Ladies and gentlemen, thank you for standing by and welcome to the CrowdStrike Fiscal First Quarter 2021 Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, there will be a question-and-answer session. Please be advised that today’s conference is being recorded.
[Operator Instructions] Now, it’s my pleasure to turn the call to Maria Riley, CrowdStrike Investor Relations..
Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.
Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives and expected performance, including our outlook for the second quarter and fiscal year 2021 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995.
These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially, because the statements are based on current expectations and are subject to risks and uncertainties.
We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events or otherwise.
Further information on these and other factors that could affect the company’s financial results is included in filings we make with the SEC from time-to-time, including the section titled Risk Factors in the company’s quarterly and annual reports that we file with the SEC.
Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP.
A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which maybe found on the Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.
Finally, please note that in light of these unprecedented times as a result of the COVID-19 pandemic, management will provide additional information into our first quarter results and guidance assumptions. We do not intend to provide this additional information on an ongoing basis. Now, I will turn the call over to George to begin..
Thank you, Maria, and thank you all for joining us today. We are once again hosting this call remotely and ask for your patience in the event we experience any technical difficulties. Let me begin by saying we hope you and your families are healthy. We extend our deepest thoughts to everyone affected by the COVID-19 outbreak.
I will start by summarizing three key points. First, CrowdStrike delivered another exceptional quarter with results well exceeding our expectations across the board, including generating non-GAAP operating income for the first time.
Our strong performance demonstrates our ability to execute at peak levels and protect our customers even in light of a global crisis. Second, we believe work from home and digital transformation are sustainable trends for our business. It is mission critical to protect workloads irrespective of where they are located on or off the corporate network.
We believe these trends have helped increase our leadership in the security cloud category that we pioneered. And third, we continue to win new logos as companies are rapidly pivoting away from on-premise legacy technologies and moving to cloud-native architectures that provide prevention, visibility, and control on a single platform.
Additionally, the competitive environment has evolved to our favor as market share of the incumbents continues to erode. Now, let’s discuss our results and get into these topics in more detail.
With strength in multiple areas of the business, we added $86 million in net new ARR in the first quarter, which was ahead of our expectations, and year-over-year we increased the number of net new subscription customers by 105%, achieving 89% subscription revenue growth and 85% total revenue growth.
We started and finished the quarter with strong momentum even though many of the shelter-in-place orders in the U.S. were enacted midway through our quarter. Overall, we saw good deal flow among both large and SMB customers that span multiple industries as the secular tailwinds fueling our growth remained very strong.
We continue to win business with large enterprises and closed the vast majority of this quarter’s 7-figure deals in the second half of the quarter after the shelter-in-place orders were in effect, which is consistent with prior quarters.
We also saw strong contributions across our key geographies, which included achieving our second largest quarter in EMEA. Additionally, our gross retention rate remained consistently high and our dollar-based net retention rate once again exceeded 120%. We also continued to expand module adoption within new and existing customers.
This quarter, the percentage of all subscription customers with four or more modules increased to 55%, and those that adopted 5 or more cloud modules grew to more than 35% of our customer base. We are partnering with our customers as they navigate a heightened threat environment and uncertain economic realities.
In the first quarter, this included extending special terms to a few customers in impacted industries. Another way we are helping customers is with the two initiatives we launched to help our customers quickly onboard new remote workers without sacrificing protection or having to worry about a procurement cycle as we discussed in March.
This included a surge relief plan that allows our customers to search the number of endpoints for a limited time. Additionally, we launched a Falcon Prevent for Home Use program that allows company administrators to install Falcon Prevent on their employees’ home systems.
These free-of-charge offerings have been well received with over 250 customers taking advantage of these work-from-home and search programs, which have led to significant new opportunities for CrowdStrike. Also discussed in March, we implemented several measures early on to help ensure the health and safety of our employees around the globe.
This included restricting all travel and transitioning 100% of our workforce to be remote. As we expected, this transition was seamless given that approximately 70% of our team is normally remote. We remained on track with our hiring plans. In fact, we had a record number of accepted offers and a surge in new applications.
Customer engagement has remained high, and Mike Carpenter, CrowdStrike’s President of Global Sales and Field Operations, and I kicked off our 100-by-100 international virtual customer tour.
The team’s efforts are paying off as we saw a strong increase in new business meetings in the quarter compared to Q1 of last year and we ended the quarter with a record pipeline. Overall, I could not be more pleased and inspired by the superior execution and dedication to our customers by every CrowdStriker.
Now more than ever, it is important that we step up, fight the good fight with our customers, and stay ahead of the adversaries. The COVID-19 pandemic has created a breeding ground for cyber crime. The past couple of months have represented one of the most active threat environments we have ever seen.
The threat environment is even more heightened for healthcare and frontline organizations as they contend with increased remote workers, limited staff, and increased patient care needs. We enabled our customers to stay ahead of these threats whether they are at home, in the office, or in the cloud.
I would like to take a moment to share a few quotes from customers on the frontline that showcases how CrowdStrike is helping them navigate their new normal. The CISO of a leading national health institute wrote “Words cannot express how grateful I am that we have CrowdStrike Falcon deployed to our systems and that Falcon OverWatch has our back.
