Earnings Call Transcript
Zscaler, Inc. (ZS)
Earnings Call Transcript - ZS Q3 2021
Operator, Operator
Good day, ladies and gentlemen, and thank you for standing by. Welcome to the Zscaler Third Quarter 2021 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, there will be a question-and-answer session. As a reminder, this conference call is being recorded. At this time, I would like to turn the conference over to Mr. Bill Choi, Senior Vice President, Investor Relations and Strategic Finance. Mr. Choi, you may begin.
Bill Choi, Senior Vice President, Investor Relations and Strategic Finance
Today’s conversation will focus on an adjusted non-GAAP basis, with a reconciliation of GAAP to non-GAAP financial measures available in our earnings release. I want to emphasize that this discussion will include forward-looking statements regarding expected future revenue, market share, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring, remaining performance obligations, income taxes, and earnings per share. These statements are not a guarantee of future performance but are subject to risks and uncertainties, including but not limited to the duration and impact of COVID-19, the global economy, market adoption of our products, the effects of any past or future acquisitions, and the development of our competitive markets. These forward-looking statements reflect our views as of today and should not be relied upon for future insight. We have no obligation to update these statements following this call. For a detailed discussion of the risks and uncertainties, please refer to our SEC filings and today’s earnings release. We will upload our prepared remarks to our Investor Relations website when we begin the Q&A portion of the call. Additionally, management will be participating in several upcoming virtual events including the JPMorgan Technology, Media and Communications Conference tomorrow, the Bernstein Strategic Decisions Conference on June 4, the Bank of America Global Technology Conference on June 8, the Baird Global Consumer Technology & Services Conference on June 10, and the Mizuho Cybersecurity Summit on June 15. Webcast sessions will be accessible on our Investor Relations website. Finally, we invite you to Zenith Live 2021, our Virtual Customer and Partner Cloud Summit, which will take place from June 15 through June 17 for the Americas and EMEA, and from June 22 through June 23 for APJ. We encourage everyone to register and participate through our website, zscaler.com/zenithlive. Now, I’ll hand the call over to Jay.
Jay Chaudhry, CEO
Thank you, Bill. As highlighted in our earnings release, we achieved exceptional results for the third quarter, showcasing accelerated growth while boosting the adoption of our comprehensive platform. We experienced a 60% increase in revenue and a 71% rise in billings. Our operating profits also saw robust growth, leading to record free cash flow. Companies are turning to Zscaler to secure their digital transformation and adapt to the work-from-anywhere model, which we see as the new norm. Our performance surpassed our expectations, prompting us to raise our guidance for fiscal ‘21. Our business is thriving across all areas. Our advanced architecture and refined go-to-market strategy set us apart from the competition. Our Zero Trust Exchange platform uniquely connects users, devices, and applications, moving away from traditional firewall-based security models. This platform inhibits lateral threat movements and minimizes attack surfaces by rendering applications invisible online, thereby decreasing business risk. Additionally, our proxy architecture, which inspects SSL-encrypted traffic, effectively blocks complex threats and protects sensitive data. As ransomware and other cyber threats become more prevalent, security leaders are turning to Zscaler to enhance their security measures while lowering legacy IT expenses. As I’ve mentioned before, the right architecture is crucial. From the outset, Zscaler designed a high-performance, multi-tenant proxy architecture, unlike many vendors attempting to adapt outdated solutions, which fail to meet modern needs. Built to enforce policy at the edge in line with SASE frameworks, we operate across 150 data centers with high availability. We process over 160 billion transactions daily, preventing up to 7 billion security incidents and policy breaches. This extensive network effect enhances both security and user experience. I want to emphasize three key drivers of our strong performance this quarter. First, we achieved a record number of seven-figure annual contract value deals across various industries by leveraging our strengths with large enterprises. Most of these agreements are three-year commitments, establishing a robust foundation for our clients' transformation in terms of applications, networks, and security. Second, a growing proportion of our revenue is stemming from comprehensive platform purchases by both new and existing clients. Our strong upsell performance contributed to a dollar-based net retention rate of 126% this quarter. Emerging solutions like out-of-band CASB, Zscaler Digital Experience (ZDX), and Zscaler Cloud Protection (ZCP) are increasingly driving our success. The extensive capabilities of our platform resonate with clients, and I believe Zscaler is becoming the preferred choice for vendor consolidation, cost savings, user productivity, and improved cybersecurity. Third, our strategic decision to enhance investments in go-to-market strategies from last year is yielding tremendous outcomes. I am very satisfied with our performance and the momentum we are witnessing across all regions, market segments, and products. Earlier this year, we increased our investment in the Enterprise segment, which focuses on organizations with 2,000 to 6,000 employees. This quarter, we observed a higher volume of new business from this segment. Now, let me outline significant wins this quarter, starting