. In the top right, number two, we're securing communication or traffic flows to the data center. We're also securing data center-to-data center, site-to-site cloud communications with our ZPA offerings. And then fourth, when you have workloads in there and they go out to the Internet, we're using our ZIA offerings to secure that as it goes out. So this is -- I think the reason why we made this a fourth pillar of our platform is it's rounding out a very holistic, good approach to delivering zero trust-style solutions to not just users but to workloads. And so with that, I think I'm going to hand it back to Bill for Q&A.

Okay. Wonderful. So a bunch of questions here. Why don't we start with you first, Patrick? With workload communication, how and where does the customer start with deployment?

Sure. Yes. So one thing that's important is the customers that we're targeting to start with workload communication are likely already ZIA, ZPA customers. They understand us already. They may have already been deploying, like I mentioned, these workloads that they've moved out to an AWS or Azure of the world. They might have already created tunnels there and had that go through our ZIA policy engine to do all the security capability that we do in ZIA. What ends up being a little bit new is in the use case of when it's a data center going to the cloud, rather than having a dedicated link, you're introducing the traffic going through our Zero Trust Exchange. So there's a little bit of plumbing, deploying the cloud connectors in those environments and introducing that. But this is all about extending their existing solution to what we're doing and showing how simplified things can become. I'd also add that it's not a -- it doesn't have to be a boil-the-ocean approach. You can selectively introduce a workload. You don't have to replace everything overnight at once.

Okay. And...

Yes, so Bill, it's Jay, if I may add. This is by and large, a new area. Customers are struggling to figure out how to expand their workload. So it's not much of a replacement opportunity. It's an area that's needed badly. It's like when customers would say with ZIA, what part are you replacing. When AutoNation added 360 branch offices as local breakout, that was a greenfield opportunity while they had 2 data centers with ZIA had to go through. So think of a lot of this workload communication is a new area our customers are trying to figure out. And we are there with a very good and attractive solution while they have struggled to do the old firewall type of stuff to do it.

Another question for Patrick. What does the large enterprise typically spend on building one of those transit gateways with firewalls? And how much could someone save by moving to workload communications?

Yes. So they spend a lot. In a large enterprise, they can be hundreds of thousands of dollars or more. What we see more often, though, is cost is a secondary factor in that equation. The challenges are their existing approaches is limiting their adoption of cloud infrastructure, accelerating the migration of things out to these providers and capturing all the benefits that are associated with that. Our primary value in ZCP is simplifying the infrastructure while improving security and obviously providing scale so that things like performance don't suffer. We think there's a huge need for that in and of itself. We're, in essence, removing a lot of complexity. Hopefully, those 2 slides I showed -- shared that we're removing a lot of VMs for security appliances and the need to even build things like transit gateways and virtual routers and virtual firewalls and peering costs in a lot of different models. So hopefully, the simplification is way more impactful there than anything else.

This would be for Jay and also open to others, if you could comment, is when you talk to CIOs, why has cloud workload and infrastructure protection security lagged so far behind an investment so far?

I think customers have been trying to find the right solutions. When you start in a new area, you try to do what they've done before until some new innovative technologies come along. So people have tried to do virtual firewalls just like Patrick's shown, and now they're all feeling that this doesn't work. And we are going in at a time when the pain is already known, legacy solutions have failed. And it's great. So we are finding tons of interest. But from a timing point of view, it's easy for us to start with our existing customers because we have lots of credibility with them. And we are very bullish about the opportunity to solve these hard problems and help them with the digital transformation. Built applications in the cloud, if they can't be secured properly, is no good especially as we're finding that cyber is becoming a bigger and bigger issue. And that's a problem we're solving in the most elegant solution. It's just like we did the ZIA, ZPA for the users. This is going to be the same thing for workloads.

Okay. The next question could be, Amit or Jay, if you want to also speak to it. Why hasn't anyone else caught up with your architecture? Does the customer really care about architecture versus getting the price performance functionality they need?

Amit, do you want to cover it?

Yes, absolutely. I'd say architecture matters tremendously. If you do not have the right architecture, you cannot build and sustain a service. Jay talked about all the Tesla versus the internal combustion engine-based systems, right? It's -- you cannot transform that overnight. You need to start with a clean slate. The kind of growth that we have shown would not have happened if we did not have a multi-tenant architecture. The kind of security capabilities that we have shown would not happen if we want a proxy-based architecture with 95% of the content of the world is encrypted. If you're not looking at content, you're not going to be able to provide the capabilities. And then finally, I'd say, if you don't have the right architecture, you cannot deliver good gross margins because it is going to get more and more expensive from a support perspective, from an operations perspective. All of those are very important. And if you do not do it right, it's going to hurt you in the long term.

Yes. If I were to add a couple of things. I think it depends what you are trying to do. Sometime, you're writing, you're building simple unidimensional applications, the architecture could be simple and barrier to entries could be lower. Take, for example, SaaS application, travel and entertainment application, what does it take? Not a whole lot. But look at ERP, right? NetSuite started in 1999 as a cloud-based cloud-native ERP application. How many cloud-native ERP applications are out there? I can think of two, NetSuite and Workday. When ERP is the most important application, why don't you think there should be lots and lots of vendors? ERP is the hardest SaaS application to build. It hooks into everything. It's tough. In the same way, there are some unidimensional applications in security that are easy to build. Doing e-mail, securing the cloud, it's relatively simple. It got done as the first application. Doing identity is a well-confined -- well-defined unidimensional area. That's where we had 50 vendors in that space, market consolidated, and it's a mature market. What -- doing what Zscaler does, to sit in traffic path to enforce all policy, requires that you eliminate the need for all those point products from firewall to web proxy to DLP to sandboxing and the like because you can't have your traffic go from cloud A to cloud B to cloud C to cloud D. It's not really practical to do it. So what we've built is hard. And I can tell you, when I started Zscaler, I mean, it was a massive undertaking. Had I not done 4 companies successfully, I would not have had the guts to take such a big undertaking. And also, the VCs are also thinking twice about a major undertaking like this because they need to look for ROI. I had the luxury of putting my own money and taking our own risk to do it, which allowed us to build such a massive platform, and it gives us a big advantage. And incumbents naturally start with if I got this technology, how do I repurpose it to do something else. It's great that that's what they're doing because building architecture from a clean slate is hard.

Okay. Great. Thank you, everyone. Let's take a quick 5-minute break, and we'll come back for the second half, including go-to-market and financials. Thanks. [Break]

Okay. We're back. We'll get started on the next segment, which is go-to-market and marketing demand generation. As many of you know, our next speaker, Dali Rajic, joined Zscaler as CRO back in September of 2019 right around the time we held our last Analyst Day and has since built a high-performance go-to-market engine that is driving our top line results. Following Dali, we'll hear from Chris Kozup, who joined us 2 months ago as CMO. With that introduction, I'll hand over to Dali.

Thanks, Bill. I'm assuming everybody can hear me all right. Great. Well, let's get going. Thanks, everybody, for being with us today. I think before we get going, I want to make sure we do the safe harbor statement and give everybody a moment to take a look at this and then dive right in. Here are some of the key messages that I want to make sure we get across today. I think I'm very proud of what we've done over the last, really, 12 months. And I think it's been really centered and focused around building a sophisticated and synchronized go-to-market engine. There are certain elements that we're going to touch on here around productive capacity, around how we engage with customers to really help them transform because those are big words. But if there is no framework behind it, it's very difficult to achieve this. Also, how do we make sure that during these really dynamic times, we're not just providing great solutions but maximum customer sat, maximum value, maximum retention with all of our customers? And then lastly, how do we make sure we drive new logos, add velocity with all the right levers inclusive of the different areas and paths to revenue such as channels and enterprise? I think it's important to understand what our go-to-market model looks like, why it's scalable, why it's repeatable and why we're able to really get all of our people to execute across the same excellence whether or not you're in Des Moines, Iowa; whether or not you're in Tokyo, Japan; Munich, Germany, it doesn't matter really. It's one framework that is built around the customer life cycle engagement around value creation, around making sure that we focus on business outcomes with the unique capabilities that we have. It absolutely is a competitive differentiator for us. Now if you take a look at pipeline generation, this is where it all starts. We have clear strategies built out across the team on how we generate pipeline in a very scientific and very customized way and, again, not product-centric but outcome- and business impact-centric. The framework and the life cycle really applies the same whether or not you're a prospect or you're a customer because as a prospect, we're selling for the first time; with a customer, we're upselling on an ongoing basis. And as you can see, it really is around identifying problems, making sure that architecturally, we define how to resolve those, what sequence. A question came up earlier, how do customers know? The answer is they don't know them many times, which is why it's our responsibility to help them articulate what the best path forward for transformation is. The other thing that we also do is we make sure we capture, identify what is the value that we can drive for these customers and how do we actually get there and how do we prove out we're uniquely qualified to deliver it compared to somebody else. Then obviously, we have to deploy with success. We have to make sure that we run quarterly business reviews with these customers to identify are we adopting, are we value realizing and are we getting ready for an expand with Zscaler. Now all of this means that the transformation road map that we put together for customers continues to evolve, continues to expand as their business requirements change. And we're there along with them every step of the way. Now the one thing that's very unique about us is the access to executives, senior executives compared to any other vendor out there in our industry and, quite frankly, compared to anybody that I've ever worked for in my career. Because we have this access, it is critical that we keep the thought leadership, the mind share close to us, which we do via executive briefings that we run on a consistent basis. So some of you might have questions of what happens as you add additional products, what happens as you add additional capabilities. The answer is, you simply plug them into this model because this is a use case outcome-based go-to-market model. This is a model that has the entire ecosystem integrated into assisting at the right time with the right activities very carefully measured because underlying all this is a revenue ops engine and systems that allow us to understand how we're doing across every single step of this life cycle engagement. That means we understand how well we're doing, what the transitions and conversions are regardless of where you are in the world and regardless of what your tenure is with the company. And then we have an enablement team that allows us to continue optimizing the quality. So it is an integrated, outcome-based go-to-market engine that has all of the ecosystem and overall corporate elements as part of it with very precise and intentional activities at the right times. Okay. Bill, I'm trying to move forward here. And it's not letting me. Hey, Bill?