As we faced unprecedented attacks, one thing remains consistent. We are able to defend our public health mission because of CrowdStrike.” And the CISO of a non-profit healthcare system operating in six states said “Big thanks to CrowdStrike and the OverWatch team for having our backs during this latest activity.
Please pass along the kind words of our CEO and CFO to your folks as well as my appreciation for helping us avert a cyber incident during a hugely trying time for our healthcare system.” Cybersecurity is mission critical; and even in this challenging macroeconomic backdrop, customers have continued to prioritize cybersecurity investments.
This includes those customers and industries most impacted by shelter-in-place orders such as airlines and hospitality. In addition to effective and superior cybersecurity, CIOs and systems are looking for a strategic partner to help them easily accommodate a remote workforce, simplify their operations, bridge the skills gap, and reduce cost.
To emphasize this point, I will share a quote from a Global 2000 customer in a highly impacted sector. "Our adversaries will be more motivated than ever to harm us now when they think we may not be paying attention.
We simply cannot afford to have an intrusion and CrowdStrike is the most effective, most capable technology any of us have ever used or seen. It’s the linchpin of our security program." Additionally, IT and security teams are looking for ways to easily and remotely solve new problems inherent in work-from-home and hybrid models.
The security challenges associated with a remote or hybrid workforce are best solved by a cloud-native platform that aggregates and analyzes data in the cloud, operates at web scale, leverages network effects to produce superior outcomes, and importantly is easy to deploy and simple to manage on a fully remote basis.
This describes the security cloud, a new category that we have pioneered. Because the Falcon platform is cloud-native and our lightweight agent does not require a reboot, customers can easily and remotely deploy, manage, and protect their workloads at scale irrespective of where their employees are located.
The real-time response capabilities in the Falcon Discover for IT operations module enable customers to remotely run a wide variety of commands on any endpoint of workload, which is now more important than ever.
We are seeing demand for Falcon Discover from IT teams that are turning to CrowdStrike to remotely self challenges such as configuration management, emergency patching, and password resets. At the end of Q1, 45% of our customers have adopted Falcon Discover for IT operations.
Additionally, Falcon for mobile has seen strength as major school districts looked at secure mobile devices for remote education. The CrowdStrike Falcon platform uniquely provides integrated and simplified protection across both enterprise and personally-owned endpoint devices without having to rely on third-party elements.
To help quickly onboard newly remote employees, some companies have spun up new corporate workspaces in the public cloud creating new cloud workloads.
Over the past year, CrowdStrike has seen an increase in the volume of transactions through AWS, which includes customer securing their cloud workloads as well as endpoints that reside on the customer’s corporate network. We saw a 75% increase in ending ARR from business transacted via the AWS partnership compared to the prior quarter, Q4.
More broadly on the partner front, we have continued to see significant demand. Partners across the globe are increasingly turning to CrowdStrike as their partner of choice as Symantec abandons large segments of the market and customers desperately need to protect the remote workforce.
This is contributing to the strength of our pipeline with accepted deal registrations for partners increasing over 200% in Q1 compared with the same quarter last year. CrowdStrike’s mission, platform and brand are clearly resonating with customers and partners as we continue to see a very favorable competitive landscape as we discussed last quarter.
Let me share a couple of customer examples that demonstrate how the power of the Falcon platform translated into strategic customer wins and provided immediate value.
The first customer win is with a leading European logistics company that was looking to mature their security program beyond signature-based AV and to consolidate schools across their subsidiaries. CrowdStrike was able to provide both leading prevention capabilities and a simpler solution with a single agent.
One option this organization considered was to build out their own security operation center, but they quickly realized that by purchasing Falcon Complete, our fully managed and highly automated endpoint offering, the time to value was just seven days as opposed to a minimum of six months to 12 months.
During the sales process, we prevented a ransomware incident on machines where we were installed and helped them remediate the incident across the organization on machines, where we had not yet been deployed.
This new CrowdStrike customer also took advantage of our COVID-19 relief first licensing program as they needed to purchase and provision additional laptops to enable remote working.
This further validated the company’s decision to purchase 7 modules that included security IT operations and threat hunting modules in a large ARR deal for our inside sales team.
The next story demonstrates how CrowdStrike helped a major food conglomerate standardized on the Falcon platform replace 4 other vendors and significantly streamlined their operations. The company has dozens of subsidiaries that were using different tools and they were looking to consolidate, streamline and improve their security posture.
CrowdStrike stood out against an entrenched incumbent by demonstrating the Falcon platform’s ease-of-use, increased level of protection and low impact to system performance with a large initial purchase, this customer adopted Falcon Prevent for next-gen AV, Falcon Insight for visibility, and Falcon Discover for IT operations and is actively moving towards expanding into additional modules across IT operations use cases.
Other notable deals this quarter included a land with one of the largest semiconductor chip manufacturers and an expansion with a major U.S. airline.
These are just a few of our 6,261 subscription customers as of the end of the quarter that have selected CrowdStrike to help them stop breaches and simplify their security and IT operations stack with a single lightweight agent in our AI-powered Threat Graph.