with ZIA. Due to the pandemic, a Global 500 technology company in Asia was routing Internet traffic from employees working remotely over VPN through their corporate data center. This led to a poor experience with SaaS applications like Office 365 and overwhelmed their security systems. In support of their workplace modernization for 80,000 employees, the customer purchased ZIA Transformation Edition, including SSL inspection, cloud firewall, sandboxing, and ZDX. ZDX enhances productivity by identifying and resolving user performance issues in real-time over the entire cloud network before receiving any complaints. In another new logo win, a global business services company dealing with work-from-anywhere challenges acquired our Business Edition along with cloud firewall, CASB, DLP, and ZDX for all 46,000 employees to access SaaS applications directly, thereby minimizing business risk and improving user experience. They also replaced their legacy VPN with ZPA to offer zero-trust access to private applications for their 29,000 call center staff. By purchasing three out of our four platform pillars, this customer is accelerating their digital transformation from a five-year goal to a six-month realization. Next, I’d like to share two significant deals showcasing our momentum in the financial services sector and our growing success with technology partners. A leading global investment bank is adopting a zero-trust strategy by revamping its security architecture for the modern, hybrid work environment. They acquired our ZIA Business Edition along with DLP, Cloud Sandbox, and ZDX for 50,000 users. Given the critical security requirements, only a proxy architecture with widespread SSL inspection was viable. Our proven history of delivering a large, reliable inline security cloud established us as the premier choice. Leveraging our platform’s breadth, this client also initiated limited deployments of additional features, including browser isolation, CASB, workload segmentation, and ZPA. This deal exemplifies the effective collaboration between Zscaler and our tech partner CrowdStrike. In another financial services success, a multinational firm embracing cloud transformation purchased the entire ZIA portfolio, including CASB, advanced DLP, and CSPM for Microsoft Office 365, along with ZDX for 30,000 employees. Similar to the previous instance, they solely considered a proxy architecture, disqualifying firewall solutions. Their Zscaler platform investment consolidated four vendors, streamlined their operations, and reduced IT expenses, showcasing effective field sales engagement with Microsoft as an essential partner. These new customer successes highlight the increasing demand for our data protection products, such as DLP, out-of-band CASB, browser isolation, and CSPM for SaaS. Now, I want to discuss an upsell deal motivated primarily by enhancing data protection. An existing Global 200 pharmaceutical customer, based in Europe, acquired CASB, advanced DLP, and Sandbox for all 79,000 employees to strengthen their security measures. We replaced the incumbent out-of-band CASB point product, a trend gaining momentum as customers converge on Zscaler's integrated platform. Moreover, to access private applications, they purchased 3,000 ZPA seats as a first step in phasing out their legacy VPN. This latest acquisition constituted a seven-figure annual contract value deal, effectively doubling the customer's ARR. As we anticipate a post-pandemic landscape where employees may unknowingly bring infected laptops back to the office, organizations require a true zero-trust platform to eradicate the risk of lateral threat movement. Furthermore, we’re witnessing a resurgence of SD-WAN initiatives, as firms transition to direct-to-cloud architectures from traditional hub-and-spoke setups and outdated security models. This quarter, an existing Global 200 manufacturing client based in Europe upgraded their subscription for 120,000 users from the Business to the Transformation bundle to secure local breakouts at their 1,000 global locations, some integrating SD-WAN and others not. The Transformation bundle incorporated Cloud Sandbox and cloud firewall, effectively doubling this customer’s ARR. Lastly, I want to highlight an upsell achievement with a global pharmaceutical company that previously acquired the Transformation bundle and ZPA for 15,000 users. Their SD-WAN project was delayed last year; however, they are now accelerating their network and application transformation with a five-year commitment to Zscaler. This quarter, they expanded their acquisition by adding 50,000 ZIA and ZPA seats to cover all 65,000 employees, along with DLP for the entire user base. Additionally, they acquired our new ZPA Private Service Edge to facilitate zero-trust access for employees returning to the office, demonstrating that customers are implementing ZPA for all staff, not just remote workers. Beyond our continued success in user protection, our next significant opportunity lies in safeguarding workloads through Zscaler Cloud Protection. We are rapidly broadening our ZCP portfolio through organic development and targeted acquisitions. Recently, we announced the acquisition of Trustdome, a prominent provider of Cloud Infrastructure and Entitlement Management (CIEM), to enhance our CSPM solution. When integrated effectively, CIEM and CSPM can connect identity information with configuration data and enforce least-privileged access within cloud environments, thereby minimizing business risk. This expansion further broadens our workload security market opportunity. Additionally, we announced a definitive agreement to acquire Smokescreen Technologies, equipping us with deception technologies to identify active attacks and lateral threat movements. We plan to integrate Smokescreen's capabilities with our ZIA and ZPA solutions to strengthen our active defense functionalities. More details on these solutions will be discussed during