What slide are you on?

It jumped from the previous slide. Can you see the slide, Paychex, NOV? Can you see the Paychex, NOV slide, Bill?

Yes. I can see it.

Okay, great. Okay. My apologies. Kids on WiFi doing home schooling, so I got to make sure I'm still progressing here. So I wanted to just list a few examples here of some of the value that we provide to our customers. Now many vendors will say, we provide business impact. We provide business value. The question is can you actually measure it. Can you quantify it? Can you then value realize? And then can you make sure that the customer is absolutely agreeing and willing to speak to the measurable, quantifiable impact that you provide? We have dozens and dozens of cases, some, obviously, we can't list. We have a few of those listed on our website as well. And what it means is, to the earlier question, why can't others duplicate this, because our ability to solve for unique use cases allows us to drive unique business impact which we identify throughout the sales process, get the customer to validate that they're relevant for them. And that then differentiates us based on where the customer is trying to go and transform to as opposed to feature function comparisons and matrix, which might have been yesterday's world. Now the other thing that's really critical for us to discuss -- okay. All right. I have a little delay here. The other thing that's really critical for us to discuss is, so if you have this sophisticated synergistic harmonious framework, what does that really mean in regards to making sure that you can bring people in and get them active and productive very quick. If you take a look at what we've really done over the last 12 months is build a recruiting engine that allows us at all levels to add velocity, really go after top candidates and not just go after top candidates but fill reps on time and decide that we want to make some additional investments to go faster. Now when you hire all these people, the #1 thing you have to do is make sure that you get them to productivity faster, make sure that you get them busy fast, and we've made some great progress in time to productivity for new reps because of the systematic programmatic go-to-market engine. Between boot camp ones, boot camp twos, meaning you start, you have a certain section of knowledge that you've got to acquire, then you have a next section of knowledge, so it's all built in layers. So the goal being, as you start, I want you busy week 1, but you're not an expert week 1. So what are the activities that I can make sure you can do? How do I align the ecosystem to help you with your knowledge gaps? And then how do I build an engine that keeps revving as you keep ramping? That includes understanding, as I said earlier, from a revenue op standpoint, volume of activity via leading indicators. We understand on a weekly, monthly, quarterly basis and out-quarters what the activities are that are going to lead to a healthy outcome down the line. What are the healthy conversions? How do we measure them? How do we impact the quality of those via the right enablement? The other thing that we're doing is making sure that our leaders are enabled, that our leaders get the proper training on how to run the system, run this model like a GM, how to ramp their reps, how to make sure that they impact the development on a most positive basis. What this means is that we've built an engine where we control all the elements within the engine, understand where we have quality gaps and understand how to impact those quality gaps because in order to drive this, you have to have the right leadership team. You have to have the right revenue ops engine. You have to have the right enablement engine, and we have all 3 at a world-class level. That means as we add more paths to revenue, more use cases, more products, we simply click it into this, nothing changes. It's just an expansion of additional areas of value for us to investigate. Now we have the question of how do customers understand really where they need to go, how fast they need to go there. Bill, it's not building. There you go. Let me build this out, and then I'll come into it. Okay. There you go. Every time we sit down with customers, whether it's a prospect, as I said earlier, whether it's a customer, it really doesn't matter. We have an architectural road map that we put together in collaboration with. There are different phases that are naturally grouped together on how we look at our customers' transformation because we have to be prescriptive because they're asking us to be. What it also means is you're seeing the high level here, all these phases have many subphases of different use cases that we have -- help customers solve for different problems we help them solve, different quantifications of value of those problems. So what we're essentially doing is not just building a road map on what the stages and steps for customers should be, how we derisk them, how we're with them step by step every path of this journey in all their phases. But rather, we're also mapping out different points for us to upsell, cross-sell into these accounts. Now in all of these phases, there are other things they have to do that are maybe not Zscaler-centric. But that's where our ecosystem of tech partners comes in. That's where our ecosystem comes in of companies we collaborate with. So we're still the core experts in helping guide customer decisions on how to transform, how to get into the cloud as fast as they can and how to become a digital-first business. All of these phases present multiple, multiple entry points for us into accounts. And all the sub-phases also present multiple upsell points into these accounts. Now what this means is the following. As we see it, if we take a look at the new logo acquisition that we've had over the running quarters, and Jay and Remo mentioned it in our earnings calls, last 2 as a matter of fact, that our new logo acquisition is very strong. If we just look at the accounts that we have today as customers, and if we quantify bottoms-up what we think the upside is just in those customers, our math comes out to approximately 6x upsell opportunity across ZIA and ZPA alone, whether that's with additional users expanding to the enterprise on ZIA, whether that's going up and bundle a [ height ], meaning more value bundles, which we also commented, more customers are starting to migrate to, whether it's including data protection, which is absolutely starting to increase in our business or whether it's including ZPA for all as opposed to just for a subsegment of customers realizing VPNs and firewalls are a thing of the past. So it's a really, really great opportunity for us just in our account base. But as we mentioned, we're not interested just in selling into our account base, and the entire engine that we built is structured around new logo velocity as a core, core element. Part of that new logo velocity also is achieved through partners, and we've talked about our Summit Partner Program, and the confidence is absolutely increasing across the partner community. So is the velocity, as you can see. Now I want to make a distinction in what we're calling out here. This is a value-based partner model, not a volume-based partner model. That means we're engaging with partners early. That means we're account planning with the most strategic partners. That means we're going after specific problems to solve specific customers, specific verticals. That also means they're making co-investments with us. That also means they're building out their resource pool. They're building practices around us. And what it culminates into is deal-registered business, especially deal-sourced business, meaning partners coming to us, bringing us new logos, and then we're engaging together. So this is an important lever we're going to continue accelerating on, and we're going to continue improving upon as we keep scaling our business. I'm very bullish on this path to revenue and what this is going to mean for new logo acquisition and for us scaling our business. Now the other area that we're also focusing on, it was mentioned a few times, is our tech alliances. Our tech alliances at the core enable us to uniquely differentiate with our unique integrations with these partners. They allow us to gain access into different sides of the house that maybe we're not in yet. They allow us to accelerate deal cycles. They allow us to supersize deal cycles because we're part of a broader story in addition to our broad platform story. We are also not just building out our technical capabilities within here but also have started building out a specialist team that is focused just on accelerating velocity through these tech alliances so we can add additional value and additional impact to our customers. Let me build this slide out. Okay. Now if you take a look at how we're constructed and how we think about the world out there, our core space where we live is the majors and the large enterprise, and we've seen tremendous success there. We've seen tremendous mind share there. We've seen tremendous access to the C-level executives there, and we've seen tremendous velocity there as far as new logos are concerned. What we've also done is built out the enterprise team, and quite frankly, it's a sizable TAM. What we're finding is that this segment is quite attractive because it's coming at us. Partners are bringing it to us, and it's allowing us to close deals in shorter cycles. It's allowing us to close deals with more junior resources, and it's allowing us to get a much, much broader reach in a low-cost way. It is a segment that we're going to continue investing in so that we, quite frankly, own the market thought leadership and mind share across executives and companies in what we consider key vectors of transformation. What we also discovered was that on the commercial side of the house, we saw a lot of velocity coming our way. We're not going to turn away any POs and not just do we see velocity come our way, but we saw really partners bringing us velocity. So we have a commercial team. We're being very careful about how much gets invested in there, but we are absolutely fielding velocity coming at us. If you take a look at this pyramid, what this also did for us is this is, in essence, a farm system that we're building out. We're hiring people early in their career across commercial. We're grooming them to move up into enterprise, who we're grooming to move up into large enterprise, who we're then grooming to move up into majors. Obviously, this has a positive impact on velocity, on momentum and getting people game time ready out of the gate as soon as they're promoted because they're not new to the company, no process and fully understand go-to-market model and value proposition for our customers. So this is what drives really all of our segmentation, all of our planning, all of our strategy. We know who we are, where we're going to focus, but we're also going to make sure we capture as much of the TAM as we can in the most cost-efficient way possible. So just closing out, I hope walking through this briefly is going to give you really an understanding of how we are formulaically impacting productive capacity and the productive capacity model. If you don't know this inside out and have science built behind it, at some point, it breaks. We're very confident ours won't. We are showing you how we're driving business transformation in a prescriptive way with our customers, quantifiable, competitively differentiated. And we're also, with that, bringing customers close to us as a trusted adviser, as their partner for their transformation at a pace that they're not accustomed to with new things coming at them that we're expert in and they're not. And then lastly, it's all culminating in great velocity around G2K and, quite frankly, all the other logos as well. So Chris, sorry for probably eating into your time a little bit. But let me transfer it over to Chris Kozup, our new CMO.

