Mimecast Limited

Welcome to Mimecast's earnings call for the fiscal first quarter of 2020, ended June 30, 2019. I'm Robert Sanders, Director of Investor Relations.

With me on the call tonight are Peter Bauer, our Co-Founder, Chairman and CEO; and Rafeal Brown, our CFO. Tonight's conference call is being broadcast live via webcast.

A replay of this call will be available two hours after the live call has ended. On this call, we will make forward-looking statements regarding future events and the future financial performance of the company.

These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those in the forward-looking statements. We caution you to consider the important risk factors that could cause actual results to differ from those in the forward-looking statements contained in today's press release and on this conference call.

These risk factors are further defined in Mimecast's most recent Form 10-K filed with the Securities and Exchange Commission. During this call, we will present both GAAP and non-GAAP financial measures.

These non-GAAP measures are not intended to be considered in isolation from, a substitute for, or superior to our GAAP results. A reconciliation of certain GAAP to non-GAAP measures and the reasons for our representation of the non-GAAP information is included in today's press release, which can be found in the Investor Relations section of our website.

The date of this call is August 05, 2019. Any forward-looking statements we make today are based on assumptions that we believe to be reasonable as of this date.

We undertake no obligation to update these statements as a result of new information or future events. We're reporting first quarter 2020 results in accordance with ASC 842, the new standard related to the accounting for leases.

The company adopted ASC 842 on April 1, 2019, the start of our 2020 fiscal year. Now I would like to turn the call over to Peter Bauer, Peter?

Good evening, and thank you all for joining our first quarter 2020 earnings call. I'll begin with an overview of our financials and discuss the success we are having in attracting customer top platform.

Next, I’ll discuss some of the factors supporting our growth. We’ll introduce some of the innovations, our key [ph] we are delivering to the market and then I’ll provide examples of how we are enhancing cyber resilience for organizations.

Finally, I’ll hand over the call to Rafeal Brown, our CFO to take you through the numbers in greater detail and then we’ll take your questions. To begin, I am delighted to report that we've again exceeded our expectations for constant currency revenue growth.

Revenue of $99.2 million grew at 27% year-over-year as reported, and 32% in constant current currency over prior year achievements. We added 900 net new customers to our platform with sales across our 10 services and are today 39% of our customers use four or more services benefiting from our integrated suite of capabilities that combine security, data protection and integrity and high availability services.

Notable was the strong adoption of our targeted threat protection an internal email protection services. Our ability to keep customers safe from advanced threats continues to distinguish mine cost from competitors.

Also, our awareness training service, which strengthens employee cyber skills, continues to see adoption as businesses across all industries can benefit when employees are kept aware of the threat landscape and how to deal with it. So let's look at what's behind the demand we're seeing.

Bad actors [ph] continue to assault organizations and target their data. Recently, we read about highly disruptive attacks on municipalities, resulting in system failures impacting tens of thousands of citizens.

Other communities have been ransomed for the return of their data, and these headlines exemplify the need for strong cyber defenses, including protection from email borne threats and stronger data protection and assurance. Additionally, we believe the regulatory environment has raised the stakes for organizations regarding the cost of breach data as recent fines levied under GDP are orders of magnitude larger than previously observed.

Our archiving services help organizations comply with a wide range of regulatory requirements, including GDPR [Indiscernible]. We were recently recognized as the best email security solution by SC Awards Europe, and this builds on our reputation as a leader and positions the company well for customers across the region.

Now I'm very excited to announce that Brandon Bekker an almost 12-year veteran of the firm who previously led our African and Middle East business has been elevated to a newly created role as the SVP of EMEA. Approximately half of our revenue today is generated outside of North America, and the EMEA region represents the majority of that.

We're seeing exciting opportunities to continue our growth in our more mature markets like the U.K. and South Africa as well as continued successful expansion in the Middle East and Continental Europe.

Brandon's experience leading growth from our South African business will be a great asset as he supports the respective regional leaders. He'll be based out of London.

I'd like to thank Brandon for his years of service and leadership within the company. Now we continue to invest in the best people and provide a culture that encourages their best work.

This enables us to innovate and deliver better protection and new functionality to our customers. The recently introduced mine cost threat intelligence capability is seeing an excellent response from our customers, with over a thousand customers currently accessing the new mine cost threat dashboard feature.

Our threat research group also recently published research regarding a Microsoft Excel weakness allowing it to be exploited by remote payload. Mine cost customers are protected from this type of exploit, being trafficked through email, and through our advanced deep pausing and the de-obfuscation [ph] techniques, technologies that came through our acquisition of the solid business in Israel last year.