our Zenith Live Cloud Summit next month. Moving ahead, we aim to accelerate the adoption of our four core platform pillars, which collectively optimize the success of digital transformation. Our foundational ZIA and ZPA businesses are stronger than ever, and we are enthusiastic about the early momentum of ZDX and ZCP, which are the next growth drivers for the company. I want to emphasize three points regarding our expanding go-to-market strategy, which is scaling effectively. Our field organization continues to grow and perform excellently. Regarding our partnerships, as mentioned in our deal wins, we have established and are strengthening technology alliances. Alongside product integrations, we are expanding our go-to-market collaboration with CrowdStrike, who also became a customer this quarter. I am pleased that Zscaler was named the Zero Trust Champion at Microsoft's 20/20 Partner Awards. To further enhance our technology relationships, we’ve recently partnered with IBM to incorporate Zscaler services into their zero-trust security offerings. This collaboration involves integrating with their identity, MDM, and SIEM solutions, along with joint go-to-market efforts. On the channel front, we are enhancing our Summit Partner program and integrating VARs that are developing cloud transformation capabilities. Our relationships with service providers remain robust, and we are fostering joint engagements with system integrators. In terms of marketing, we are actively investing in thought leadership for zero-trust security and expanding our demand generation initiatives. In conclusion, we are making substantial strides across all three domains: sales organization, marketing, and channel partners, consistently delivering impressive results quarter after quarter. I believe we are well-positioned to capture a significant share of our $72 billion serviceable market. Now, I’d like to pass the call to Remo for our financial results.
Remo Canessa, CFO
Thank you, Jay. As Jay mentioned, we are pleased with the results for the third quarter of 2021. Revenue for the quarter was $176.4 million, up 12% sequentially and 60% year-over-year. ZPA product revenue was 16% of total revenue. From a geographic perspective, we had broad strength across our three major regions: Americas represented 51% of revenue, EMEA was 38% and APJ was 11%. Turning to calculated billings, which we define as the change in deferred revenue for the quarter plus total revenue recognized in that quarter. Billings grew 71% year-over-year to $225 million, with billing duration towards the upper-end of our 10 to 14 months range. We had several customers choosing to pay upfront for their multi-year contracts. As a reminder, our contract terms are typically one to three years and we do not offer any special incentives for upfront payments. With that in mind, we are also pleased that short-term billings, which are calculated based on the change in short-term deferred revenue plus reported revenue for the period, grew 61% over the prior year. Remaining performance obligations, or RPO, which represent our total committed non-cancelable future revenue, were $1.2 billion as of April 30th. RPO grew 85% from one year ago. The current RPO is 51% of the total RPO. Our strong customer retention and ability to upsell the broader platform have resulted in a consistently high dollar-based net retention rate, which was 126% compared to 127% last quarter and 119% a year ago. As we have highlighted, this metric will vary quarter-to-quarter. While good for our business, our increased success selling bigger bundles and selling multiple-pillars from the start and faster upsells within a year can reduce our dollar-based net retention rate in the future. Considering these factors, we feel that 126% is outstanding. Total gross margin of 81% was flat quarter-over-quarter and improved by 1 percentage point year over year. As a reminder, gross margins in the second half of last fiscal year were pressured by the augmented use of public cloud to meet the 10x surge in ZPA traffic as pandemic lockdowns began. Turning to operating expenses. Our total operating expenses increased 6% sequentially and 53% year-over-year to $119.7 million. Operating expenses as a percentage of revenue declined by 3 percentage points from 71% a year ago to 68% in the quarter primarily due to lower T&E, which was partially offset by increased hiring and M&A expenses. Sales and marketing expense increased 6% sequentially and 56% year-over-year to $80.9 million. The year-over-year increase was due to higher compensation expenses and investments in building our teams and go-to-market initiatives. R&D expenses increased 8% sequentially and 55% year-over-year to $25.9 million. The increase is primarily due to continued investments in our engineering teams. G&A expenses increased 4% sequentially and 33% year-over-year to $12.9 million. The growth in G&A includes investments in building our teams, compensation-related expenses and professional fees. Our third quarter operating margin was 13% compared to 9% in the same quarter last year, and T&E spending had a positive 270 basis point benefit. Operating margin was better than our guidance range due to stronger than expected performance in the business and due to the timing of certain sales and marketing spend. Net income in the quarter was $21.4 million or a non-GAAP earnings per share of $0.15. We ended the quarter with over $1.4 billion in cash, cash equivalents, and short-term investments. Free cash flow was positive $56 million in the quarter, which compares to $9 million during the same quarter last year. The increase was driven by our strong billings growth, receivables collection and operating performance. Now, moving to guidance. As a reminder, these numbers are all non-GAAP which excludes stock-based compensation expenses and related payroll taxes, amortization of debt discount, amortization of intangible assets and any associated tax