That's great. Well, excellent. Thank you, Dali, and thanks, everybody, for being here. I'm certainly very excited to be here as Zscaler's new Chief Marketing Officer. So my goal in the next 10 minutes is really to talk about how we are leveraging marketing as a key driver for growth. And I would say my focus primarily is in 3 core areas, and those areas are really how do we build awareness to open more doors through our brand, through the strength of our brand; how do we grow pipeline and do that with a much more segmented focused demand generation execution; and then ultimately, how do we deepen customer loyalty through a series of structured programs, specifically within the CXO -- with the CXO audience. So what I want to do now is kind of just take you through each of these. And I'm going to start with brand. Now from a brand perspective, Zscaler has successfully established itself already as a leader in zero trust. And our brand has become synonymous with how we help customers really look at digital transformation and then achieve that through a highly differentiated way, which is all about the Zscaler Zero Trust Exchange. And you've heard already today a lot about that in some of the previous sessions. So now that we've proven out this brand promise and proven out this benefit for our customers, our focus now really goes to how do we amplify that. So I'll say, first and foremost, we have increased overall brand investments, over 80% increase year-over-year. And we're really focused on a very highly targeted execution of things like advertising and search, all of the paid attributes that we can actually execute on really targeting both CXOs but also security architects and practitioners as well. And then, of course, as I'll talk about and Dali alluded to, we have a very strong focus on how we build our brand within the CIO environment, the CISO environment and the CTO environment as well. Now it's not just about paid execution. Also, what we call organic execution is equally as important. And Zscaler sits on a wealth of expertise, a wealth of knowledge. We have a great ThreatLabz team, which is our team of highly experienced security researchers, and we use this information to really help guide our customers and our prospects on current and emerging threats. And a great example of this is just what we've seen with respect to SolarWinds. And our focus here is how do we actually significantly increase the level of thought leadership that we're taking to the market, harnessing the power of all of our internal thought leaders but also using the power of all of our great customers and partners that we have with us. So tactics like public relations, blogging and the like, these are all great things that we're spending a lot of time to amplify. Now I also want to call out the fact that Gartner is a great partner for us. We spent a lot of time with Gartner. And given just the transformational value prop that we have and given the breadth of our portfolio, we actually engage regularly with over 40 Gartner analysts. And that's pretty -- it's a pretty large number for a company, certainly, of our size. But I think it underscores just the transformational impact that Zscaler has really across security, networking, digital transformation and the like. Now we certainly have, I would say, a lot of great momentum. Sharing with you here some data points that really emphasize a lot of the growth and momentum that we've accumulated over the past year. I'm very proud to say that things like our advertising, for example, is outperforming like companies in our same industry. We've seen significant growth in the consumption of our content in terms of both our blogs as well as the number of folks visiting zscaler.com. And this is really just now bringing us to this point where, ultimately, of course, my goal is to amplify that even more. So a lot of great momentum but a lot of great runway for us to continue to build upon. Now I know you've seen this chart. This is certainly a great way that stresses the strength of our brand and the momentum behind our brand. Obviously, Jay shared this and articulated that we are extremely proud to be the only leader within this Magic Quadrant. And of course, as Jay and others have touched on, this really bookends 10 years of leadership for the company and demonstrates the strength that we have in the broader zero trust domain. And I just have to say, as a marketer, it is extremely rare to see just one company be highlighted as the only leader. It's not the first time, but it is certainly very, very rare. So great to see that kind of recognition from Gartner. I thought I would take this a step deeper, though, and talk a little bit about some additional perspective on the strength of our brand. And this chart shows actual data gathered from gartner.com, which Gartner makes public. And the data shows which security vendors, enterprises are coming to Gartner to get more information on, in other words, which vendors are enterprises searching for on gartner.com. And as you can see, certainly, the level of interest here for Zscaler is well above the other players and certainly indicates that we are definitely punching above our weight as it relates to just the demand and interest that we're seeing within the marketplace. So let me transition now and talk a little bit more about demand as kind of the second pillar of really where marketing is focused. So our focus, much like Dali has mentioned, is our whole go-to-market is lining up by segment, and marketing is no exception to that. Marketing is aligning very much to what we do, how we focus on building demand within our major accounts and our large enterprise accounts and then, increasingly, what we're doing within the enterprise segment as well. So within the major and large enterprise market, our message here is very squarely focused on how we can help our customers secure their digital transformation. And we do that in a highly differentiated way, as you've learned about already, with the Zero Trust Exchange. Now for these large enterprises, we lead largely with account-based marketing tactics, and we focus very much on the CIO and the Chief Information Security Officer audiences. But we're using a lot of digital tools, social selling, purchasing intent tools to actually help our sellers identify the customer need and then ultimately accelerate the sales cycle. And these tactics are working. We're seeing already an increase in new business meetings. We're seeing expansion in average deal size, as I'm sure many of the other folks here will discuss through this presentation. So let's kind of build this out and talk a little bit more about then the enterprise segment. Now our message here is focused much more on cloud security adoption, right? And ultimately, unlike the large and major enterprise segment, this segment is really much more about volume. We're expanding our lead generation programs at the top of the funnel to drive more inbound acquisition of leads and then ultimately, qualify those leads to turn them into more sales meetings. At the same time, in addition to our direct motion, we've introduced new partner marketing programs, including a new partner marketing funding program, which is ultimately designed to help our partners really drive greater demand throughout their ecosystem. Now so the net result of all of this, of course, is to see better pipeline conversion through the dollars that we're investing. Now let me kind of round out this discussion here by talking about loyalty. Firstly, I want to say that I have been immensely impressed just by the strength of relationships that we have at the C-suite, not just CIOs but also CISOs and also CTOs. And these relationships have allowed us really to drive greater reach within the CXO audience through running programs like events and networking opportunities. We've developed a number of tools to help our CXO audiences really quantify the value of their digital transformation, mobile apps, quarterly business reviews. Dali talked a lot about these, ultimately, to allow all of these senior managers or senior executives, I should say, to better manage their environment. Now of course, the goal here is to increase upsell opportunities, to reduce churn within this environment. But we've also really done a great job of partnering and leveraging these relationships to help drive greater thought leadership and also reach other peer groups by our -- of our existing CXO customers. Now a final kind of proof point that I'll leave you with here is that we're really extremely proud of just the fact that at our recent customer event, Zenith Live 2020, we had over 40 CXO speakers that joined us to share their experience with our attendees. Now in my prior lives, having just 5 would have been fantastic. 40 is amazing. So obviously, very, very proud of that as well. Now let me just close out here and kind of highlight again the key takeaways. First and foremost, the amplification of our brand promise is resonating, and this is leading to more at bats with new customers. Our demand gen execution is aligning to segment, which is improving the productivity of our campaigns. And our strong relationships with CXOs, we view certainly as a competitive differentiator, but obviously is also helping us reach new audiences. So that's it for me. Bill, I will pass it back to you.

Okay. Great. So the first question would be to Dali. You mentioned a metrics-driven process. What are the key metrics for you that defines success for your team?

First of all, it starts, Bill, just take it back to the core. It starts with the team, right? Do we have the right people in the right spots, and we have an incredible team in place, and it's expanding. So we've got to make sure we have the right capacity to drive the right volume. And in addition to that, you need to start developing systems to track activity, not just pipeline, it's too late by the time you get to pipeline. So we track and focus heavily on leading indicators that we can understand on a weekly, monthly, quarterly basis because it allows us to gain valuable insight in quarter, out quarters. And most importantly, it allows us to understand how we can impact ACV and revenue growth and allows us to impact the quality of our activities. Our employees' success to me is really my number one objective and their well-being. In order to achieve that, you got to have the right training programs in place. So everybody understands how to manage to leading indicators. Everybody understands why they're so critical and how to impact them. And most importantly, you got to have the development strategies in place so people can run their business like a GM, metric centric and metrics oriented, regardless of geographic location. So high level, this is really how we are tracking and what we're tracking as far as health of business.

Okay. Next, also back to you. As you've launched a number of new products, what plans do you have in place to successfully sell a broader portfolio? How do you keep sales cycle from slowing down as deals get bigger and more complex?

So I think we had a similar question last analyst call where the question was, hey, if you have a sophisticated go-to-market framework, does that not slow the sales cycle down. And I think we've proven that it doesn't. The sales engine that we've built, the go-to-market framework that we have built is focused on selling outcomes. We solve problems for customers based on what's in our portfolio. And quite frankly, customers are looking for a partner to help them solve problems at a broader scale. So as we add more solutions to our portfolio, as we add more capability to our portfolio, our motion doesn't change. We still drive outcomes. We still solve problems for customers. We still have an ecosystem that surrounds the rep and the SC, so we can have meaningful, impactful conversation with -- conversations with customers regardless of tenure of that rep or that SC. If you look at it from this standpoint, CXOs today have cost structures. They need tools consolidate. They need to figure out how do I get into the cloud faster, how do I transform faster? And we have such broad capability and the broader against -- again, promotions don't change, Bill. Think about it.

Yes. Bill...

Sorry, Jay. I was going to say the North Star at the core of everything we're doing is the Zero Trust Exchange. And our products are all developed to be delivered over a consolidated synergistic platform, as Amit alluded to earlier. We're purpose-built for the cloud. And quite frankly, we're not glued together, like some of those other legacy players out there. And it really shows in our conversations with our customers. Sorry, Jay.