In past calls, I discussed our deep application interface capabilities enabled through MIME OS. After several quarters of increasing use of APIs and a rapidly growing ecosystem of companies relying on these services, we've now launched our cyber alliance program to allow tighter integration between security vendors and our platform benefiting customers further.

Partners also benefit by deploying integration solutions from multiple vendors that are more effective and easier to manage. Currently, we have over 100 API integrations with leading vendors like Splunk and Palo Alto benefiting from this program.

One of the largest security buys in North America recently deployed a solution for customers leveraging threat intelligence from [Indiscernible] and Mimecast integrated through our API with Splunk Phantom orchestration and remediation of threats. These integrations that support customer use cases with greater flexibility are of particular interest to our larger customers.

I'm excited to announce that we're hosting our first major global customer event in October. The mine cost fiber resilience summit will bring together IT and security professionals within our customer base to learn network and focus on best practices.

Until now our rapidly growing user community has existed virtually in an online forum, which we Mimecaster Central. Bringing this group together physically will strengthen our ties and promote deeper levels of understanding of each other and our technologies.

Additionally, we're announcing that we'll be hosting an Investor Day in early calendar 2020, and we look forward to connecting in person with our analysts and shareholders and we'll share some additional details as we draw closer to the event. Now let's have a quick look at some examples of the types of solutions that we're providing customers.

Firstly, a cyber-security company with about 9000 employees was exposed to spearfishing and zero day attacks and required a solution to protect against the latest impersonation of waning attacks in their Office 365 deployment. Additionally, this customer sought to automatically remove internal emails containing malicious content.

Freeing up resources and simplifying IT. Mimecast was evaluated against other leading vendors and selected for our ability to keep those customers safe like cloud native architecture and our flexible integration to their SIM environment enabled through our APIs.

And secondly, an enterprise software company with 18,000 users is running an on-premise email security system found it increasingly difficult and costly to respond to the latest threats with this platform. Mimecast was evaluated alongside two other leading security vendors and we were selected for the efficacy of our advanced threat detection.

The simplicity of our user experience and the flexibility we offered to work with their identity system. And thirdly, our U.S.

healthcare company with about 27,000 employees was using a another email security solution, and they looked at an advanced archiving solution to better manage and protect unstructured data. Now the type of integration of the Mimecast platform offering not only advance security and data leak prevention, but also uptime assurance and archiving together proved to be very compelling.

Additionally, our awareness training service was selected to replace the existing vendor in this space, making this a great solution for the customer and an exciting multi product deal for Mimecast. Finally, an existing Mimecast customer with about 65,000 employees sought to add additional protection from threats originating within their organization so they upgraded from our S1 offering to our S2 bundle, that includes internal email protect.

Now with IEP, they gained the ability to automatically hunt for and remediate threats inside their email network. These newer innovations on our platform are helping to make Mimecast more sticky and grow the lifetime value of our customer relationships.

So in summary, we had another strong quarter, exceeding our guidance and attracting new customers to our platform. Growth drivers fueling our success remain in place, as we execute on the large opportunity in front of us, and further penetrate the global market for cyber resilience services.

The competitive environment remains favorable as we continue to innovate and deliver advanced solutions that address today's requirements. Now let me turn the call to Ray Brown, our CFO to review our results in more detail.

Ray?

Thank you, Peter. I am pleased to report that for the first quarter fiscal 20 20, we exceeded the high end of our guidance for both revenue and adjusted EBITDA.

Despite significant currency headwinds in the first quarter, we generated revenue of $99.2 million, which represents growth of 26.6% over the prior year in absolute dollar terms. Adjusting for the $4 million of currency headwind we faced, our constant currency growth rate over the prior year stood at 31.7% for the quarter.

Since providing guidance last quarter, foreign currency negatively impacted our first quarter results by $400,000. Adjusted EBITDA for the first quarter totaled $13.5 million representing an adjusted EBITDA margin of 13.6% compared to $10 million or 12.7% in the same quarter of the prior year.

On a net basis, we added 900 customers in the quarter in line with the first quarter of last year; our total customer account now stands at 35,300. Consistent with recent trends, we saw an increase in our average order value driven by both customers buying multiple services from us and the mix shift, whereby we are now selling into a blend of larger customers.

Currently, the average order value of all customers stands at 11,300 up approximately 15% in constant currency terms. Average services per customer across our base increased to 3.2 services per customer.

Our positive trend with customers using Microsoft Office 365 continued in the first quarter with 46% of our customers now using Mimecast in conjunction with Office 365, up from 34% in the first quarter of 2019. Particularly compelling with customers using Office 365 is the fact that they continue to purchase a higher number of services per customer.