We believe we are positioned to emerge as the structural winner and fundamental endpoint platform of the future. With 11 modules and 11 app store partners, CrowdStrike offers unparalleled opportunities for customers to consolidate agents and reduce cost.
CrowdStrike routinely helps customers save money with some customers citing a 3x return on their CrowdStrike investment in as little as 3 months. We believe this is a compelling value proposition in any economic environment.
In conclusion, we believe that the rapid move to remote or hybrid workforce is contributing to the already strong secular trend among companies to transition to cloud platforms. Cyber security is a basic need for organizations. And from our vantage point, investments by customers have remained strong.
However, we also fully recognize that we are in an uncertain macroeconomic backdrop. It is our view that in times like this the best companies continue to innovate, focus on customer success and emerge even stronger.
We believe CrowdStrike is positioned to thrive as we continue to focus on driving positive outcomes for our customers, execute on our growth plan and expand our lead over the competition. With that, I will turn the call over to Burt..
Thank you, George and good afternoon everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We delivered another outstanding quarter with strength in multiple areas of the business. In the first quarter, we delivered 88% ARR growth year-over-year to reach $686.1 million.
We added $85.7 million in net new ARR representing 65% year-over-year growth, which was well above our expectations. The growth in ARR was broad-based and driven by another strong quarter for new logo additions and expansion business, coupled with low contraction and churn consistent with prior quarters.
Moving to the P&L, total revenue grew 85% over Q1 of last year to reach $178.1 million. Subscription revenue grew 89% over Q1 of last year to reach $162.2 million. Professional services revenue grew to a record $15.9 million as the vast majority of these services, including incident response can easily be delivered remotely.
This is important as companies with legacy technologies will continue to experience breaches and we have the ability to quickly and remotely investigate and remediate the breach and this often leads to new subscription business.
We have been able to derive an average of about $3.73 of subscription ARR for every $1 spent on an initial incident response or proactive service engagement as of January 31, 2020.
In terms of geographic breakdown, approximately 73% of first quarter revenue was derived from customers in the U.S., 14% from Europe, Middle East and Africa markets, 8% from Asia-Pacific and 5% from other markets. We remain focused on building a long-term business with sustainable growth and compelling margins.
In Q1, we recognized significant operating leverage in our SaaS model and the benefits of scale even as we increase investments and our global reach in cloud platform. First quarter non-GAAP gross margin improved to 75% from 70% a year ago.
Our non-GAAP subscription gross margin increased to 78% compared with 73% in Q1 of last year and 77% last quarter. We are very pleased with our record subscription gross margin performance this quarter, but as a reminder, we expect gross margin to fluctuate quarter-to-quarter given the ramping of new data centers.
Total non-GAAP operating expenses in the first quarter were $133.0 million or 75% of revenue versus $89.2 million last year or 93% of revenue. We continued investing aggressively in our business during the quarter, including shifting sales and marketing spend from in-person activities to digital.
With a couple of our significant events such as sales kick-off and RSA occurring in the month of February before the travel restrictions were implemented, we saw a modest $1.5 million decrease in travel and related expenses in comparison to the prior quarter, Q4.
In the second quarter, we expect to realize over $5 million in savings as a result of travel restrictions. Scaling our business efficiently remains a top priority, which is why we focus on our unit economics, including Magic Number. In Q1, we ended with a Magic Number of 1.2, which we consider to be very strong.
I am also pleased to highlight that we reported non-GAAP operating income in Q1 for the first time in company history. Non-GAAP operating income was $1.2 million. As a result of our rapid top-line growth, expanding gross margin profile and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter.
Our non-GAAP operating margin improved over 23 percentage points year-over-year. Q1 represents our sixth consecutive quarter of improving non-GAAP operating performance on both a dollar and a margin basis. Non-GAAP net income in Q1 was $4.5 million or $0.02 on a diluted per share basis.
Given we reported non-GAAP income in the quarter, the weighted average common shares used to calculate first quarter non-GAAP EPS was on a diluted basis and totaled 229.8 million shares. Turning now to the balance sheet, cash and cash equivalents increased to over $1 billion.
Our execution this quarter and record prior quarter sales performance led to strong cash flow. Cash flow from operations was approximately positive $99 million and free cash flow was positive $87 million, reflecting improved operating leverage, growth in deferred revenue and strong collections.
I would like to note that average weighted contract length remained consistent within the range of the past four quarters.
From the results we are presenting today, you can see that we have a strong balance sheet, highly resilient SaaS model and proven history of disciplined investing with a thoughtful balance between generating top-line growth and achieving operating leverage.
We intend to continue to hire aggressively and position the company to emerge from this unprecedented era even stronger and to create even more distance between CrowdStrike and the competition.
Moving to our guidance for the second quarter, we expect total revenue to be in the range of $185.8 million to $190.3 million, reflecting a year-over-year growth rate of 72% to 76% with subscription revenue being the dominant driver of growth.
We expect non-GAAP loss from operations to be in the range of $3.1 million to breakeven, and non-GAAP net loss to be in the range of $3.8 million to $700,000.