No worries. If I may add, if our sale was geared towards technical audience to start with, generally, technical audience has smaller sphere of decision-making influence; then, trying to sell a broader portfolio will be much tougher. But our 3 biggest CXOs who are involved in Zscaler, CIO, CTO, who is often Head of Infrastructure in Zscaler, they have a broader span of control and decision-making. And vet gets easier. When we start a discussion in area A, let's say, can you help me in area B? That's where a lot of these discussions have taken us from ZIA to ZPA, now they're taking us to ZCP. So transformational C-level involvement is helping us actually make it easier to sell the broader platform.

And Dali, beyond capacity adds and some of the tweaks down market and onboarding, where does the incremental innovation come from it? In what ways do you continue to elevate your game?

Well, if you look at our model and if you look at our life cycle engagement framework and what we discussed, it was built for continuous evolution. It was built for continuous up leveling. The playbook that we use today gets evolved 6 months from now. The next playbook we use tomorrow gets evolved the day after tomorrow. So we've built a scalable programmatic engine that allows us via enablement and via revenue ops, not just to understand where we are but to understand what tweaks we have to do. And then we have the arm to deliver those tweaks. So Bill, as we keep going, as we keep evolving and as we keep driving more value to our customers, we're just going to continue scaling on the foundational elements that we just put in place over the last 12 months.

Great. Moving over to Chris, how would you define success as it relates to your efforts with brand building?

Well, the first thing I would say, Bill, is that it's never really over, right? I mean we will be always focused on building our brand. But I would say that the biggest thing for us is to be recognized by customers without necessarily being prompted as a leader in Zero Trust, right? That is the primary focus that we have. And obviously, having our customers and prospects and the market, in general, recognize that the Zscaler brand is synonymous with Zero Trust. And then also is a necessary catalyst for digital transformation. Those are really the 2 kind of bellwethers that we'll use to really evaluate the progress that we're making on brand building.

And on channel, how many channel partners do you have? What is your target number of partners?

Yes. So Bill, as I alluded to earlier, our channel model was built for quality of partners because it's value-based, not volume-based. So think we're looking to deeply engage with key partners. In totality, we have about 700 partners right now, I'd call them 200 focus partners, and I'd say there's about 20 strategic partners. And within that model, if you kind of conceptualize it, there's really 3 different layers for a strategic partnership and how we engage. Number one, close collaboration, meaning account planning, territory planning, we do that together with these partners. The second element, and this is really a critical one. We're engaging early, not just once the sales cycle is in progress, but we're engaging early and together mapping out who can we help, who can we impact, who is an ideal prospect for us to go after together, so that both of us, the partner and Zscaler, can get maximum thought leadership from that entity. And then, of course, with the strategic and focus partners, there's different levels of investment that is required. And based on the investment they're making, they also get different levels of reward based on the execution alignment that we have together. So in a nutshell, we're really looking for focused and cloud-native and transformative type partners. The box selling days, I believe, are either coming to a close shortly or shortly plus a little bit extra, but it's calling an entire partner community to have to shift in how they engage and how they drive value. And we're the super highway to do that for them. So that's how we're engaging. I hope that answers your question.

Dali, if I may add. I mean a number of partners who were hoping that the box days will never be over realize that actually it's happening. So we are getting more and more inbound interest from partners, and we are being very selective to make sure partners who are interested in transformation, solution-led sales rather than pushing boxes. Those are the ones we really engage and spend time with. So it is -- it's helping. The one who were slow 6, 9, 12 months ago, now actually breaking up and making calls to us.

Agree, Jay.

So this could be for Jay or Dali. What are you hearing right now in terms of reasons customers are accelerating the decision to dive in with Zscaler, but also maybe reasons they might defer? How is this changing from maybe 6 or 12 months ago?

Dali, you want to start?

Yes.

Please do it.

So here's what I'll tell you, and it's interesting. Was COVID an accelerant? Is SolarWinds an accelerant? What just happened in this market, and this is a permanent shift, this is not a temporary blip. What just happened is that the CEO business side of the house turned to IT and said, "I need you to be agile, I need you to get me into the cloud as soon as possible and I need you to help me transform. And I need you to do it in the lowest risk way. And by the way, it needs to include network, it needs to include security and includes also application transformation." Bill, we're the only entity that's purpose-built to do this. And we just rolled out, we have a model that helps customers accelerate into this. It is no longer an option, is what we're seeing. The evangelical conversations that we maybe had a year ago around cloud transformation and how it's defined around Zero Trust and how it's defined, those are business conversations today. And we're enabling IT organizations to drive quantifiable, meaningful business impact in a very short period of time. And that's what I'm seeing on a broad level.

Great.

Yes. If I may add a couple of points. I think the biggest change that happened in the past year is the mindset change. With COVID, everyone had to work from home, the CIOs certainly realized that some of these things can be done at a faster pace. We've had many CIOs who used to think that they need to transform their network from hub-and-spoke to go direct. They found in COVID that, everyone working from home, they didn't even need to touch the network. They could simply just go direct from where ever they need to go. So they certainly realized that, that inertia that was holding them back from doing these projects is no longer a bottleneck. And they also realized that transformation, digital transformation, cloud adoption had to be done at a faster pace because the companies who were far ahead, they fared better than the companies who were not. So increased digital transformation acceleration and the mindset change where they're finding that things can be done, and learning that the Zero Trust Exchange can actually help simplify stuff. So that's what's keeping us busy and accelerating our business momentum.

Great. So let's move on to our final presentation. Before we do that, let me recap what we've covered so far. We feel we have the right product. We're rallying behind an audacious goal. We have the ability to execute. Now we want to talk about our big market, the investment for growth that will pay off because we have great unit economics. When we went public a little less than 3 years ago, we talked about disrupting the legacy approach of network security. There was $20 billion that we attributed to spending on these technologies, mostly hardware appliances. That's what we're disrupting. This was never exactly our TAM. We passed on that at the time. We don't do network security. We're doing a new thing. And so today, I'm pleased to have Remo talk about a bottoms-up view of what we believe is our serviceable opportunity with our approach and with our business model. Again, this will be a bottoms-up TAM and what we can generate in revenues for each of our products and the market segments we target. So with that context, I'll hand over to our CFO, Remo Canessa.