3.5 services per customer compared to 2.9 services for customers not using Office 365. Importantly, our trailing 12-month revenue retention figures remain strong at 111% as our existing customers continue to renew their subscription and purchase additional services.

From a geographic perspective, the United States and Australia turned in solid first quarter performance against our expectations. We continue to see growth in the EMEA region, but now we saw some softness within the region in the back half of the quarter.

Given there are a number of factors complicating the business environment across the EMEA region including the current U.K. political situation, which is significantly impacting the pound, and political challenges within South Africa and their impact on its economy we are watching our performance within this region closely.

This said, as you will see in our guidance, we remain confident in our ability to achieve our full year performance targets. Turning to gross margin for the first quarter, we recognized a 75.8% non-GAAP gross margin up 190 basis points from Q1 of the prior year.

First quarter non-GAAP operating expenses totaled $68.6 million compared to $54 million for the same period in the prior year. Non-GAAP R&D expense stood at 17% of revenue in Q1 compared to 15% for the same period in the prior year.

This increase reflects our view of the importance of investing in our product offerings and the differentiated services we deliver to our customers. Non- GAAP sales and marketing expenses increased in absolute dollar terms, but declined to 39.9% of revenue down from 41.3% of revenue for the same period of the prior year.

Non-GAAP G&A expense was 12.3% of revenue down slightly from 12.6% of revenue in the prior year. Improving the efficiency of our G&A functions over time is an organizational priority and we expect G&A to gradually be a source of leverage in the coming quarters.

Adjusted EBITDA was $13.5 million in the first quarter, representing an adjusted EBITDA margin of 13.6% compared to $10 million or 12.7% in the same quarter of the prior year. Our non-GAAP operating profit for the first quarter was $6.6 million or 6.7% of revenue up from $3.9 million or 4.9% of revenue in the prior year.

In bottom line terms, our first quarter GAAP net loss was $4 million or a loss of $0.07 per basic and diluted share, based on $61.4 million weighted average shares outstanding. This was net of stock based compensation charges of approximately $10 million and tax charges of approximately $230,000.

We expect full year GAAP tax charges to be approximately $2.5 million, a slight improvement since our last projection. Our non-GAAP net income for the quarter was $5 million or $0.08 per diluted share based on $63.9 million fully diluted weighted average shares outstanding.

Our non-GAAP tax rate was 31.5% for the quarter. We continue to project a full year non-GAAP tax rate of approximately 31%.

Turning the cash flow, our operating cash flow for the first quarter totaled $28.5 million compared to $16.6 million in the same quarter of last year. Even that of the approximately $7 million benefit from the advance payment of our tenant improvement allowance that I mentioned in our prior earnings call, this represents a nice uptick in our operating cash flows driven by strong collections in the first quarter.

We generated $19.4 million in free cash flow for the quarter compared to $9.1 million in the previous year. And as a reminder, in last quarter's earnings call, we discussed the fact that office buildouts and grid expansion would drive unique CapEx requirements during FY 20.

With these projects now underway, we expect our Q2 capital expenditures to total approximately $16 million. Turning now to the balance sheet.

And as of June 30th, Mimecast had $196.8 million in cash and short term investments. The balance sheet also reflects the adoption of the new lease standard ASC 842 the summary effect of which is to gross up the balance sheet by approximately $110 million adding both lease asset and lease liability lines.

Noting that currency headwinds at present have become quite challenging, let me now turn to guidance. For the second quarter of fiscal 2020, we expect year-over-year constant currency revenue growth to be in the range of 26% to 27% and revenue to be in the range of $101.1 million to $102.1 million.

Our guidance is based on exchange rates as of July 31, 2019, and includes an estimated negative impact of $2.3 million resulting from the strengthening in the U.S. dollar compared to the prior year.

Adjusted EBITDA for the second quarter is expected to be in the range of $17.6 million to $18.6 million. Full year fiscal 2020 revenue is expected to be in the range of $414 million to $422.6 million or 25% to 27% growth in constant currency terms.

Foreign exchange rate fluctuations are negatively impacting this guidance by an estimated $11.1 million compared to the rates in effect in the prior year. The prior guidance for fiscal year 2020 provided in May was $420.3 million at the midpoint.

Our overall achievement in Q1 coupled with the strength we are seeing in our business is leaving us to raise the midpoint of our full year guidance by $3.8 million in constant currency terms. However, this raise of $3.8 million is being negatively impacted by $5.8 million of foreign exchange headwind that has risen just since the rates used in our May call, resulting in the midpoint of our full year guidance moving down by $2 million in absolute dollar terms from $420.3 million to $418.3 million.