Utilizing weighted average shares used in computing non-GAAP net loss per share basic and diluted of 216 million, we expect non-GAAP net loss per share basic and diluted in the range of $0.02 to breakeven.
For modeling purposes, please note that if we report positive net income in Q2, we expect our share count to be 232 million fully diluted shares versus 216 million basic shares if we reported net loss.
Moving to our guidance for fiscal year 2021, we continue to remain optimistic about the demand for our offerings and the powerful secular trends fueling our growth. Given the growth drivers of our business as well as our strong first quarter performance and momentum into the second quarter, we are raising our guidance for the fiscal year 2021.
At the same time, we are maintaining our pragmatic outlook regarding the uncertain global macroeconomic backdrop and have once again factored that into our fiscal year guidance.
While we do not normally discuss the assumptions we make in preparing our guidance, and do not intend to do so in the future, we would like to provide you with some transparency into the adjustments we have made to our guidance methodology to de-risk our guidance for the year.
First, while we do not specifically guide to ending ARR, we have added the Q1 ending ARR overperformance to our ARR expectation for the full year. However, given the unseasonal strength of Q1 and uncertain economic environment, we are modifying our prior expectation that Q1 would be the low point for net new ARR for the year.
Second, while we have not seen a significant increase in contraction in churn as a result of the COVID-19 outbreak, given the macroeconomic environment, we have prudently increased our assumed contraction in churn for the year.
We currently intend to continue to hire aggressively, and in some key areas such as R&D, we have increased our hiring plan for the year. This along with the expectation that select essential travel will be allowed in the third quarter, we expect to see a step-up in operating expenses in Q3 from Q2.
We continue to expect to be non-GAAP operating income breakeven in the fourth quarter. In Q1, we converted our marketable securities to cash and as such do not expect to report material interest income for the remainder of the year.
And lastly for cash flow, given the timing of expenses and seasonality of new hires, we expect to see slightly negative operating and free cash flow in the second quarter. And we are maintaining our guidance to be operating cash and free cash flow positive for the full year.
For the full fiscal year 2021, we currently expect total revenue to be in the range of $761.2 million to $772.6 million, reflecting a growth rate of 58% to 60% over the 2020 fiscal year. Non-GAAP loss from operations is expected to be between $19.2 million and $11.1 million.
We expect fiscal 2021 non-GAAP net loss to be between $18.1 million and $9.9 million. Utilizing weighted average shares used in computing non-GAAP net loss per share basic and diluted of 220 million, we expect non-GAAP net loss per share to be in the range of $0.08 to $0.05. George and I will now take your questions..
Thank you. [Operator Instructions] And our first question is from Sterling Auty with JPMorgan. Please go ahead..
Yes, thanks. Hi guys. It sounds like everybody is healthy which is fantastic. Maybe just to start off, when we look at the network security space, I think the expectation is that after this initial surge for remote access capacity that they are going to see kind of demand paid off.
When you think about endpoint in its totality, are you expecting something different or more durable in the demand?.
Hey, Sterling. This is George. So, thanks for the question and we are all safe. Thank you.
Yes, I think what we have seen here obviously there is the work from home, and I think ultimately a more into the work from anywhere and there will be a hybrid model of people going back to work, but I think we all know that we are not going to continue in the same way that we had pre-COVID. So, we see that as a long-term opportunity.
And really, I think if you take work from home and you – and capitalize it, it’s really part of digital transformation. And what we have seen directly just over the last couple of months is just digital transformation being accelerated, which means more people working outside of their corporate environment. It also means more cloud workloads, right.
And this digital transformation, which encompasses work-from-home is really a longer-term trend that we are seeing. In fact, on our 100-by-100, I was speaking with a CIO, and I said, tell me a little bit about your digital transformation program. And he said, well, we had a 2-year roadmap. And in one day, at the end of March, we executed on that.
That just gives you an idea of how fast things have been accelerated. So we see that as a long-term secular trend and tailwind that we’re able to benefit from..
Fantastic. And then maybe just on the – follow-up on the go-to-market strategy. You talked about the partnership with AWS.
Maybe from a high level, is your expectation that you want to go deeper and bigger with the existing partners versus going broader and bringing on a lot more partners?.
I think that’s always been our view is to have bigger, deeper partners where we can spend more time and invest more dollars and effort as well as the partner. And we think that is a much better program than having many partners that aren’t necessarily moving the needle for us.
So yes, a big part of it is deal registrations are up, big part of it is people wanting to move off incumbents. And for us, we’d rather double down on the big partners, and AWS has been really a fantastic partner for us. You can see the results. And they really remove a lot of the friction in the sales process.
So, we’re excited about that, and we look forward to continuing that in the future..
Makes sense. Thank you..
Thank you. Our next question is from Saket Kalia with Barclays Capital..
Okay, great. Hey, thanks guys for taking my questions here. Maybe first for you, George, can you just talk a little bit about Falcon for containers and AWS to sort of on that last point? Realizing that it’s still early here, I think you said in the prepared comments that ARR there was up about 75% over last quarter.
Can you talk a little bit about what your customers are saying about this tool and who you’re displacing in that sort of environment, if anyone?.