Great. Thank you, Bill, and thank you, everybody, for being here. As Bill mentioned, there's a -- it's a very large market opportunity, a lot bigger than what we anticipated before when we went public. And I'll go through the numbers with you in a few minutes. Large land and expand, net retention rate 120% last year, 122% this last quarter in Q1. Subscription model based on per user pricing and per workload, which gives us good visibility into revenue as with the revenues recurring. And we talked about the large market opportunity and that we're going to invest in this market opportunity. Also the attractive unit economics, where the land is more expensive, and once you have a customer, then the unit economics become much stronger. And also the long-term profitability getting to 20%, 22% in fiscal '24, which is what we're expecting to do. So if you take a look at our annual pricing model, just to give you context, it is 4 users of 5,000 users for ZIA, we sell in 3 bundles: Pro, business and transformation. And the pricing at the high end bundle is $45. In addition, ZIA add-ons is about $30. That includes CASB, data loss protection and browser isolation. And ZPA is similar to the pricing for ZIA. So at the high end, about $45 per user. And ZDX is relatively new. And so what we're seeing in high-volume type purchases currently is about $25 per user. So for ZIA, ZPA, ZDX, 4,000, 5,000 users, $145 per user. What we talked about also is with workload protection, Zscaler Cloud Protection, relatively new. We are selling CSPM. We are selling workload segmentation. I want to make sure you understand also these are net prices to Zscaler. These represent average revenue per user also to Zscaler. So CSPM and workload segmentation for high volume, higher volume type deals, we're seeing $40 per workload for CSPM. And $60 per workload for workload segmentation. Workload communication is, it's brand new. And it's just starting. A lot of conversations with customers. But we're expecting about $55 per workload for workload communication. So the workload protection part of our business, we're expecting $155 per workload. When you take a look at our serviceable market, the market that we're going after, the market we're going after, and we're going downstream. So we're going downstream boards, as Dali talked about, down to that 2,000 employee company. There's about 20,000 companies like that. And that serviceable market is 335 million users. That's what we're going after. Now having said that, the incremental users, the ones below, which we call commercial, below 2,000 employees, is 267 million users. The strength of our platform, there's no reason that we can't go after that market. That market is coming to us. Our total of our employees or our revenue for commercial, it's about 10%. So it's not significant. It's 90% in our serviceable market and about 10% in that commercial market. But there's no reason that we can't go down into that market. Our platform works just as well for a company of 1 million users versus a company of 10 users or 10 employees. In addition, we see a potential B2B users of being around 600 million, similar to the number of employees in the company. These are third-party vendors and customers of customers. This is an early-stage market. It's relatively young. Companies are hiring chief digital officers. But this is certainly a market that we can go into in the future. And also we're making investments. So investments are being made in these markets. From a workload, OT, IoT, device basis, the serviceable workloads are 150 million serviceable workloads. And that represents the workloads from the top public clouds, the AWSs, the Googles and the Azures. That is our focus. So our focus is to go after that large public cloud workload market. In addition, there are 338 (sic) [ 338 million ] incremental workloads. Those are hybrid clouds and other clouds, something we can play in also, something that we can tap. And also OT and IoT, billions of devices interconnected going back into data lakes, making decisions. That is a market also that -- the advantage that Zscaler has created and people have touched on it, and Patrick really touched on it, which is Zscaler built its own TCP stack purpose-built for this market, built the platform to expand in many different directions. And you can see by -- with the ZIA, ZPA, ZDX and ZCP, the platform is expanding. It's integrated. It is multi-tenant. It is across 150 data centers. It is a single pass technology. It is proxy based. It is Zero Trust, and we have 80% gross margin. It is absolutely incredible. So -- this is moving, Bill. So let me see if I go back. So when you look at the serviceable market opportunity that we have, and if you take the $145 average revenue per user times the 335 million users, that's $49 billion. And if you take the $155 per workload times the 150 million workloads, that's $23 billion. So the serviceable market that we're going after is $72 billion. But as I mentioned, the opportunity -- the long-term opportunity is much greater for Zscaler. Some of the numbers. So customers, we've talked about that our customers are getting bigger. You can see from this slide, in fiscal '20, customers of ARR of $100,000 or more was 973 in July. And as of October, this October quarter, it was 1,057. Customers of greater than $1 million ARR has gone from, you can see, from 108 in July to 120 in October. Again, acceleration we're seeing related to bigger deals. If you look to the right and you look at for ARR of $100,000, you can see the customer count, the customers who have transformation, it is increasing. You can see data protection is increasing. You can see the count of customers with ZPA is increasing. All indications that we're moving the embracement of companies related to the digital transformation, the embracement of our platform and really being a platform to really service the needs of the company's security and networking needs. G2K customers, we've talked about, over 450 at the end of fiscal '20. You can see the average ARR per G2K customer year-over-year growth, as we've talked about, continues to grow, $572,000 per G2K customers this past year. Net retention rate strong, as I mentioned, 120%. The positives to the net retention rate is going to be new products. ZPA at the end of Q1 was 13% of our revenue. We are seeing acceleration in ZPA, that is an add-on, and all the new products that we have. I mean that -- they'll contribute to it. The negative part to the net retention rate is, as customers buy more upfront, which we're seeing, as well as if purchases are done within the year, it's the way we calculate it, could have variability. We're proud of this net retention rate, and you can see also the cohort basically being strong. Reacceleration in billings growth at 64% in Q1. New and upsell, historically, were 50% to 60% new. You can see in fiscal '18, '19, we were. Fiscal '20, we were not. Fiscal '20, we weren't, primarily related to COVID in Q3 related to existing customers who basically bought ZPA. ZPA as a percentage of our new and upsell business in Q3 was 43%, largely to existing customers who had to get their employees basically the ability to access internal applications. Q1 back to our historical rates at 52%. You can see the ZPA broader adoption from 10% to 14%, 29% last year, and it was 27% in Q1. And if you take a look at our revenue, it's consistently been 50-50. Significant basically is that when Zscaler, which is interesting, not interesting to me, but it just -- it's a great thing that Jay did, it truly was a multinational company from day 1 when it's a very small company. That is a cultural -- that's something cultural. And you take a look at what Jay presented with Glassdoor and how people within the company work with each other, that's not by accident. That's the culture that's been set up in the company. And it's across the world in every organization, and the culture is the same. As I've traveled through the world, talking to employees, it is really a significant strength of Zscaler. As I talked about cost of sales, gross margins at 80%, it's the multi-tenant architecture that was purpose-built for this world, which gives us the ability to expand. Amit talked about the ability to add additional applications and features and services at lower cost because it's all going off the platform. We talked about the accelerated investments on prior calls. It's just a huge market. We're seeing the market come to us. We are enthusiastic and really excited about our prospects. So we're going to invest in it. Hiring last year, as we talked about, for quota-carrying headcount last year, 60% growth in fiscal '20. We talked about that we're going to continue that into fiscal '21. We didn't give a percentage, but we did say it'd be substantially higher quota-carrying headcount. And we -- as Jay mentioned, we've increased it since then. With Chris on board marketing -- there's really 3 legs of the stool when you think about the go to market, sales and go-to-market with Dali's group, which has done an absolutely outstanding job. Channel, which is we're working on right now. And now with Chris on board marketing, we'll be making investments in marketing in channel also. R&D, 8 R&D centers throughout the world, Follow The Sun type R&D efforts. 15% was R&D. We'll probably get that up a little bit. We are a technology company. We're an innovation company. And so we will continue to invest. G&A, 9%. Significant presence in finance. About 80% of our finance organization is in India. Medium-term model. No change what we have before, 78% to 82% gross margin target in fiscal '24; 32% to 36% sales and marketing; 16% to 18% R&D; 8% to 9% G&A. 20% to 22% non-GAAP operating margin and free cash flow, a couple of points higher than the non-GAAP operating margin. So in summary, the takeaways. $72 billion serviceable market, which we did a lot of work to take a look at. One of the things that Jay talked about, which I didn't have an appreciation before when -- he's talked about it several times, is if you take a look back in history and you look at the horse and buggy, and if you try to extrapolate what the total addressable market is for the automotive industry, if you took horse and buggy and multiply it by some number, you would have been drastically too low. And that's kind of what we're seeing right now and what the market we're addressing. The world has changed. It's really changed significantly. And employees are mobile, applications are everywhere. And the infrastructure that's been created was created for a different type of network. It hasn't really changed, and it's going to be tough. So what Zscaler has done 12 years ago, as Jay mentioned, it's gated to where the puck was and really built this purpose-built platform to really, in my opinion, have a real opportunity to exploit this market. So with that, I'm going to turn it over back to Bill, but you can see the other things, all the same things I covered before. So back to Bill.

Okay. Great. Thank you, Remo. The presentations are now available on our IR website, if you want to take a look at that and look at it while we transition to a interactive Q&A session. I'm sure you have a lot of questions regarding that information that Remo presented. Before we do, we'll take a quick 5-minute break. We'll see you shortly. [Break]

Okay. Thank you, and welcome back. Now we'll start our interactive Q&A session. We'll take our first question from Brad Zelnick at Credit Suisse. Brad?

I'm trying to start my video here, Jay. Can you guys see me?

Yes, we can.

Yes.

Great to see everybody. Thank you so much for a really comprehensive presentation -- set of presentations this morning. It's really been a great day. Remo, I just wanted to start with you and ask about the build-out for your TAM and pricing assumptions that are in there. What's a practical way to think about discounting assumptions over time? And what have you experienced in terms of average discount trends to date?

Yes. I mean, average discounts per day, there's really not much change that we're seeing. So pretty consistent with what we've seen before. If you take a look at our audacious goals, 200 million users and 100 million workloads, and you do the math based on the per user pricing, it's about a $45 billion market -- or not market, it's $45 billion revenue for Zscaler. As Jay mentioned, there's going to be competition as we go. I mean it's going to happen. I mean, it's just too big a market. And what's interesting, Brad, is that 4 years ago, when I talked to Jay, I thought, wow, what a great opportunity. And now looking how the world's changed, it's just a much bigger opportunity. So even you take 50% of what we talked about, we're still a $20 billion, $25 billion company. Is that reasonable? The key thing is the platform has been created. It is purpose-built from the ground up. Nobody else has it. Nobody else has it. And you take a look at legacy guys, they try to retrofit it. It's going to be -- it's tough. And they're going through a public cloud. We're cloud agnostic. We don't care. We're Switzerland, as Jay mentioned. We have the ability, as Amit talked about, to put additional applications on at a very fast pace. You can see we did 2 small -- all -- every acquisition we did is doing well. I mean Cloudneeti with CSPM, Edgewise with workload segmentation. We did the small AL -- AI/ML company acquisition, which is doing very well and also Appsulate with browser isolation. We have the ability to integrate products into our platform because the platform has been created. It's a huge advantage, in my opinion.

If I may add one thing, Brad, related to your question on discounting. I mean our price per unit per year has been going up. And actually, it has been going even faster in the past 12 to 18 months. So we are seeing an opportunity to grow price per unit rather than thinking that the things will be discounted. We think we have a pretty good runway because of the difference in offering a true zero trust solution over someone else. And the market keeps on moving at a faster pace. If someone tries to come and build what we have in x -- in 2 years, the market will be very different in 2 years. If we keep on innovating and keep on driving our go-to-market execution the way we are, we think we're in a very, very good position.

Great, guys. Can I maybe just chime in with one quick one for Dali? I don't know, Dali, if -- Dali, fantastic presentation. I think I heard you say the word confident several times and really so much that we heard from you today that just makes a lot of sense. If there are any possible constraints to the -- the old question of what keeps you up at night? I mean what is it that you see that every day you're really focusing on and managing to when you think about, even just the market's ability to absorb everything that you're delivering? And anything else that you think about that may potentially you have to manage through to constrain or work through?

It's a fair question. And I think you've heard Remo on the calls mention we're accelerating, we're going faster. So we have a really good model in place internal in deciding as a team where we want to make investments and then putting a very quick analysis together on what the impact is of those investments. So right now, between the exec team really being on the same page and us understanding where to invest, how fast we can go, I don't see any limitation that it may be a traditional go-to-market engine would see constantly arguing with CEO and CFO over more money because it usually comes with a plan of what it's going to yield. So the only area where I think we can go faster, I'm going to flip it around. Everything keeps you up at night, which is much to the dismay of my wife. But that's how my mind works because I'm constantly trying to figure out what else, what else, what else, what else? What's next? And then we go to it. Having a really strong leadership team in place that runs the playbook with excellence allows me to step outside of operator mode and think about 4 quarters, 6 quarters out, have the conversation with the exec team and then build a plan backwards how we're going to get there. We've been doing it. So right now, we're going as fast as we can across every vector. And the one area where I think we can go faster, that's the demand gen area, where I think Chris is going to have a really big impact, as we're building that out. The channel is starting to click. All the elements are starting to click. The downmarket is starting to click. So we're going to just continue accelerating. So right now, everything keeps me up at night. But I'm not panicked about anything, and I'm not trying to skate around your question, I'm just being wrapped actually.