Full year 2020 adjusted EBITDA expectations are being raised to a range of $71.6 million to $73.6 million. In summary, I am pleased to see that despite currency challenges the Mimecast team was able to once again deliver results that exceeded our expectations and that we are raising our full year guidance for revenue in constant currency terms and for EBITDA in both constant currency and absolute dollar terms.

With that, I would like to thank you for your time and operator, can you please open the line for questions.

Thank you. Thanks for taking my questions, and never mind Don DiFucci, just maybe.

I think it’s Fucci John.

[Indiscernible] kiss my ring next time. But anyway, Ray, thank you for all that detail on the foreign exchange, especially its impact on guidance that's really helpful.

So thank -- thanks for that. I guess my question is something that came up.

I think I was looking at the transcript for last quarter, and I look at the balance or the cash flow statement this quarter and CapEx. I know you talked about building out the infrastructure and office space.

But this quarter, you had mentioned something last quarter about a $5 million onetime CapEx this quarter, I think and it looks like you had it, it was in there. Can you give us a little more detail on this?

I think you spoke about like a North American Opportunity, is this can you can you give us some more light on that?

Sure. And let me let me just start with a quick refresher on some complicated discussion from last quarter.

You know we call out that there would be some onetime CapEx investments that take place this year, totaling $28 million. It's largely the office build outs in London and South Africa, and then the grid expansion that you just referenced.

Actually those are really kicking in going forward here over the next few quarters, so the grid expansion is still yet to come. In the quarter, we did receive and got a benefit from a tenant allowance that I had mentioned that as well last quarter, that actually flows through operating cash flow if you're tracking it down.

But no we still had really a nice uptick in operating cash flow even having backed that out. What you would expect then is the CapEx as it's building over the next three quarters both on the real estate front and the grid expansion to take place.

And I would call it just to get help everybody with all this complicated math that we're expecting total CapEx of approximately $16 million in Q2.

Okay. Okay great.

And that, that grid expansion is that just an increase to just to be able to handle more capacity, just generally in North America or is it something specific beyond that?

Yes. So John, we haven't we haven't announced more specifics on it, but it's a discrete additional opportunity in the North American region that we would put down a new grid facility for.

Okay. Cool, look forward to hearing that.

And we'd also look forward to your first customer event and actually the Analyst Day too. So that's good to prepare for.

I guess one other one other question. It sounds like things are humming along.

You guys have been putting up you know above 30% constant currency growth for some time now, which is pretty impressive, and you're doing it in an a market in which I think is underappreciated as far as the size of the market because not just email security, but the archiving and the continuity. But often it seems to me that given the architecture that you have that there's other things that you could be moving into.

And I'm just wondering if you could talk a little bit about that Peter, perhaps like what areas like one of the areas, I think about is identity. But I'm just curious if you have any thoughts on that or in any other areas and that makes sense for Mimecast to become more relevant?

Yes. That's a great question.

So, yes, I think as you as you identify there's sort of two interesting pieces. The one is this underlying integrated architecture that’s micro services architecture we call Mime|OS.

And the fact that it's multitenant that allows us to provision and serve a very large customer base with a very smooth and cost effective provisioning capability. And then be a multiproduct suite on top of that with this continuous suite that we've built up, that really deals with a large number of use cases, very efficiently simplifying IT for customers.

But on the other hand, being very margin accretive for us, as customers buying more of the products over time. And what we've done, obviously we started out and we have a very strong heritage in an email centric use cases, and a considerable amount of our growth has been derived in this very important area of email security, and many of the additional requirements that have been needed over the last few years are on targeted threats and ransom ware and impersonations and so on.

But we've been able to leverage this platform to expand it to some additional adjacencies. And sometimes we've used M&A to catalyze those, not necessarily buy a full stack capability somewhere else and then sort of host that and pretend that it's out of the suite when it's really independent.

But then we've been able to acquire componentry and skills and domain expertise in other areas like web security and like user awareness training, and then expand the continuous suite into that. Now what's interesting is those are discrete sort of monetizing use cases on their own.

But what we're finding is that as we have more and more of these capabilities there allow us to craft unique value propositions that sort of exist at the intersections of these things. We're very excited about what that is setting us up to be able to do in the coming years, to really change the frame of how our customers think about solving cyber resilience and security solutions.

Now there are there are numerous areas you know just a walk around a show like RSA will tell you that there's an infinite amount of complexity that if customers are having to deal with. Identity is an important area, and it's an area where there are many vendors in and there are many different sorts of flavors of requirement.

And you know we're not talking about any specific areas that we may or may not head into. What I would say is we really invest in our API strategy, so that we can with or without having modules or capability in a particular space, we have the ability to integrate seamlessly with other applications, be those other players strong players in identity or next generation firewall or endpoint security or SIM or saw type functionality.