effects. For the fourth quarter of fiscal 2021, we expect revenue in the range of $185 million to $187 million, reflecting a year-over-year growth of 47% to 49%; gross margins of 79%. I would like to remind investors that a number of our emerging products, including ZDX, Workload Segmentation and CSPM, will initially have lower gross margins than our core products. We are currently managing the emerging products for time-to-market and growth, not optimizing them for gross margins. With this in mind, we believe 79% to 80% is a good range for us in the near-term; operating profit in the range of $13.5 million to $14.5 million; other income of $300,000, net of interest payments on the senior convertible notes; income taxes of $1.7 million; earnings per share of $0.08 to $0.09, assuming approximately 146 million fully diluted shares. For the full-year fiscal 2021 we now expect revenue in the range of $660 million to $664 million or year-over-year growth of 53% to 54%; calculated billings in the range of $878 million to $880 million or year-over-year growth of approximately 60%; operating profit in the range of $71 million to $72 million; earnings per share of $0.47 assuming approximately 145 million fully diluted shares. The acquisitions of Trustdome and Smokescreen are expected to have an immaterial impact on revenue in Q4 and in fiscal 2022, as they are early stage companies. Our plan is to further develop these products and incorporate their technologies into our platform. We expect to incur $2.5 million to $3.0 million in additional operating expenses in Q4 related to the acquisitions, including a new R&D center of excellence in Israel. This is incorporated into our Q4 guidance. For your modeling purposes, we expect to incur approximately $13 million to $15 million in operating expenses related to the acquisitions in fiscal 2022. With a huge market opportunity, we remain committed to investing aggressively in our company behind the growth in our business. We have a highly efficient business model and are making investments across the organization today in order to capitalize on the large opportunity ahead of us. While we will balance growth and profitability, growth will continue to take priority considering our strong business momentum.
Operator, Operator
You may now open the call for questions.
Alex Henderson, Analyst
First off, let me thank you for a superb quarter. Outstanding results. And the question I have is really on the sales capacity you've been adding over the last year. To what extent do you see that capacity now maturing in terms of its productivity? And how do you think about additional continuation of that incredibly successful program?
Jay Chaudhry, CEO
Alex, thank you. As you know, we have been adding and rather accelerating sales capacity. We are pleased with performance, and we are counting on it to deliver us accelerating growth. Remo, do you want to give a better color to it?
Remo Canessa, CFO
Yes. Majority of our field sales reps are still ramping. So a significant portion of our organization is still in ramp phase. The key thing that we brought up in the past is that we are aggressively hiring. And we had a good quarter of hiring in Q3. We're expecting to have a very good quarter in Q4. So our plans, as Jay talked about in the earnings call, is that the market is really strong. It's moving to us. All indications are that we're in a great position. So we're going to continue to aggressively hire and really go after the growth of the Zscaler going forward.
Jay Chaudhry, CEO
And if I may add one more statement. One, it's a competitive market for talent. Zscaler has become a top destination for top talent. So we're able to attract good talent and grow our sales team stronger.
Matt Hedberg, Analyst
Jay, there's obviously a lot of success you're seeing in the enterprise on upsell and large deals. I had a question on the federal or, I guess, public sector market. Obviously, the Colonial Pipeline attack highlighted the risk here that some utilities are at. Just can you talk to us about how you think about Zero Trust architecture could benefit the public sector? And might that be an accelerant as we look forward for the next year or 2?
Jay Chaudhry, CEO
I think we have been hearing enterprises talk about Zero Trust more and more for the last 12 to 18 months, especially after some of the SolarWinds type of attacks. This is a bigger theme. But now, it's good to see that the federal government is waking up and saying they need to do something. It's good to see a very clear directive coming from the Biden administration, which highlights a need for Zero Trust. And by the way, I must say that many vendors are trying to hijack upon Zero Trust, but Zero Trust as written by the EU based on the MIJST research paper, it is not done by firewall. It is connecting entities to entities without a pass-through connection, and we believe we'll have a big advantage of it. We started investing in federal space about 3 years ago, had to go through a lengthy process of certifications of FedRAMP and the like. We are very well certified. We started investing in sales organization about 2 years ago, have a strong team, a strong and growing pipeline. So federal business seems great. And the second part of your question is actually public sector, which is the non-federal part, which is state, local and education stuff. We are doing in that part very well as well.
Remo Canessa, CFO
No, I think, Jay, you hit it. I mean the key thing is that we've invested significantly in federal. As Jay talked about, the FedRAMP certifications. FedRAMP High for ZPA. And also, we are moving towards FedRAMP High for ZIA, which puts us in a completely different position than other companies. In addition, I think one of the strengths is that we've been able to build the sales organization at the organization very strongly and partners in federal. So I feel we're well-positioned in the federal market going forward.