Appreciate it, and congrats.

All right. Great. We'll take our next question from Hamza Fodderwala at Morgan Stanley. Hamza, if you could turn on your video, please, and unmute. Thanks.

Can you hear me okay?

Yes.

Okay. Great. Well, great presentation, a lot of good details there. I'm wondering, as a follow-up to Brad's question, just around how you guys came up with some of the price points for the workload opportunity, in particular. Was there any sort of haircut or estimate that was assumed to reflect how much of that opportunity would be serviced by the existing public cloud vendors? Because I understand, obviously, you guys have a very core strategic focus here, but there's probably going to be some share of responsibility between you guys, AWS, Amazon -- excuse me, AWS, Microsoft and Google. So I'm wondering if there is any sort of share or estimate that was assumed around that?

Bill, do you want to answer that?

Why don't you start with his direct answer? And then secondly, maybe Jay or Patrick could talk about shared responsibility with public cloud providers, please.

Yes. I mean the pricing for CSPM at $40 and workload segmentation, those are deals. Those are actual deals, decent-sized volume that we're seeing. So that's what we think of pricing. So there's -- that's what we think we're going to get. Workload communication, that's a potentially big, big market for us. I mean if you think about protecting workloads no matter where they go, and we haven't -- that's just starting with cloud connector. But that's the type of pricing we're discussing with customers. So these -- the prices that we put out, they're real. I mean the -- and again, these are net prices. And for ZIA and ZPA, those are the prices that we've talked about, 4,000, 5,000 users, those are actual prices.

Even in cloud protection, as Remo said, workload segmentations which came via acquisition of Cloudneeti and then be further integrated, CSPM which came through the acquisition of Cloudneeti. We have inside real data. Workload segmentation, they just got launched. Just to let you know, we are engaged with over 4 dozen customers. And there are lots of pricing discussions that have taken place. So the data is based on real data we're seeing from our customers. The second part of your question is, yes, could other cloud provider vendor could take a piece of the market. So when we compute TAM, TAM is based on total workloads based on our pricing. If we got that, what would the TAM be? So obviously, if we got everything at the current prices, we'll be doing $45 billion per year. So you can do it from here and say, if they don't do all the stuff, what will that be? That's where Remo gave an example that if we got half of it, we're sitting in the $20 billion, $22 billion range. But I think that there are some very interesting pieces. If you look at the big cloud vendors, I do believe they'll have pieces where they can do stuff on their own, but when you need to support multi-cloud strength, do I want stock posture? Do I want security posture of just my AWS workload? Or do I also want my Azure and Google Cloud workload as well. That's where our position comes in. And especially, if you look at the workload communication with the story that Patrick presented, we think it's so disruptive, it's so cool. It's almost like ZPA. When customers sought ZPA for users to the application, they kind of say, wow, oh, you mean without my network, without getting on my network, you mean I don't have to have a network. It's the same thing where your workloads are talking from Azure A, region East to region West to AWS, where ever. It just becomes so simple. That's what makes us so excited about the opportunity. And I do believe that these kind of opportunities won't be spread between 15 vendors. If you saw the firewall market, it has been staggered kind of all forward. If you look at the proxy vendors, Blue Coat dominated in the high end and so on. You look at the cloud vendors, after these 3 mega vendors, there isn't much out there. Same way, if you think the areas where we are doing it with zero trust, we should be able to command a very, very good market share.

Maybe just one quick follow-up, if I may. So you guys give a lot of details around sort of the TAM opportunity, and obviously, it's quite sizable. One of the things that was missing was sort of how you're thinking about sort of long-term revenue or long-term revenue growth. Any reason why maybe that wasn't included for this Analyst Day? And are there any sort of growth level that you are looking at over the next 3 to 5 years, and that's about it?

Yes. I mean I don't like doing that answer but let me just say a few things. I know the analyst models out there. I think they're 31% CAGR. Let me just say, I'd be disappointed if we're not at that level. I don't want to be making projections or giving -- because I'm concerned -- for other guys who know me for a long time on the call, I'm very conservative, and I just -- I want things to play out. It's a huge market opportunity for us, and it's really going to come down to our execution. And I think Dali said it right that this is really the best by far management team, I've been part of in my career, by far, not even close. And the way we work together and how we make decisions. And it's just -- it's business oriented. So let's see how we go. Like I said, if we're below where the analyst projections are for the CAGR through fiscal '24, below 30%, 31%, I would be disappointed.

Okay. Great. Moving on our next questioner will be Walter Pritchard from Citigroup. Walter, if you can turn on your video and unmute?

You hear me and see me?

Yes, it sounds good.

All right. Great. Just following on on the workload protection part, I think this is a newer part of your efforts here. How do you think about the differences and ability to penetrate the sort of cloud-native, 150 million workloads versus, I think you talked about 330-something million, 340 million that were hybrid and other? And sort of from an architectural perspective, I guess, your strength has not been the presence on the workload. How do you think you're sort of not necessarily having the presence on the workload, but having other things that sort of sit around the workload are going to enable you to take share? Because it seems like that's what we need to believe to get to meaningful share of those hundreds of millions of workloads.

Right. So let me try to give you a view of this workload market in quantum, there are actually 2 clean segments. There's a micro segmentation piece, that people are trying to solve. And there's a overall communication across multi-cloud, multi-region piece they're trying to sell. We believe while the micro segmentation market requires some level of education, and it's a little bit more sophisticated, probably a little bit out there yet. The market for my workloads in AWS East region needs to talk to my workload at AWS West region or AWS Asia Pac. That market is ready today. And the reason we know it because we're talking to the same CIO and Head of Infrastructure, who is trying to build a network security model where they're trying to connect East to West to whatnot [indiscernible] using traditional network security model that Patrick clearly showed in those diagrams. We are getting pulled in to say why can't you deliver this image sooner and sooner. And so that discussion is going on for the last 1 year. And we have the product ready. The customers are calling us with -- since. So we're working with it. So it's not some new product going to new customers who talk about it. It's customers who are working with us, who are pulling us in and really showing us then with a zero trust, they don't have to do anything. Otherwise, you're seeing a period of what so far was here, there, across the board and it's a site-to-site VPN or whatever like, all that goes away in our gold becomes a very simplistic model. That's what's appearing to our customers and that's done. That's probably a fastest growing market I would think, would seem down what got secure.

Got it. Just to add on to that, just to make sure I understand. So I think you have some of your competitors sort of going at it, have a product for serverless, they have a product for containers. It's sort of bit of a cover every type of cloud workload. Is it your view, Jay, that you don't need to necessarily have something specific that would cover category workload, it's kind of higher level that cover segmentation and communication?

Yes. So two things. When we're doing segmentation, in fact, with our workload segmentation. We do have an agent that needs to go on the workload to -- that's 1 level. But when you talk about workload communication where we're using a cloud connector offering, I don't need to be on a workload on a serverless or container. It doesn't really matter. Cloud connector is a traffic comp. You have a period of cloud connectors for a given VPC, and we can handle all traffic and traffic and be sent to where it needs to go to. If it needs to go to Internet, it gets sent through the ZI policy engine. If it needs to talk to an other workload, it gets sent through ZPA. So we -- for workload communication, we don't need to sit on each workload. We are sitting at 1 place for each VPC acting as a traffic comp. So that part is very simple. The other one you talked about it is actually workload segmentation where we need to sit in to sit on along with the workload, which is kind of our edgewise acquisition differently.

Walter, if I may. Another way to look at it is we're not an endpoint security company, right? We integrate well with CrowdStrike and Microsoft, yet we are -- what we do is we have a small agent, a client connector that allows users to securely communicate with Internet-based applications as well as private applications, right? Now if you replace the user with an app, right, on a workload, it's the same exact concept. And if you are an endpoint company, well, you would try to take your endpoint AV security and try to put it on a host running in Azure or GCP or whatever. But we look at workload communication as 1 entity talking to another entity going through the Zero Trust Exchange. And just like we are able to do it for users. Users want local Internet breakouts. Users want zero trust connectivity to apps. Similarly, workloads who want to do the same thing. And it kind of dramatically simplifies the design as you migrate applications to the cloud. That's 1 piece. And the other piece I'd say is the posture management is, again, you don't need to get onto workloads. You need to work with APIs that cloud vendors provide. And if I am on AWS, I'd like to know if there are open S3 buckets or maybe some inbound policy that allows access, right? All those things can easily be found using APIs. That's what we do with our security posture management, which is here and now.

Next, we'll be taking questions from Sterling Auty at JPMorgan? Sterling?

Yes. So wondering within the context of the long-term gross margin target that you've given, plus all the goals that you've outlined today, how should we think about the pace of investment that's going to be necessary in your infrastructure to give you the capacity to support those growth ambitions?

I'll start it and maybe Jay or Amit, you can go to. From my perspective, I still think, Sterling, related to capital investment, high single-digit of revenue. I don't see much change. I think the efficiency that we've created and will continue to create, I think, will allow us to just to stay at that type of level. Related to infrastructure and cloud operations, really not much change either. I mean we've got a pretty strong cloud operations group of a lot of automation, which we continue to build automation. So I -- getting that 78% to 82% margin. The thing we talked about was that as we bring on new products and as went again to the market quicker, we may have an public cloud. And public cloud margins are lower. They're 20%, 30% lower than what our margins. Our plan is to move those products onto basically our cloud and then the margins will go up. So I think that 78% to 82% is a good target range. And investments related to it, I don't see much change to what it is now.