Our API strategy and the new cyber alliance partnership program that we've just announced really helps us to continue that promise of strengthening cyber resilience and security, but also simplifying it at the same time for customers.

Okay. Okay, great.

Well thank you very much guys and nice job.

Yes. Thank you.

Thanks John.

Oh hey guys, thanks for taking my questions. So in the prepared remarks, I think Rafe you mentioned you were watching the U.K.

and Australia. It certainly sounds like you had good results and obviously the guidance would imply you guys are probably not seeing anything, but I just wanted to maybe dig into that comment a little bit more.

I mean you called it out, just a little bit more color around some of the specifics in those two –obviously, Brexit. But is it changing customer buying, some -- just a little bit more detail would be helpful?

Yes. At the end of every quarter we have our QBRs with all the sales teams worldwide and had a number of discussions.

And I don't think we could say there is anything like that going on. It is a bit of a complicated time for the U.K., certainly showing up in the pound, but it does seem like it's a bit of a cloudy time in terms of overall confidence and direction in the company -- or in the country.

So we're just paying particular attention to it to make sure that we're on top of anything that happens there. And as you noted, been able to have a nice beat on the quarter and have constant currency revenue growth at 31.7%, as well as to be able to raise the full year guidance, kind of gives you the bigger picture of how we're looking at it.

Yes. It certainly doesn't look like it short up in numbers of guidance.

So that's great. And then I guess, Peter, you mentioned on the call and sort of when you started off, you saw strength in TTP which we've seen, but you continue to call it IEP.

I believe that's about 3000 customers. That's great.

I mean, their products haven’t been in the market that long. If you look out longer term, I think we're off next you know what is the next TTP product.

I mean, this IEP have that potential to get the some of the same attach rates longer-term and is that the kind of product that you -- or the demand that you're seeing here?

Yes. I think that's a great question.

The TTP is being such a runaway success and such a great driver of growth. Its obvious question what's the next TTP.

And we have several products that perhaps collectively can conspired to create the next TTP like effect and so its difficult to forecast what the trajectory and timing of any one of those offerings is going to be. I think IEP has a very compelling capability.

It's a very natural addition to a TTP customer to buy and we're seeing strong interest in it. I think it also very much fit this kind of zero trust model where you' think about traffic and people on your inside your network and inside your environment sort of treat them with the same level of scrutiny and suspicion from a cyber-security point of view as you do your external parties.

And so IEP really brings back sort of zero trust strategy dimensions to your East-West traffic and traffic just trying to get outside of – get out of your network from within and providing that scrutiny and that assurance to that traffic from both Data Leak Prevention and also from a sort of malware or other kinds of nefarious content that an attacker might be trying to leverage from inside your organization once they've got name. So yes, I think IEPs are really exciting product and we continue to evolve it and add capabilities and tied in with our threat protection and IEPI strategy too.

That's great. Congrats guys.

Thanks Matt.

Hey, guys. Thanks for taking my questions here.

Pretty straightforward quarter on the results; maybe just the higher-level question for you, Peter Bauer, a nice -- in case that to see a nice uptake in security awareness training. As that business gets more settled in at Mimecast, can you just talk about whether the buyer there is usually the same that Mimecast usually sells to?

And then just strategically, if you put yourself into the seat of customer, is there any synergy for customer to buy their email security tool and their security awareness training tool from the same vendor. Can you just talk a little bit about the synergies between those two businesses, if you will?

Yes. That's great.

So awareness training, big issues for organizations, the employees being the very important part of the cyber security framework, historically referred to as the weakest link and increasingly with vendors like us providing options to really enroll the employees as allies in the security program which requires education, compelling content and forms of engagement that really drive up their awareness and make them a local cyber security savvy. That is very important.

Now, it's interesting in terms of who buys that. Frequently, it is a security team that's looking at this.

And is given this as a task to go and fulfill. And particularly where they're looking for telemetry or measurements, they want to be able to benchmark how susceptible employees are to scams and through threats.

And so that aspect to the product appeals to security folks. Where the compliance of buyer comes into it quite frequently is really around the training.

Have employees consumed training and how they assimilated the information and the knowledge that was expected from that training? And so, in terms of that there is quite often on the compliance side of the organization, some budgets and some motivation to drive that, so we see that as well on compliance and risk management.

And then on the IT side as well. Now your question of -- is this an – does this fit naturally or more naturally with a gateway provider?

We certainly think so. And we've certainly seen a lot of enthusiasm for our combined offering.