Sure. Great to connect, Saket. I will start with the latter part. There is not a lot to displace out there, because it’s really a Greenfield opportunity when we think about container protection, and the beauty of our model has always been the simplicity.
So, the same lightweight agent can be used to protect many containers, and there is a big difference between what we do and what others do, where they have to run inside of every container. We can actually run outside the container at the operating system level and get visibility into every container.
Now what’s the benefit of that? The benefit is, it does not get in the way of the development cycle. Developers and IT teams don’t want – and DevOps, they don’t want any friction in the model, and we have a model that introduces like zero friction. So, it’s been very well received.
In addition to that, we have added a ton of capabilities into that offering, including all kinds of additional prevention capabilities as well as understanding the container configurations and helping manage the containers, the security of those containers in multi-cloud as well as on-premise very easily.
So, it’s been very well received, and even as an extension to what we’ve done in containers, particularly in the cloud area, we’ve added much broader Discover capabilities. As you know, the IT teams are really struggling to figure out where their shadow IT is. We can help in those areas as well..
Got it. That makes sense. Burt, maybe for you for my follow-up, thanks for the historical data on that net revenue retention in the slide deck. I think you said CrowdStrike remained above the 120% sort of goal on net revenue retention.
I guess, the question is, at what point do you foresee clearly some of the bigger lands that you’re getting here with customers opting for four to five modules to perhaps start impacting that metric? And clearly, that’s a good problem to have with bigger lands, but curious if that’s something to consider for that metric as the platform approach sort of continues to resonate?.
Thanks, Saket, and thanks for the question. So, as you know, we don’t manage the net retention number. We still think that 120% is a good benchmark in a normalized environment. And you are right, it did remain over 120% for this quarter. I mean, as you know, dollar-based net retention can fluctuate quarter-to-quarter, and it is a noisy metric.
Just because it goes down, it does not necessarily mean bad thing and vice versa. We did see a trend up through Q4 where we were seeing the larger wins, and that was certainly impacting our dollar-based net retention rate, and that was fine.
And we think that going forward we will likely see some more larger lands given the fact that more and more customers are buying four or five of our modules.
Having said all that, as you think about the SaaS companies in the traditional land and expand, over time both the expand might take over at some point and as clearly as we bring more and more value to our customers in terms of more modules, we could possibly see an uptick. But my final comment on that is, today we’re still going after both.
We’re still going after the large new lands and we’re still going after the expansion opportunities and we’re paying our sales force the same whether or not they bring in a new logo or a new land or an expansion..
Very helpful. Thanks guys..
Thank you..
Thank you. Our next question is from Gur Talpaz with Stifel..
Awesome. Thank you. Good afternoon. Congrats to both of you on the strong results. George, I want to ask you if you were seeing a shift in appetite for non-traditional use cases in the current environment.
I think the market well understands that we have seen a shift here in EDR and JV, but are you finding yourself being deployed in other areas, perhaps at a more aggressive rate these days given everything that’s happening out there?.
Hey, Gur. Thank you for the question. Absolutely. I think this quarter was really a tipping point into use cases outside of just security, and we’ve been building our Discover module for several years. And a big part of that is focused on IT ops and security – I should say hygiene as well when we think about asset discovery and configuration.
We talked about emergency patches and configuration management and password reset. So this functionality drives a lot of automation into the IT stack. And just given COVID in the remote work environment, we had so many customers that were struggling and really in a panic mode trying to figure out how are they going to understand these systems.
How are they going to touch these systems remotely when they are sitting behind everyone’s local firewall and cable modem and they actually turned to the security team because they had solved that problem and they basically – it was sort of an eye opening experience for the IT folks in terms of our capabilities in what we can do.
So I see it really as a tipping point. And we think about our capabilities, that goes well beyond just security. And I think this particular environment with remote work from home is a perfect use case for how we can drive automation and save a lot of money for the IT teams..
That’s super helpful.
And then Burt, maybe one for you, congrats again on the gross margin here, given your commentary around the rollout of new data centers, what’s the right way to think about both the lower and upper thresholds of your gross margin over the next few quarters with the goal here to be properly conservative?.
Yes. So hey, Gur, great question and one near and dear to my heart. So, gross margin expansion has been a focus of mine and my colleagues in the DevOps center.
And to-date, we have had great success in being able to expand our margins through obviously new modules coming to bear, new modules need more gross margin for us as well as opportunities within the data centers in terms of efficiency.
But as we think about the future we see opportunities to even – to increase even more our gross margins with respect to lowering our long-term costs with respect to data centers, moving them to lower cost environments. But in the initial stages, it takes more to get those up and running.
And so on a quarter-to-quarter basis, it might fluctuate, but not materially. We are already still smack dab in the middle of our long-term, our long-term range and we anticipate to stay there. So the movements will be small in the next few quarters..
That’s super helpful. Thank you..
You are welcome..
Thank you. Our next question comes from Brad Zelnick with Credit Suisse..
Thank you so much for taking the question and congrats on all the great momentum and everything you are doing to keep the world safe.
Guys, my question follows up on I think what Sterling asked, just trying to understand how much of the growth is coming from new endpoints? Clearly, you have a lot of laptops being sold as everyone was working from home over these last few months.