Yes. Sterling, if I were to add, if you asked me this question 4, 5 years ago, when I was doing 5 billion or 10 billion transactions a day, I would be kind of trying to wonder why. Now we're seeing that every 20 months, we're doubling. I mean going from 75 billion to 150 billion. I mean you're talking about the biggest of mix scale. So in the past 4 or 5 years, we've seen that we can scale with the kind of gross margin you're talking about. So with that CapEx and gross margin, Remo has given the range, we're comfortable with them in coming years.

Yes. One more thing I'd add, Sterling, is I talked about that multi-tenant architecture, right? And a 150 billion transactions a day, multi-tenant, what does that mean? I mean think of it as a high-speed rail system, right? I can transport 1,000 people very efficiently as opposed to 1,000 people being in their individual cars and trying to go from here to there, right? So it's a super-efficient model. 50% growth is about doubling footprint every 20 months. If -- even if we double every year, it's 3 to 4 years before we get to 10x scale, right? Do we have a path to 10x scale? Absolutely. We're working on it, right. So we have the ability to take what we have built and 10x it in the next 3 to 4 years in terms of utilization. And the vertical scaling that we've added. I showed you some data points, and the ability to horizontally scale it with automation with operations is all there. And what gets me more excited is that the unit economics, both from ops perspective as well as supportability perspective, go down. And we have very good data points that we shared with you as this continues to grow.

Next, we'll go to Alex Henderson at Needham.

Okay. I think I got it open. So I appreciate the opportunity to ask a question here. I was hoping you could talk a little bit about when you win cloud workload protection-type business. Is it a necessity to have ZIA, ZPA sales first? Or are you able to sell the cloud workload protection independently, of selling ZIA, ZPA? And to what extent does that slow the ramp of that business? And then I was hoping you could talk a little longer term, how long do you think it will take for the company to get the cloud workload protection to say 30% of the company's revenues, is that a 3- to 5-year process? Or is it a much longer process than that?

Well, I answer the first part, and Remo can cover the second part. So you don't have to have ZIA, ZPA to sell cloud workload protection. But it's natural for us to deal with existing customers with so much loyalty only. In fact, a number of deals we have closed for CSPM and workload segmentation have not been our customers because before we acquired these 2 companies, they actually were already working on somethings -- on some of the customers out there. But you're going -- you're likely going to see a majority of the revenue coming from customers plus, and there will be some incremental new logos as well. Remo, second part?

Yes, it's going to take longer, Alex. I mean you take a look at the maturity that we have in ZIA, ZPA, it's -- they're humming, right? I mean it's the strength of the business. The workload protection earlier. I mean these are -- we talked about this year that we expect our new products to contribute mid-single-digit new and upsell. So it's going to take longer. Now having said that, I mean, you take a look at the opportunity that we have in workload and IoT, OT. And with the platform that's been created, we can go in those -- the incremental workloads as well as the IoT, OT market. It's really what it comes down to. It is such a big market. We have the platform to really exploit it. But you got to pick your spots. And so our spots now, basically, companies are greater than 2,000 employees and the large public cloud type workloads. But as we go further and if we do have continued acceleration on the top line, we're not going to be short of investing. We're not going to be short of investing.

One last question, if I could. How much of an advantage is it having both ZIA and ZPA and the workloads tied together when you compete in the broader marketplace? Because I don't think any of your competitors do both.

That is correct. I think when our customers who already have ZIA or ZPA, they see our workload communication, which is built around cloud connector, they kind of say, wow, this is no-brainer for me. When we engage with those dialogues, they don't really say, I am going to look at competitor A or B or C because they know there isn't any. So if you look at the 3 segments of cloud protection. This CSPM, yes, that's a market out there. We'll see competition. Workload communication with cloud connector, very, very unique out there. Workload segmentation, which came through acquisition and then got embedded in our platform. It's a pretty unique as well.

Our next question will be from Brian Essex at Goldman Sachs. Brian, if you can turn on your video as well.

Can you hear me okay?

Yes.

So Dali, thank you very much for the pyramid and kind of go-to-market strategy. That was super, super helpful. I guess I wanted to ask, as you look to go down market, how do you think about the trade-off and unit economics? And do you happen to have an indication of how much of your installed base each of those cohorts represents to the extent that would also love to get some insights from you as you go down market, I would assume that you might have lower attach rates, but is the velocity of your go-to-market strategy enough to accelerate your revenue as you go through that process?

Yes. So that's a lot of questions in one. So let me parse it apart. Our focus is large enterprise and majors. Because based on what we're seeing out there, there isn't a story, a true story, once proven via use cases out there to ours. If you take a look at in the down-market economics, our investments on the ecosystem. On demand gen, we're absolutely very, very scientific around investment to dollar again to cost, okay? And we're not going to sway off with that. I think to clarify, the down-market velocities come in at us and if it's coming at you, naturally, the unit economics are going to be pretty good because the investments you're making with the surrounding ecosystem don't have to be made. This is also where I think Chris and team are going to start really pumping out the low-touch, no-touch demand gen. The channel is already doing it. So what I'm saying to you is we're not going to forget who we are and where we operate and where the biggest TAM is and where the biggest attach rates are for upsell, cross-sell. And we've built an infrastructure to really accelerate into it. At the enterprise level, as I alluded to, the sales cycles are shorter. And the teams across enterprise, they're smaller for our customers. That's your less expertise sitting in-house. And hence, they need a true automated cloud-native solution to eliminate the human capital that they would need to have to either deploy or manage legacy infrastructure. So that velocity is starting to come at us because they're pivoting and saying, I need 30 people's worth of work, and I only have 10 people, right? So we're going to continue taking advantage. We're going to leverage channel. We're going to leverage demand gen via marketing. We're not going to go after with calories that should be expanded upstream. But we're building out the disty models. We're building out additional partner models. We're building out additional demand gen campaigns via web and other strategies. So it is a natural progression into those markets with low-touch to no-touch. While grooming the next batch of salespeople that we can then productively elevate up into higher quota-carrying positions. So we're quite methodical about how we're looking at this. So we don't sacrifice velocity for gross margins.

Next question will come from Andrew Nowinski at D.A. Davidson. Andrew?

Great. A really nice event today. Maybe if you could just start with a quick clarification. You guided $608 million to $612 million for fiscal '21. I'm wondering now as you've done the bottoms-up analysis on the workload protection segment, what percentage of revenue do you guys assume from that guidance is going to come from workload protection?

Not much. Not much. And again, it's relatable, right? So it's just new and upsell business, mid-single-digit for all our new products. It's just not going to be significant. But what we're seeing, we're seeing a lot of interest. And so it's positive. It's very positive, but I wouldn't expect much this year.

I think if I may add, if you look at the history of ZPA, there's so many skeptics at ZPA 3, 4 years ago. Will it now? All right. It took at -- took time. We went from 0 to about 3% or 4% of new ACV to 10 to 116 to 28. We think that this new area has a potential to really do that kind of stuff. We're not trying to forecast. But we have done it once, and we think we can do it over and over.

Makes sense. And then just given your discussions that you've probably had with CIOs. Have they reprioritized their spending for 2021? Versus maybe their original plans that they had that they were thinking about at the start of the budget planning cycle in early December following the SolarWinds attack. And if so, whatever they told you that they're going to focus or try to reprioritize their spending on this year to avoid becoming the next victim?

Absolutely. SolarWinds has shaken up, lots of CROs and CECL. I mean it has bigger impact than probably the past [indiscernible] minute. When Equifax happen, we kind of said it is 10. Now everyone thinks that is it me or not? And you really think about how do you fix it. Everyone tries to claim that they can do the pieces out there outing. And there's no 1 piece, there are multiple pieces. But I think I am surprised and happy to see that not only CECL, but CIOs are actually talking about zero trust implementation. They do understand that putting people on the network is not a good thing. And discussions with us on zero trust implementations have picked up much faster than they were before.

We'll take two more questions. Next question from Fatima Boolani at UBS. Fatima?

Dali or Chris, I'll do a jump ball for you. As I think about the distribution strategy and the product and packaging strategy that you have in place for both ZIA and ZPA and now ZCP. I'm wondering what the thought process has been around continuing to keep a discrete set of capabilities as add-on functions. So I think Remo alluded to sort of a bucket of $35 per user in terms of being able to sell CASB and browser ISO and DLP. So I'm curious what the thought process and strategy is in keeping those discrete, and why not roll them into the rest of the portfolio and just make it more elegant for customers to adopt in a bigger and more comprehensive way? And then I have a follow-up for Remo, if I may.

It's a bundling question, maybe I can start with. And Dali, you can add to it. The question is what we bundle and what we don't bundle and how do we change bundles, right? Our fundamental principle is when we bundle things together, it gets easier to sell. But there must be a broader demand for most of the products you put in that bundle. So we learn, we go along and say what bundle needs to be. You've seen us evolve our bundles. Business bundle used to be the bundle. Transformation bundle didn't exist, and we wanted to wait till we knew there's enough demand for cloud firewall, cloud sandboxing to be really put in the budget. So that's how those things are. And now you see our transformation bundle has become the biggest one. We are clearly watching the market demand for data protection in CASB, which is a bundle by itself. Data protection is not 1 product. It's our DLP, with advanced DLP for the exact data that, it's browser isolation, it's CASB. It's a pretty hefty bundle. We have taken and added a number of DLP margins in our business bundle and transformation bundle. They're not advanced features, but they get to started with that. So as time matures, you can expect us to keep on adding and changing bundles. We have been changing over time. And I don't think I can say when we're going to make the change in the data protection level. But we are watching and monitoring to see when things become the next bundle. And that's not just for this area. We look at the same way, the cloud protection, ZP and the like.