Greg Moskowitz, Analyst
Okay. Congratulations on a phenomenal quarter. Jay, maybe to follow up a bit on the last question, and you sort of touched on this a little bit, but from what you're able to gather, have the recent high-profile breaches dating back to SolarWinds that include the Colonial Pipeline attack, have they had any discernible impact on your pipeline? So again, we hear the anecdotes, much like you do. I'm just kind of curious if there's anything that is able to translate to some extent from what you're able to tell?
Jay Chaudhry, CEO
So first of all, the number of inbound engagement from not just CIO and CISOs, and in many instances, the Board has stepped up. So it's clear that there's a high degree of interest in making sure that companies are secured. That's point number one. Point number two, when those levels of C-level get engaged, the budgets open up, they become less of an issue. When you're dealing with the CIO, whose budget is hundreds of millions of dollars, to get a few million dollar deal for us generally becomes a lot easier. So we are seeing tremendous interest. Our customers having discussions that they need to do Zero Trust implementation because of security factors, including Colonials and SolarWinds? Yes. Can I quantify what part of business and pipeline? Probably I'll be guesstimating too much. So I'll leave it open to say, a positive impact, but hard to quantify.
Gray Powell, Analyst
You mentioned that you increased investment in the mid-market or mid-enterprise segment, particularly among companies with 2,000 to 6,000 employees, which contributed a greater share this quarter. Can you provide a rough estimate of how much this segment is contributing to the overall growth? Additionally, how should we consider the potential contributions from this segment over the next 6 to 12 months?
Remo Canessa, CFO
Yes, for clarification, the Enterprise segment includes companies with 2,000 to 6,000 employees, and it is our fastest-growing segment. On a quarter-over-quarter basis, new and upsell business growth has been a couple of percentage points. This reflects the positive impact of our investments in the Summit Program, which is primarily aimed at bars and VARs. We are seeing strong growth in this area and are pleased with the results. As mentioned, it is our fastest-growing segment among majors, large enterprise, enterprise, and commercial, making it the largest in terms of growth assets.
Jay Chaudhry, CEO
Yes. If I may add, it was natural for us to expand into enterprise. We started from the high end, having a strong presence in majors and large enterprises. It's a natural part for us, and we are pleased to see the performance. In this area, we have been adding quite a bit of sales force in this area and partner program together is delivering good results.
Mike Walkley, Analyst
Just wanted to dig in on the comments on ZPA, about it's going to all users, not just remote. Any way to size the opportunity of further penetration within your customer base? And just thinking about ZPA with it taking off with the pandemic, any thoughts on longer-term modeling, giving potential tougher comps even though the pipeline sounds strong?
Jay Chaudhry, CEO
So first of all, from day one, our belief was that ZPA was never designed for remote access VPN only. It was designed as a Zero Trust architecture implementation. No matter where the users are, they go through our switchboard, so they never on the corporate network. And when the pandemic happened, since everyone was remote, ZPA actually got bought for almost every employee of most of the companies, that was a big shift we saw. Previously, companies would buy ZPA for 20%, 30%, 40%, 50%, 60% of the employees. But we knew the number will get to 100%. As employees are coming back to the office, customers are worried about these people bringing their infected machines back to the office, so they want to do Zero Trust even when they're in the office. For that, they want to go through our Zero Trust Exchange. In fact, for that, we built another service, we call it Private Service Edge. Imagine a private switchboard running in your data center to implement Zero Trust for on-prem users, which is actually a great opportunity further giving customer segmentations for the applications, which is what customers are looking for. I think it's a matter of time. Every employee of our customers will have ZIA, ZPA and actual ZDX as well. Because while ZIA and ZPA allow you to work anywhere and access any applications, ZDX makes sure users have a great experience and the issues can be easily solved.
Remo Canessa, CFO
Yes. Regarding our ZT customers, just over 40% have ZPA. This presents a significant opportunity for us to upsell to our existing ZIA customers.
Andrew Nowinski, Analyst
I have a question regarding the CrowdStrike win. There's a lot of discussion about the necessity of endpoint security and EDR technology to prevent breaches like the Colonial Pipeline incident. Since CrowdStrike emphasizes their capability to stop such breaches, I'm curious about why they would require Zscaler. Could you provide additional insights on what they are implementing and how they utilize Zscaler? Also, do you believe other enterprises might adopt a similar approach and use both CrowdStrike and Zscaler together?