And if maybe if you were to look at the mix of drivers, endpoint unit growth versus module adoption or maybe dollars per endpoint, said differently, how should we think about that mix in Q1 versus what you would typically see?.
Well, hey, Brad thanks for the question. I will take the first part and then I’ll turn it over to Burt. But if we just step back a little bit, and this is one of the areas that I’m always focused on is, when we talk about endpoint, certainly that’s our market we get lumped into, but I think it’s a bit limiting.
I think about endpoint as a PC and a server. And really what we are focused on is workload protection, right, which is all of the cloud environments all the container, the femoral workloads, IoT mobile devices. So it’s a much broader opportunity for us.
And when you think about what happened with COVID, sure you’re going to have new laptops come online, and you’re going to have people working from home. That isn’t going to change necessarily and those aren’t going to go away.
In fact, I talked to a CIO just a couple of weeks ago and they told me whenever they refresh their computers, they’re only going to buy laptops, as an example, right? They’re going to go through a quicker refresh cycle because of that.
And most people think that – most people work on laptops, a lot of the folks I know, but people go in the office, they turn their computer on and off, and that’s it. So they need to account for those.
So that’s one piece of it, but I think the broader element is really the digital transformation, which is how many of these workloads are going to the cloud. And obviously, the computers they are buying are not going away.
But at the end of the day, it’s really about this digital transformation and having a cloud architecture, which we’ve seen accelerate, people moving away from legacy technologies because of this new environment.
And I think that’s more of the longer term piece of it is, it’s not just the work from home or work from anywhere, it’s how people are transforming that environment as well as their move to the cloud.
Burt, maybe you have comments on the other piece?.
Hey, Brad. Yes, great question.
So the other thing that goes along with that transformation at the same time from a long-term perspective is also the increased modules, right? So as you add more modules, it gives the opportunity to the sales team to introduce new things to customers and be able to increase their overall footprint with us from a security perspective.
So just by given that we know that that’s part of one of the growth drivers that we’re looking at looking into the future. It’s obviously accelerated by what George was talking about, digital transformation.
But the opportunity as well in front of us in terms of all the different types of workloads that customers are looking to have protection on whether it’s work from home type of units or whether it’s in the network or in the cloud.
All of them are accelerating for us and we think that that’s a huge opportunity for the growth that we will see in the future..
Thanks, Burt. Maybe if I could just follow-up with one. As I think many have been concerned rightfully about customers’ desire to preserve capital and perhaps shrinking duration and extending payment terms. You guys had a blockbuster cash flow quarter I think your best ever, $87 million in free cash.
But at the same time, CapEx was a lot lower, at least in what the Street was modeling. Can you walk us through how you’re able to deliver such a strong cash flow result despite being flexible with some customers? And also why did CapEx come down a bit? Was it intentional or maybe something supply chain? Thank you..
Yes, good question. So obviously we are very focused on cash. For us, coming off such a strong Q4 and even Q1 that obviously propelled the opportunity to collect, so strong collections was a result of the strong performance. So that’s part of it. CapEx, part two of your question, CapEx, we’re trying to be managed throughout the year.
If you look at our CapEx overall, you’re going to find that we’re going to spend roughly around 8% of CapEx as a percentage of revenue, with the majority coming in the back end. And that’s just a function of how we see the capacity in our data centers and how much more we need to add and build into them to be able to keep up with our growth.
That’s how I think about it..
Thanks very much, and congrats again, guys..
Thank you..
Thank you, Brad..
Thank you. Our next question is from Alex Henderson with Needham..
Thank you very much. Going to ask you if you have got the call from Cleveland, obviously, you’re going to go into the Rockstar Hall of Fame with these kind of numbers. But I thought instead, I would ask something more mundane along the lines of the free onboarding and the Falcon home products.
Can you talk a little bit about the magnitude of that opportunity down the line when those people run-off of the timeline for the free subscriptions and then end up being sign-out.
Is that a meaningful opportunity to up sell them to the platform?.
Well, I think in general, we think work from home and work from anywhere is a meaningful opportunity. Obviously, we were flexible with our licensing, which we thought was the right thing to do from our customers, and that’s still running out. We’ve had a lot of customers take advantage of that.
And so a lot of over-deployment, which helped them and ultimately, our goal is to be able to go back and drew them up and move them into a paying program. So we continue to evaluate that opportunity. I think it’s one opportunity that we have and it continues to move forward and the feedback that we have gotten so far has been fantastic.
In fact, we have customers asking for a permanent work-from-home program for their home users. And if you think about in today’s environment, lots of people use their own computer at home, they try to connect with a VPN. Customers need it to be a little bit more flexible depending on their industry.
So having the home users protected, which are often exposed to something that they could bring into the corporate network, which again is disappearing is important for many of these large institutions. So I do think there is some good opportunities going forward as we look to close out those programs..
If I could shift the gears slightly, you guys have spent a lot of time and energy on dealing with the Kubernetes environment. You have clearly got a very differentiated product that goes into the runtime side of Kubernetes.
Can you talk about your ability to feed that back into the CICD pipeline process back into the pre-deployment side and to what extent you think you can move into the full process flow there?.