And particularly the roadmap that we've been articulating where we can take sort of actual employee behavior and incorporate that into the telemetry, the security folks are looking for, and we can take the actual live threats that are being targeted at an organization and we can defang those essentially and release those and use those as phishing simulations rather than having pure template driven or more fictitious, a phishing simulations, but you try and derive your benchmarking from. So, we think there's really strong synergy – there's obviously strong operational synergy because it allows the administrator who is trying to take care of email security and try to set up policies to have this extra tool in their tool bag directly within the administrative and management sort of paradigm and tool sets that they're using with us.

And so we – we do that it makes a lot of sense as part of a suite and as opposed to just being a standalone option.

Make sense. Rafe, maybe for you just a quick follow-up.

Obviously, I think we all the FX variability on the top line, especially for some key currencies like the pound and the Rand, but just for the benefit of everybody in the call, can you just remind us the amount of expenses that you have in those currency as well -- in those respective currencies as well? So we could just think about the degree of natural hedging.

Yes. We actually have quite a nice level of natural hedging overall.

So typically on the bottom line it is just a de minimis impact. So that's why we don't really break out those figures on constant currency numbers.

As you're probably aware the company started in the UK and it's our largest office by headcount. So the natural hedges to the income statement are quite helpful.

Got it. Very helpful.

Thanks guys.

Thank you.

Thanks Saket.

Hi. Thank you.

I wanted to ask two questions, if I could. The first is on the competitive landscape and there's been some indirect questions around this.

But I think there's a growing investor concern that eventually Microsoft will become more competitive just like they did with over some period of time with Power BI versus the Data Visualization vendors. And so, are you seeing any changes in your win rate?

And the corollary of the questions going back to what [Indiscernible] DiFucci was asking on adding to the value proposition. And I understand you want to -- you partner in certain areas, but just how do you approach the partner versus build because I think that's a worthy strategy.

You could see the value creation going on in just to pick an area of the identity folks .You know there's a lot of value in that area. So if you could just talk a little bit about your competitive wins and how that might or might not be changing?

And then how you approach the build versus buy or partner thesis to try to create sustained differentiation?

Yes. So, Keith, great – yes – so firstly just on the competitive front, I mean, we've seen a pretty consistent competitive landscape.

Microsoft in particular – our win rate with Office 365 continues to be strong. We now have 46% of our customers using us with Office 365 and that's up from 34% a year ago.

And those customers, they buy more products as we've discussed beforehand. They run about 3.5 products on average per customer versus 3.2 products as the average across our base.

So we're seeing continued popularity of our offering with 365. And I think that is a fair amount of that is to do with our efficacy and the value that we had as an additional layer of email security, but also the broader value proposition, and I think you talking a little bit to that in terms of expanding the suite, the things like data protection and archiving the business continuity, capabilities that we offer to 365 and on-premise exchange as well.

Our secure messaging offering a large file transfer offering, some of the unique capabilities around awareness training and web security. So that is driving demand broadly but a fair amount of the demand continues to be the importance of having really robust email security protection on top of 365.

Generally from a competitive landscape point of view, a great quarter with 900 new customers coming onto the platform, and continued upsell within the base with 39% of our customers now is having four or more products. So, we feel really good about the value proposition and the strength of the platform today and as we look out of this buy versus build capability old partner versus build or buy opportunity, I think we have to pragmatic.

We can solve lots of problems for customers with things that we built and extended into the street. But we want to make sure that we are building things that we can introduce them and mature and really win that over time by adding maturity and capability and that we can compete both in terms of a feature function point of view as well as the value of having stuff within a suite and the unfair advantages that we have through the deep integration of our platform.

So we're mindful of that and we're really opening up with the API strategy to allow partners and to allow other vendors to create a much broader solution set that we can be part of within the security ecosystem. And that's something we heard time and time again from customers that they have a real appetite for, and because of our cloud architecture and our cloud native architecture that we build from day one on.

We have a tremendous advantage in terms of being able to exposed ready to consume consistent APIs across the platform, across all of the features and functions of the platform, and introduced those two partners. And likewise when we identify partners or players in the market that we may want to acquire and then bring in as part of integration that same API strategy really allows us to make that available to customers in a simpler and more easy to consume and well integrated fashion as well.

Okay. Yes.

It's a tricky balance. Thank you for that.

And I'll just sneak my last one and I'll see the floor. If you could give a quick update on Germany, you mentioned UK and South Africa were weak.

But just any updates on Germany? And that's it from me.

Thanks very much.

Yes, great. So central Europe, as you know we put on our data centers there in the summer of last year, so coming up for a full year and we've hired the team in that market.

It's a really large market opportunity. From a revenue point of view it's going to take a while before it shows up in revenue large because we have – these are the large regions that are also growing really quickly.