Yes. Let me expand on what Jay said, and let me expand specifically on what watching and monitoring means. If you go back to the go-to-market model and how I laid it out and our really close engagement in alignment with customers. The fact that we do architecture workshops, the fact that we map out the different phases for their transformation. And the fact that we realize consistent patterns for customers, by verticals and that we recognize those and we take that back internal. So we're basically having customers and their natural tendencies guide how we construct these bundles. And what we're seeing to Jay's point is the more customers are committing to the greater bundles upfront because they're being pushed to go faster, right? So easy acquisition is important. That was a good question. And less complex acquisition, and hence, also deployment is important. But what we are doing, even if we're bundling it, we're still keeping the value identification, quantification and realization for each work stream separate on a use case basis because that is how you get to articulate and explain to customers why one looks alike from competitors is nowhere close to a like. So I'm going to use the word again, and I think I've used a couple of times. We're very intentional even about how we bundle based on how we engage and based on what customers are telling us they want to do as far as steps and speed of those steps.

Got it. Remo, just a quick one for you. I know historically, you've kind of given us some color around your end-market exposure. It's certainly been a very interesting 12 months with respect to what end markets have been under duress and experiencing a ton of economic malaise. And so on the back of the Sunburst incident, certainly the U.S. public sector is in everyone's consciousness, and you've invested a lot around the U.S. public sector opportunity. So I'm wondering if you can just give us an update on sort of where you're tracking and how these recent events maybe change and significantly improve your position in the federal government where there's been fixed starts of overall cloud adoption?

I'll let Jay talk more broadly. But specifically, we were like mid-single digits of our new and upsell for federal in Q1, which we're happy with the progress that we're making. Related to recently, maybe if Jay can give more color on the federal market?

Yes. It's consistent with what we have said, getting into federal market, requires all the certification where it's taken 2, 3 years for us to get there. Now we have some most unique certifications. We have built a sizable team. Our pipeline is growing at a very good pace. So we expect federal to become a significant part of our overall new business. And terms of numbers at all, I think Remo basically leaves at our level and say, we are bullish in the saving in the market without giving you any quantification of it. In the current market, again, we see adoption of zero trust getting faster than it was a year ago, even in the public market sector because it gets viewed as one of the things you could do. You could do X things or SolarWinds. With zero trust where things can have actual movement to hurt the whole thing becomes one of the most important items.

Our next question is from Joshua Tilton at Berenberg. Joshua?

Okay. Can you hear me?

Yes.

So you guys gave disclosure, ZIA, ZPA and ZDX, that's fully loaded price per user is about $1.45. How should we think about what the ARPU is today? And how do we think about maybe the time frame and what's necessary from an investment perspective in order to see that ARPU move closer to the $1.45 number?

Yes. I mean, currently, it's about in the high 20s. So -- and the reason for that is CDX is new. And ZPA is 13% of our business. The ZIA add-ons are relatively new too. What time frame is it going to get there? No. Not sure. I mean -- but we are in the high 20s currently.

I think the ARPU is high 20s, but if you look at the deals we are closing or ZIA, ZPA, and all that stuff. The numbers we use in the competition are based on real deals we are doing. So we have been getting far better value. And it's for 2 reasons; one, obviously, when you do value-based selling, you realize better value; number two, also with all the product portfolio on, when those have also been growing as compared to what they used to be. So there's more functionality in it. When you're selling more transformation bundle, obviously, your price will go up as compared to if you're selling a business bundle and the like.

Yes. No, that was very helpful. I guess, I also just wanted to touch on some of the go-to-market commentary from today. When we think about all the strong performance that we've seen over the last few quarters, how should we think about how much of the success is a function of all the improvements that we've seen in the go-to-market versus just there so much market coming to you and it's just not necessary to educate the customer as much as it used to be because of work from anywhere.

Yes. Let me answer that in a couple of different ways. What the macro environment did for us, it removed the throttle limiter, right? And the throttle limiter was needing to be evangelical because everybody was hanging on to yesterday's plans and strategies. That's all great. But if you don't have the engine in place to take advantage than I'll sale by you. 2/3 of our team is still ramping, okay? And we're doing what we're doing. So more meetings. Pipeline is strong. It's a distributor across the geos. We're seeing strong partner participation. So velocity is great. But if you don't want to have -- think of it in this term, how many paths to revenue do you have? And what's your excellence in making sure you take advantage of each and every one of those paths? Who we were 12 months ago in the past that we could take advantage of versus who we are today and the path to revenue we can take advantage of are 2 separate entities? So you could call it the meaning of 2 different things at the same time at the right time, which is actually three, a platform that was purpose-built and ahead of its time, a market that made people realize yesterday does not work tomorrow, and a go-to-market engine that said, we'll educate you, we'll guide you, and we'll do it across many different dimensions so that we can go as fast as we can. So it was really a combination of all of these coming together. So it's a fair question, but think of it across multiple dimensions that aligned based on how we steer them.

Yes. I wanted to add, I would say, having a highly scalable go-to-market machine. When you're dealing with hundreds of millions of dollars trying to grow at a very rapid pace. That machine plays an extremely important role.

Yes, we'll take one last question, and that will come from Patrick Colville at Deutsche Bank.

Thank you very much for hosting us today. It's been very helpful. I wish you guys have given us a long time revenue guide, but Remo maybe, next Christmas. That will be the presents. So the public cloud security space is pretty competitive. In CSPM, there are 30 vendors out there. So can you just kind of give us the pitch as to what is Zscaler's competitive advantage in this very competitive space?

Good question. So that's why we don't look at cloud protection as 1 space. We look at 3 clean segments. Yes, CSPM is 1 market. We call it workload communication where each workload, no matter where they are, could talk to each other, East, West, wherever data center. And the third one is micro segmentation. Overall, when it comes to -- CSPM is somewhat like [indiscernible] market. You really [indiscernible], and you figure out, are you really doing a great job against 10 standards, 15 and what not. So I don't think anyone will have an architectural advantage in CSPM because you go against the same kind of APIs. So having good reporting, good functionality is needed. If you ask me, the biggest advantage we have in number two and three. Workload communication we talk to you, is an amazing advantage. It's like zinc for us. Is there market competitive? I don't think so because I talked to hundreds of customers who are looking and waiting for our cloud connector to be able to deliver communication. That market is here and it's now. Micro segmentation, as I said before, will take some time. It's a little bit early stage. You'll need some education and whatnot. We have differentiation there. It will need some education. But if you look at the 3 segments, CSPM will be probably not be as differentiated for any vendor, the other 2 very distinct advantage because of the architect.

Can I just add to that, Jay, real quick? So Patrick, if you look at our go-to-market engine, it's geared around selling platform enterprise value. So there can be 70 solutions out there or 90. That's not appealing. What's appealing is selecting 1 partner that can help you end-to-end across really all of your needs. If we look at how we go to market, it's platform centric, across different phases as we mapped out. And right now the conversations we're having with CXOs is around tools consolidation, around simplification, around agility. Not around needing to glue together multiple different solutions. That's where we're sitting. That's what we've built to take advantage of, not just platform, but also go-to-market wise. So we recognize there's a lot of competition there, but we also recognize what our unique value proposition is, and it's resonating.

Okay. And in terms of the licensing for this -- I mean I appreciate it's very early. But do customers typically license the workload protection suite for all their workloads in that public cloud environments. So they typically start in a specific domain or a specific vendor, AWS versus Azure? And then move across, just help me understand how the customer journey has worked so far, just so we can kind of conceptualize it better.

Amit, do you want to take that?

Yes. It boils down to what the critical assets for the customers are, right? They might have started their journey with AWS, and they want to do some basic posture management. And then the next step is you want to secure Internet communication for workload. Maybe the next step is, I have my front end in AWS, but my back end is still sitting in my data center, how do these two workloads talk to each other, right? So it boils down to specifically what the customer use case is. It's not -- you don't need to boil the ocean in 1 shot. You identify critical applications, critical assets and then you start rolling it out. CSPM, for example, maybe you start with your production workloads in GCP. Maybe your developer workloads show up later on, right? So it's a step-by-step journey. It starts off with identifying critical apps, what they need to communicate to and then bringing in the Zero Trust Exchange concept that we've successfully deployed for the users to these workloads that need to talk to each other.

And I'm going to add to again-- sorry, Jay, I'm going to add to again, Patrick, we've built a model that allows us to land and expand. We can go bigger; we can go smaller. It doesn't matter. So we're not going to be stifled by however, companies want to buy because the model is there to receive it and drive it from a velocity standpoint.

Yes. I just think to say that cloud protection may look like a competitive market because you hear so much about it. It is in an early stage. It's like a cottage industry. People are trying to figure out which of these solutions work, which of these solutions don't work. And that's, we are excited about disrupting. And most of the stuff that's being done out there is pretty traditional in legacy.

Okay. Well, thank you. That's all of our questions. I want to thank everyone for your interest in Zscaler. As I mentioned, today's presentation is now available on our IR website. We'll also make the replay available later on today. If you still have any questions or we didn't get to your Q&A and your chatbox, I am available at [email protected]. We will speak with you soon.