Well, yes, that’s certainly an ongoing journey for us. And I think we have made substantial progress in all the above.
Obviously, we are very strong in run-time security and we have customers using the visibility element of what we are doing to really help them understand what should be deployed, what is deployed, what should be approved if it’s deployed, is it vulnerable, things of that nature.
So, I do think there is lot of future opportunities to continue to streamline in that pipeline. And it’s kind of – it gets back to what I said earlier in the call, it’s so easy to deploy, it’s so easy to use. It doesn’t add a lot of friction.
So now it’s about adding more value back into the developer pipeline as well as being able to solve some of the security use cases in the outcomes of the security teams are looking for. So, we continue to focus on. We had a huge release just a couple of weeks ago.
We have one of the most mature Linux versions with coverage for many different operating systems and that’s been a differentiator for us, particularly in winning cloud workload protection business..
Super. Thank you very much. Great job, guys..
Thank you..
Thank you. Our next question is from Tal Liani with Bank of America..
Hi, guys. I wanted to ask you about the competitive displacement. And I want to just to discuss two things.
Number one is what was the experience this quarter with displacing Symantec specifically? And second, we also see that you are displacing next-gen players and the question is, why, what are the deficiencies in their products or what kind of added value do you provide that allows you to displace also next-gen players?.
Sure. Well, we can start with the first one. We continue to displace Symantec customers. Again, for a lot of the reasons that we have talked about in the past, people are looking for platforms and they are looking for technologies that actually work and stop breaches.
Ransomware has been a huge driver and signature-based AV is really not capable of dealing with sophisticated ransomware, right. So, people are looking to get off that. Not as a matter of security, I mean that’s certainly an element, but as a matter of business resiliency.
And in today’s environment, if we think about the healthcare community, the last thing anyone would want would be a ransomware attack in the middle of the pandemic. So, that’s one. Two is on the next-gen players. Again, we spent the time and effort to build the platform out from the ground up, right.
It’s the same Salesforce, Workday, ServiceNow, CrowdStrike. We don’t have an on-premise version, because that’s not our model. So, lot of our competitors built on-premise versions. They try to move it to the cloud and call it a cloud offering. Their data is still on each endpoint.
The value is being able to aggregate this data at scale, which we figured out with our threat graph. And effectively that creates a data mode plus the module expansion allows customers to add more modules not agents, right. And even our next-gen competitors, they still have three and four different agents because of their acquisitions.
So people want something that’s simple, want something that works and want something that’s future proof and ultimately stops the breach..
Great.
And that includes also next-gen players?.
That was specifically directed at next-gen players, yes, got it..
I have a follow-up question about your platform can you discuss traction with opening up the platform to third-party applications? Are you starting to see traction with third-parties and what kind of applications are being offered or being demanded?.
Yes, we are. We opened up the platform a number of years back and we continue to add partners. I think we are up to 11 now. And again, our goal is higher quality. It is in an Apple App Store, right. It’s really about having high-quality vetted partners in there.
And again it gets to the pain point of customers don’t want more agents, they want less of them. And I do think that is an underappreciated fact in the industry is how painful more agents are. So when we look at the opportunity we have in the store we continue to add apps around patch management. We continue to add apps around white listing.
We continue to add apps in the OT space. So, those are all being built out or built out and we keep adding more partners and we keep announcing new partners. And it’s been a real strategic I think weapon for us, because none of our competitors have a store quite like that and people love the flexibility that we are offering them.
Collect once, reuse many and allowing that flexibility to our customers really saves them a lot of time and money in their operational overhead of their endpoint..
Got it. Thank you..
Thank you. [Operator Instructions] Our next question is from Joel Fishbein with SunTrust. Joel, your line is open..
Good afternoon, guys. Sorry, I was on mute. Congrats on a great quarter. George, I wanted to follow-up on the vendor consolidation story that seems to be accelerating here for you guys. Cloud module adoption is just fantastic and Burt had talked about more investment in R&D.
Can you talk a little bit about some of the new modules that you are working on that are coming out and when we should start to see them, DLP, firewall management, maybe firmware protection, some of the other stuff that you guys are working on to sort of grow that 10, 11 number to continue to grow that?.
Sure. Thanks, Joel. If we look at the modules today, we have got 11. We do have firewall management. We do have firmware protection, which is already in the product. As you might imagine, we don’t talk about the future modules that we are going to come out with, but we are always working on new modules and getting feedback from customers.
We are spending a lot of time again looking at various use cases and how it can help customers with insider threats and use cases that again go beyond just core security.
A big focus this quarter for us was our Discover module and the ability to help IT teams and there are a lot of use cases that have come back in terms of what people are looking for above and beyond just security. So, we continue to look to enhance the modules we have because we are never done with them. We are always updating them.
That’s the beauty of the platform. I have had customers tell us we like in one day and the next day there is just tons of new stuff that shows up and we don’t have to do anything. It is nothing they need to do which is there and that’s the beauty of the platform.
So, we are rapidly working on new technologies and new modules and obviously we are bringing on new store partners. So as we have new modules, we will be sure to bring everybody current with them..
Thank you..