So we're adding customers. And it’s a really positive market opportunity and something as well that we we're excited about the opportunity particularly seeing some of things going on TTP are now in that marketplace.

Hi, guys. This is Matt on for Sterling.

Thanks for taking my question. So I actually have two questions.

For the first of them being, you mentioned 46% of the customers already using Office 365 Phishing, most of the large customers move already to that. And if so what you guys think is left to penetrate?

And then in terms of the product mix I know you guys mentioned a couple of highlights. But are there any changes in the mix of products that you're seeing the biggest uptake?

Thanks.

Great, Matt. So Office 365 penetration within our bases of 46%, I think we've said this on prior calls as well that the percentage of our new business that we sign in quarter.

So the new cohorts that we're bringing on, the percentage of those customers using Office 365 already is a fair bit higher than 46 percentage, it's more than more than half of our new business comes with Office 365. So, from a business growth point of view while the migration to 365 and the activity that they consider when they planning a move, while that certainly has been a catalyst to finding and signing up with us where we're seeing real interest with customers that are already on Office 365 are adding us off to the fact to their accounts.

So that's a positive. And if you wouldn't mind just repeating what was the second part of your question?

Yes. So, in terms of the business mix, the product mix is there any difference that you guys have seen in the mix of products, which products are you seeing the biggest uptake?

Yes, great. So the core e-mail security with TTP and IEP continue to be the strongest use case and drivers of new business.

We've had some good growth with archiving too. That's been an interesting progression.

So, we've done some things with our archiving product lately that I think explain it. So we're now at 14,800 archiving customers was adding about 300 new customers last quarter alone.

And we have a leadership position from an archiving perspective for the fourth year in a row. I think we were one of the highest ranked leaders in the Gartner and Magic Quadrant and for enterprise information archiving, and certainly probably one of the largest scale cloud archiving providers in the market today.

We have very large volumes of data and over 300 billion emails that we manage within the archive and that's all the attachments and other content associated with it so. So, it's a unique value proposition that deals with not just compliance but also data protection and recovery business value, APIs for developers to have opportunities to interact with the data as well, so, a really good home for companies to put their unstructured data for a long term retention and management of that data.

But the two things that we've added recently to the platform are tools for the financial services vertical. So supervision tools for FINRA and the immutability requirements of the Section 17 A-4, the certifications that we needed around that, which is relatively new, so surprising in a sense that we've been able to bolt quite a formidable archiving business without particularly going deep on the financial services vertical.

So we're excited now to have more of those capabilities. And then secondly there's still a fair sized opportunity and legacy archiving with organizations having on-premise archives full of data that are very difficult to get away from and get off those older platforms and dealing with that format.

So the simply migrate acquisition that we did earlier this calendar is really enabling us to provide a much more seamless end-to-end experience for migrating data and more cost effective experience for migrating data out of legacy archives on top platform. So that's been another really key part of our growth story this year and this past quarter too.

Great. Thank you so much for that color.

Very helpful.

Thank you.

Thanks for taking my question. Nice print with the headwind.

So, Peter in your prepared remarks you talked about some new customer wins that you have some relationships with Fortinet and Palo Alto. So it seems like and it had to do with your new API strategy.

Can you just level base me on when you started working with these different vendors and implementing the API strategy and how you introduce that into the channels such that you're getting some good traction on this thing? Thank you.

Yes. Thanks Catharine.

So, we have certain of the relationships with vendors directly collaborating and working on integrations and we'll certainly be talking more about that over the coming months. I think the example that we called out there and particular was actually driven by a channel partner.

So it was a channel partner that was working with a customer and both are leveraging the APIs pulls together the integration between ourselves and some of the other vendors that the customer had in their environment or was part of a solution that the partner themselves is bringing to the table. So, I think the beauty of the API strategy is that while we may sort of legislate for certain outcomes and invest in certain capabilities and provide those to the market, it really does afford us an opportunity to benefit from an organic and really flexible set of innovations and customer solutions that that really are outside of our control and don't really require much effort from us at all, but bring together much better solutions for customers and at the same time underline the relevance and the value that we provide as being part of that ecosystem and part of that stack.

And so we're delighted about that. And really our focus today is on educating partners about those possibilities and those opportunities and then bringing more sort of prepackaged integrations and design wins and scenarios to our partners and to our customers so that they can really get on board on this train and have mine cost adding value to the broader set of solutions that they're selling or implementing or managing in their environments.

All right. Thank you.

Appreciate the details.

Thanks Catharine.

Good afternoon. Looking at the opportunity to increase average order value, the key levers that include upsell cross-sell and growth the large accounts.