Jay Chaudhry, CEO
We have not encountered a major enterprise that does not recognize the importance of a solid security strategy. Endpoint security acts as a vital layer, while cloud security provides an additional level of protection. This is a common approach for our customers. Consequently, it is natural for customers to choose CrowdStrike for endpoint security and Zscaler for cloud security. What is particularly valuable for customers is the ability of these two solutions to work in harmony through effective API-based integration. Over the past 12 to 18 months, we have made significant progress on this product integration, and it continues to evolve, allowing us to assist each other and provide additional benefits to our customers. Our joint sales efforts in the field highlight how our teams collaborate, showcasing a mutually beneficial partnership for both CrowdStrike and Zscaler. Did I address your question?
Keith Bachman, Analyst
Jay, I wanted to see if you could give some more color around both ZCP and ZDX. And the question really is, any comments or color on attach rates? How much are they contributing? Where the wins are? Any more color, so we could get a sense about how much those assets, new solutions rather contribute today? And how you see that unfolding over the next 12 months?
Jay Chaudhry, CEO
Yes. Thank you. I'll start with the strategic positioning, and Remo can add on the point side of it. As you know, ZCP, cloud protection is a massive opportunity for protecting workloads. There are a couple of areas there. One big one is communication among workloads, which has traditionally done the old school way by connecting various workloads and availability zones with a wide area network, site-to-site VPN and the like, which creates big risks because of lateral movement. So with workload segmentation, we have implemented a zero trust architecture which will disrupt legacy network-based security for workloads just like with direct users with ZIA and ZPA. That's one part of it. And obviously, it's easy for us to start with our own customers, and that's a large customer base, and that's where early traction is. And then on the second side is the security posture type of stuff. This is where some of offering is cloud security, posture management, CSPM and Trustdome acquisition combined give us a strong offering. We are bullish about the ZCP market, which is nascent, but it's growing rapidly. The ZDX part is very interesting. This is complementing ZIA and ZPA to identify and resolve any user performance issues. So this is a natural add on to any ZIA and ZPA sales. Normally we used to sell ZIA only. Then we started selling ZIA and ZPA together. More and more deals are with ZIA, ZPA and ZDX together, which makes a natural bundle for our customers to enable their employees to work here and have a great experience. Remo color on...
Remo Canessa, CFO
Yes. I mean, just from a numbers perspective, we still expect the contribution for new and upsell for ZCP and ZDX to be mid-single-digits this year. As Jay mentioned, the reception of both products has been high, and we feel good about those products going forward. But think about the contribution this year for new and upsell in that mid-single-digit range.
Patrick Colville, Analyst
So just on the math, CRPO billings, if I'm not mistaken, rose 85% this quarter, which looking at the disclosure since you guys have been kind of giving RPO and CRPO seems to be the kind of highest growth rate ever. So hugely impressive. What are you guys seeing to kind of have this real acceleration this quarter, what are the kind of confidence and factors? And I guess kind of importantly, how sustainable are they as we look forward into the rest of calendar '21 and '22?
Remo Canessa, CFO
I'll address the first part and then have Jay provide additional details. You're correct, Patrick, the results are exceptional. The CRPO growth is 68% and RPO growth is 85%, which is remarkable. Coupled with our 71% growth in billings, this shows that things are progressing very well for us. The significant change we've noticed relates to the acceleration we discussed last year, where companies realized they needed to connect their employees to their networks and applications to conduct business effectively. This was evident last year with ZPA, which represented 43% of our new and upsell business. Consequently, it became clear that existing networks and infrastructure are inadequate for current needs. Our conversations with customers reveal this shift in recognition of their infrastructure's limitations. As a company, we have responded by broadening our platform, including enhancements like ZDX and workload protection. This expansion aligns with the need to transform networks, leading to larger deal sizes and more strategic partnerships. Zscaler has built credibility after being public for over three years, supported by a strong balance sheet and team. Crucially, Zscaler was designed for this environment over a decade ago. The growth in traffic we manage, combined with our impressive gross margins across more than 150 data centers and consistent SLAs, underscores Zscaler's robustness. This strength resonates in our interactions with customers. Jay?
Jay Chaudhry, CEO
I think you said it all, but accelerating digital transformation being one; expanded portfolio and platform being two; large, great sales force being three; and our brand and customer acquisition, all four are accelerating our sales.
Catharine Trebnick, Analyst
Can you unpack a little bit the Summit Program and how well you're doing there versus your sales through the service provider channel to give us a better idea where you're really seeing explosion in your opportunities?
Jay Chaudhry, CEO
Yes. Our service provider channel evolved fairly early on. As our customers want transformation and CIOs told SPs to work with us to make that happen. It's a strong channel. It's a growing channel. For us, it took time in the past couple of years, more and more of the VARs, they realized that the box sales are not going to last forever, so they are pivoting more. The ones who are pivoting to embrace cloud transformation services, they are our favorites. They're actually becoming part of our Summit Program. That's what the program was built for, and we have good participation in programs. And as a result of that, we're seeing the growth of VAR contribution to business growing at a faster rate.