And our next question is from Matt Hedberg with RBC Capital Markets..
Hey, guys. Thanks for taking my question. At RSA, it was great to see Spotlight in action.
I wonder if you can dig into that product a little bit more that module and maybe some of the competitive wins you are seeing against traditional vulnerability management peers?.
Yes, thanks. The module adoption was up this quarter for Spotlight. I mean, it shouldn’t be a surprise given the fact that everybody is working remotely from home. And guess what, compliance mandates don’t really care if you are at home or in the office, right.
So customers have a compliance mandate which is they have to understand what their vulnerabilities are on their systems and to have real time visibility into your vulnerabilities irrespective of where that endpoint of workload is, is huge for customers.
So, we saw that being rolled out pretty rapidly and with the click of a button people have visibility. I think again it goes back to the consolidation play. People don’t want yet another agent. Some of the VM players have pushed their cloud agents.
And at the end of the day, these are just kind of scanning technologies that add a lot of overhead for the endpoint.
And the beauty of our model again is the fact that we have already collected the data and we are not putting extra burden on the endpoint from a performance perspective and we are not waiting for a scan to happen, it’s always real time..
Thanks, guys..
Thank you..
Thank you. Our next question is from Sarah Hindlian-Bowler with Macquarie..
Hi, guys. Hi, George and Burt. It’s great to hear your voices and I am glad everyone is well. I wanted to ask – actually I have a couple of questions, but I will just go right to you, George and I will follow-up with Burt in a bit, but this was clearly a phenomenal quarter and I know your strength is being driven by digital transformation.
But if I can dig a little bit down deeper, how do I think about the upside and what’s driving it the most between all of these major trends you have driving these results, work from home, competitive positioning versus incumbents and even your new products? Is there anyway you can give me a sense of the mix and if it’s evenly distributed or skewed to one or the other? Thanks guys..
Well, thanks, Sarah. Good to hear from you. And it’s a hard question to answer, because each customer is a bit different. Certain customers that have too much complexity and again they just want to simplify. Others have suffered breaches on their different technologies and they are looking for something that’s more effective.
Others are looking for force multipliers like Falcon Complete where they just don’t have the headcount that was been a huge opportunity for us this past quarter. So, when you put all that together, I mean, there is a lot of tailwinds as you talked about. You have got the incumbents losing market share and abandoning the market.
You have got work from home. You have got cloud adoption, digital transformation. There is a lot of opportunity for us and some of it is white space and the cloud workload is total Greenfield opportunity. There is just nobody there in this cloud workload. In fact, that we have tied in with metered billing makes it easy for people to adopt.
So, it gets to down to – it just works, it’s simple, it’s easy to use and people can consume it the way they want to consume it and that has really benefited us. So, one of the things that we talked about in the call as well is the mobile piece, I think that gets underrepresented at sometimes.
And we saw some really nice wins because of work from home. And we are one of the leaders really in EDR endpoint for mobile. We kind of developed that from scratch, that category and we have seen some really great traction in that area as well..
Phenomenal. Burt, I just really – I really appreciated the update on guidance and how you built out the year, it was really helpful.
I just wanted to ask you one quick thing, should I expect to see any increase in churn as a result of just these kind of current frozen economic conditions or are workloads and device growth enough within the existing customer base to help to offset that?.
Hey, great to hear your voice as well, Sarah. So, we are assuming more churn and contraction in our guidance. While we have – the thing is that we have not yet seen a meaningful impact to contraction in churn as a result of COVID-19 given the impact of the broader macro economy.
So taking that consideration, we have prudently increased our assumptions for contraction and churn in the quarter. This is one way, as you pointed out, we de-risked our guidance in the year and as we disclosed it in the prepared remarks. So that’s how we are thinking about contraction and churn..
Alright. Thank you guys so much. Congratulations. Amazing results..
Thank you..
Thank you. And our last question is from Gray Powell with BTIG. Please go ahead..
Alright, thanks. Thanks for working me in. Lot of the questions have been asked already, but maybe I will add just a high level question.
So when things get back to something closer to normal and the economy fully reopens, how will things be different at CrowdStrike? Will you all travel as much and do as many face-to-face meetings as you were doing previously or do you see a permanent change to the way that you run your business?.
Well, it’s a great question and I will try to be brief. But we haven’t been more productive. Mike Carpenter and I are having meeting after meeting after meeting, customers are available, they are not traveling and it’s been very productive. It’s a little bit like Groundhog Day sometimes as you might imagine, I am sure everybody feels that.
But we have been able to get to the customers. We have been able to get to the CIOs. And more importantly, we have been able to close the deals and that’s what matters. And it’s just a new normal. So certainly, there will be a hybrid. We will travel where customers will accept us and where it’s safe.
But I think it’s a different way of doing business and enterprise selling in the SaaS world..
Got it. Okay. Thank you very much..
Thank you..
Thank you. And I will turn the call back to George for his final thoughts..
Well, thanks everyone for the call and their time and attention. We hope to see you next quarter. And of course in today’s environment, we hope everyone stays safe and we hope you have a great day. Thank you so much..
And with that, ladies and gentlemen, we thank you for participating in today’s program and you may now disconnect..