So, Peter when I'm looking at your expectations for fiscal 2020, can you kind of help us frame those two levers? Should we anticipate maybe lower net new customer adds but larger sized customers to be the more material dynamic relative to up-sell cross-sell or will it be fairly balanced?

Yes. I think its balance.

I mean it's difficult to break out exactly how that's going to play out. I think the one trend that we do see is that in that net adds number.

But we generally are you know where there's churn, it's on the lower end just sort of sub 50 seat space. And generally we're replacing those churns with larger customers.

And generally over time we're finding new customers who may have started their journey with one product or two products are now starting their journey with us with perhaps two products or three products. So we're getting not only slightly larger customers into the base.

And bear in mind it's a big base, so this takes time to change and evolve. We're getting bigger customers into the base.

We're also getting slightly bigger initial product adoption and purchases and then naturally as our portfolio has broadened up and we've got even more to offer customers that upselling, that cross-sell opportunity is there and that supporting that gross revenue retention number which is an important part of our growth as well.

Yes. Okay.

That makes sense. And the other question I had is on the Solebit acquisition.

I think it's been about a year. But can you just talk about how that web security services are performing relative to your initial expectations?

And given how competitive that market has been historically. Just help us understand if there's a differentiation relative to some of the more traditional web security products in the market?

Yes, great. So just to clarify, yes, you're right.

The Solebit acquisition is kind of one year and a week or something in terms of its anniversary since the acquisition, Solebit brought us a technology that was super innovative and unique in its ability to identify malware at high speed inside data files. So they're not particular to web security specifically but a broad based technology that actually has enormous compelling value inside our email stack and we partnered with OEM, the technology for them -- from them in our email offering since it was part of the TTP offering for almost a year prior to that acquisition.

So, we got this tremendous engine, this capability, this unique ability to very efficiently find malware and that has proven our efficacy program pretty strongly and helped us win several accounts competitively in the market and sustain our advantage for customers against a very dynamic threat landscape and in a competitive environment too as we've moved upmarket, so a really successful acquisition. Now, I think we mentioned at the time of doing the acquisition that the technology is really interesting because we also announced our upcoming at the time web security offering and this technology will be relevant to our Web security.

And in fact any other forms of security that required a high speed deep inspection of data files for threats. And so, that has been integrated into our web security solution and provides actually quite a nice differentiator for our web security offering as one looks at file downloads from Web sites, scanning goes through the Solebit engine provides additional assurance that bad files aren't easily coming in from Web sites or from social media sites things like that as customers surf the web.

I think the web security opportunity is a really large opportunity as you point out they are both newer companies that are gaining some momentum in that space is also a considerable amount of legacy installed base around Web security on premise technologies, UTM appliances and the like. And then there are also a considerable number of companies that frankly have no particular web security technology in place.

They may just have a firewall on their network and users are free to roam and do what they like on the web. So, we see all of those as opportunities.

The high end web security companies are not a good fit for every type of organization. It can be an over engineered solution.

It can be an expensive solution. It can be more than what a customer needs.

The UTM and appliance type solutions, the on-premise solutions, again not that fit for purpose in a cloud first world. They have limitations.

And then of course, the greenfield scenarios where customers don't have anything at all. Each one of those is an opportunity for us and we have a particular opportunity within our customer base where customers already chosen our deep technology and security stack for protecting them against email-borne threats and are interested in leveraging that capability in web security.

So we continue to invest and we're currently working on our version 1.3 of the product. We're adding customers.

We've also just added an automated trial capability. I think that goes live right now where customers are able to existing mine cost, customers are able to discover this capability, switch it on for themselves, give it a whirl and deploy it and then make a purchasing decision afterwards with that.

So there's a lot of work going into it. And we're excited about what it can represent as an opportunity going forward.

Great. That's very helpful.

Thank you.

Thanks, Jonathan.

Hey, guys, thanks for sneaking me in here at the end. But I have one question for you and I wanted to circle back to another asset that you guys added roughly a year ago with the awareness training.

I just want to see, have you guys seen any change in what you guys are replacing in awareness training, whether it'd be a single point solution or is it mostly greenfield opportunities?

Yes, it's a great question. I think today it's mostly greenfield opportunities.

There is a little bit of competitive displacement. If we're displacing with our suite, another vendor that might have had a part of this, we may have a competitive displacement.

I think today, for the most part, it's greenfields opportunity. And the penetration of this type of solution is still probably less than a third of the market has something like this today.

So we're mainly -- we are mainly picking up net new or first time buyers of these types of technologies.

Great. Thank you.

Great. Folks, thank you for joining our earnings call this quarter and we appreciate your time and your questions.

We look forward to giving you our results again in a few months time. Good night.