Remo Canessa, CFO
From a numbers perspective, also, VARs as a percentage of our revenue is in the low 50% range. Service providers and SIs combined in the low 40%. And direct is mid-single-digits. The growth rate in SPs and SIs has been significant year-over-year also. So we've had significant growth in SPs, SIs on a year-over-year basis.
Saket Kalia, Analyst
Actually, maybe just to piggyback off that last question on channel. Maybe a little bit more of a strategic one for you, Jay. The service provider channel has been an area that these dealers worked with for years, as you noted, and it felt like this quarter, you're starting to see some other security vendors maybe start to work with them a little bit as well. I guess the question is, how are your conversations with those service providers? And how do you think that sort of plays out in the future as other security vendors maybe start to work with that channel as well on SASE specifically?
Jay Chaudhry, CEO
Yes. So first of all, as Remo said, our business, the SPs and SIs year-over-year is growing quite well. Think in terms of other firewall type of vendors, that's not new news. Service providers have been selling firewalls, have this stuff, especially for MSSP servers for years and years. So not a new area. Yes, adding the SD-WAN to those firewalls is probably a new area of we hear about. But most of that stuff has happened on the lower end. When you talk to larger enterprises, they actually engage with us and then partner together and drive the transformation. None of that has changed. On the lower end, probably this combination of some SD-WAN combined with firewalls, but we are bullish about the SP channel, SI channel as well as the VAR channel. In fact, our investments in channel are growing significantly because that's giving us more and more leverage, and we will continue to do so.
Tal Liani, Analyst
When I ask you why you are successful, the answer is always the same, so I'm not going to ask again. Instead, I want to discuss your current condition. You have maintained success for a long time, and we've observed new players entering the market. I'm curious about how the competitive landscape has changed. What do you see in competitive bids today compared to the past? How does the gap between you and your competitors look now? Please share any insights you have on the competitive landscape.
Jay Chaudhry, CEO
We ask this question to ourselves many, many times. We analyze it every quarter. Frankly, the truth is not a whole lot has changed on the competitive landscape. We’re hearing so much noise from firewall vendors and the like. Have we seen any change? On the larger segment, larger customers that we always talked about, haven’t seen change much at all. We have seen a few cases. And I mentioned a couple of them during our prepared remarks. We have firewall vendors trying to go in and compete but got disqualified because they don't have the architecture. Well, you could say that now, some of them are saying, yes, we have a proxy architecture. But announcing is one thing, building a scalable, reliable proxy that a larger enterprise would depend upon is a very different thing altogether. Having said that, when we come down to the lower end of the spectrum, say, under 5,000 users, so we do see some of them. Vendors where it's kind of less security savvy customers. But as we are engaging more and more in this space with our Enterprise segment, we do some of them. But once we engage, we are winning pretty handsomely. So very comfortable on the competitive front because customers are more and more actually on every segment looking for consolidation and simplification. So low-end players that are coming from point product and trying to expand, so to speak, don’t really make it well. Some of the bigger ones, our legacy vendors, the old story, our Zero Trust Exchange platform does much better because we are truly a zero-trust architecture. As I said, you can convert a firewall into a zero-trust architecture. That's kind of oxymoron. It's a good question. Both. Why not? Having said that, I would say we won't be looking for acquisitions to grow TAM. We're looking for acquisition to fill in any potential areas that need to kind of strengthen or expand into adjacent markets. It's pretty open to. We've done a few small acquisitions at the right opportunity with the right technology. We'll look for everything that makes business sense. We see that as a market opportunity for us, our momentum is so good, so why not keep on moving at a faster pace. On sales and marketing, we are investing. We're investing heavily. In fact, Remo and I have lots of internal debates, our top-line growth versus bottom-line. We kind of say, hey, top-line is a priority, so both of us happen to be such that we can't be spending like drunken sailors. You'll also see our bottom-line being pretty good.
Erik Suppiger, Analyst
Just in the SD-WAN space, who are your best partners at this point? Are there different architectures for SD-WAN that fit well with you? Or how do you look at that space?
Jay Chaudhry, CEO
SD-WAN. So the answer is pretty simple. Starting with vendors who compete on the higher end who have enterprise-class architecture, they are natural to work with us because our large customers want them. As I said kind of before there, 3 vendors we see frequently for SD-WAN deployments in large enterprises. It's VMware, it's HP Aruba, and it is Cisco. Most of our customers have one of the three deployed on the high end. Then the low-end customers coming from the firewall side of it, do they have some large enterprise customers? Yes, but a lot of their business ends up being on the lower end, and we see them less often. But we do have customers who may have other SD-WAN vendors, but they decided that we were the security cloud of choice. And we're open. We integrate with everyone. I can take traffic from almost any SD-WAN vendor but with some of them we have stronger working relationships. VMware is our best partner when it comes to go to market.
Hamza Fodderwala, Analyst
Jay, just maybe a high-level market question for you. I think some of this you touched on earlier, but we're clearly seeing a critical mass in terms of adoption of trends such as SASE and Zero Trust network access. A lot of the stuff that, obviously, you've been aligned towards from day one, and you're clearly a big beneficiary of that and have been. But at the same time, I think at least in the short-term, it seems to be kind of a rising tide lifts all boats, right? And many of the firewall competitors that you mentioned earlier are talking about similar approaches. Not to necessarily go you to talk about any one particular vendor. But at what point do you think that some of the fear, uncertainty, and doubt, from your perspective, kind of winnows down and people are looking for a solution that's truly architected for this trend like you've talked about?
Jay Chaudhry, CEO
We've encountered a similar situation in the past. If you remember, there are some proxy vendors experiencing sales growth, and you might wonder why they're not losing market share despite our successes. We are still relatively small, with just 25% to 30% market penetration. Other companies are dealing with the data-centric and network-centric architectures by increasingly purchasing firewalls. This process will take time, but it's an effective strategy. However, when it comes to implementing a truly new architecture with Zero Trust—where users aren't simply placed on the network and there's no pass-through architecture—that's the only way to effectively counter threats similar to Colonial and SolarWinds. I anticipate changes will occur in that area. Overall, the market remains large, and we aren't significantly affected by competitors who are performing well. I believe our market share will continue to grow until there's a substantial shift in architecture. For instance, running a VPN in the cloud does not equate to achieving Zero Trust; it remains just a VPN. Are our customers purchasing and implementing it? Absolutely. Will this evolve over time? Certainly. But you cannot convert a VPN into Zero Trust.
Rob Owens, Analyst
Great. Jay, relative to return to work and we think about reopening, how would you expect the pace of digital transformation and therefore, network transformation potentially change? And where are customer conversations right now around the sense of urgency?
Jay Chaudhry, CEO
So customers are beginning to make plans to come and work from the office. Many of them have partially opened up. What they learned during the COVID crisis was that the corporate network doesn't play a very important role. They could work from anywhere. But having said that, when employees are in the branch office, they need to make sure the traffic goes directly from the branch office to the cloud, just like it went from an employee’s home directly without going back to the data centers. So that is actually restarting some of the SD-WAN projects so they can do local breakout. But the bigger issue that's helping us, or the bigger opportunity that's helping us is, they want to make sure employees in the office still do Zero Trust architecture with a product like ZPA. So we are seeing good interest in fully Zero Trust, so they don't have an issue where the lateral movement of threats like SolarWinds can get them in trouble. Or the infected machines coming back to the office and get them trouble. And we are helping companies implement better security, full security asset return to the office as well. Overall, a good positive opportunity for us.
Brian Essex, Analyst
All right. I'm back on the call. I really appreciate it and congratulations on the results. Jay, could you provide more insight into some of the factors influencing this? You mentioned macro headwinds, sales productivity, the shift to the cloud, and the expansion of your platform. How do these connect to customer growth? Can you quantify customer growth and rank these influences in terms of their significance to the growth trajectory you're currently experiencing?
Jay Chaudhry, CEO
When you said customer growth, are you talking about the number of customers or revenue growth?
Brian Essex, Analyst
Yes. I guess I'm looking for logo growth relative to some of the kind of platform expansion and sales productivity initiatives that you have currently in play?
Jay Chaudhry, CEO
We are performing well in both new customer acquisition and upselling. There is an interesting debate within the company about whether to invest more in acquiring new customers. We chose not to pursue that aggressively because there's a significant opportunity to sell our platform, which falls under upselling. Our new customer acquisition includes a healthy balance of both new customers and upselling existing ones. As you mentioned, the macroeconomic environment is favorable for us, and the heightened focus on security is beneficial. Our sales team has excelled in their efforts, leading to impressive results from our early emphasis on channel partners. We have also appointed a new Chief Marketing Officer, expanded and strengthened our marketing team, and increased our investments in marketing. Our platform and product development are progressing rapidly, and we are quite optimistic about our prospects moving forward.
Remo Canessa, CFO
Yes. From a total customer perspective, we grew our customer base by about 20% year-over-year.
Jay Chaudhry, CEO
I'd like to thank you all for your continued support. Please join us at our Zenith Live Annual Cloud Summit in mid-June. Thank you again.
Remo Canessa, CFO
Thank you.
Operator, Operator
Ladies and gentlemen, thank you for participating in today's conference. This concludes the program. You may now disconnect. Everyone, have a wonderful day.