SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding our financial outlook and market positioning. These forward-looking statements are made as of the date they were first issued and were based on current expectations, estimates, forecasts and projections as well as the beliefs and assumptions of management. The words "believe," "may," "will," "potentially," "estimate," "continue," "anticipate," "intend," "could," "would," "project," "plan," "expect" and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
These forward-looking statements are subject to a number of risks, uncertainties and assumptions, including those described in "Risk Factors" elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements and you should not place undue reliance on our forward-looking statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events, except as required by law.
Item 1. Business
Overview
Zscaler’s mission is to empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications from any device, anywhere.
We were incorporated in 2007, during the early stages of cloud adoption and mobility, based on a vision that the internet would become the new corporate network as the cloud becomes the new data center. We predicted that with rapid cloud adoption and increasing workforce mobility, traditional perimeter security approaches would provide inadequate protection for users and data and an increasingly poor user experience. We pioneered a security cloud that represents a fundamental shift in the architectural design and approach to network security.
Enterprise applications are rapidly moving to the cloud to achieve greater IT agility, a faster pace of innovation and lower costs. Organizations are increasingly relying on internet destinations for a range of business activities, adopting new external SaaS applications for critical business functions and moving their internally managed applications to the public cloud, or IaaS. Enterprise users now expect to be able to seamlessly access applications and data, wherever they are hosted, from any device, anywhere in the world. We believe these trends are indicative of the broader digital transformation agenda, as businesses increasingly succeed or fail based on their IT outcomes.
We believe that securing the on-premises corporate network to protect users and data is becoming increasingly irrelevant in a cloud and mobile-first world where organizations depend on the internet, a network they do not control and cannot secure, to access critical applications that power their businesses. We pioneered a new approach to security that connects the right user to the right application, regardless of network. Our cloud platform, which delivers security as a service, eliminates the need for traditional on-premises security appliances that are difficult to maintain and require compromises between security, cost and user experience. Our cloud platform incorporates the security functionality needed to enable users to safely utilize authorized applications and services based on an organization’s policies. Our solution is a purpose-built, multi-tenant, distributed cloud security platform that secures access for users and devices to applications and services, regardless of location.
Before our platform, the corporate data center served as the central hub of IT security, with a physical network perimeter used to separate corporate users, devices and applications from the internet. Today, the network perimeter consists of appliances that have become fundamentally less effective as applications, data, users and devices rapidly move off the corporate network, making the notion of a corporate perimeter obsolete. In a world where more companies are shifting their most critical IT assets to the cloud, cloud-first security is required. Our architecture is vastly different from the traditional “hub-and-spoke” corporate perimeter, where traffic from branch offices is routed to centralized data centers for security scanning and policy enforcement before reaching its destination. In contrast, our security cloud sits between an organization’s users and devices, and the internet, inspecting traffic. Our solutions enable customers to set policies that follow users, so a consistent level of protection is applied no matter where users are located or how they are connected to the internet. We provide all of this security at scale, processing approximately 50 billion internet requests per day. Our platform eliminates the need for organizations to buy and manage a variety of appliances that need to be maintained by a large number of highly skilled security personnel, who are expensive and in increasingly short supply.
Our multi-tenant architecture is distributed across over 100 data centers globally, which allows us to secure users across 185 countries. Each day, we block over 100 million threats and perform over 120,000 unique security updates. Our customers benefit from the network effect of our growing cloud because once a new threat is detected, it can be blocked for users across our entire customer base within minutes.
Our customers protect their users by routing their internet traffic through our cloud platform. Some of the largest enterprises and government agencies in the world rely on our solutions to help them accelerate their move to the cloud. We have over 3,250 customers across all major geographies, with an emphasis on larger organizations, and we currently count over 300 of the Forbes Global 2000 as customers. Our customers span every major industry, including airlines and transportation, conglomerates, consumer goods and retail, financial services, healthcare, manufacturing, media and communications, public sector and education, technology and telecommunications services.
We have experienced significant growth, with revenue increasing from $80.3 million in fiscal 2016 to $125.7 million in fiscal 2017 to $190.2 million in fiscal 2018, representing year-over-year revenue growth of 57% and 51%, respectively. We experienced net losses of $33.6 million, $35.5 million and $27.4 million in fiscal 2018, 2017 and 2016, respectively. We expect we will continue to incur net losses for the foreseeable future.
Our Solutions and Platform
Our purpose-built cloud security platform offers two principal services built natively in the cloud.
Zscaler Internet Access
Our Zscaler Internet Access solution, or ZIA, was designed to securely connect users to externally managed applications, including SaaS applications and internet destinations regardless of device, location or network. Our ZIA solution provides inline inspection and firewall access controls across all ports and protocols to protect organizations and users from external threats as well as protecting an organization’s data from leaking out. Policies follow the user to provide identical protection on any device, regardless of location; any policy changes are enforced for users worldwide. Our cloud security platform provides full inline content inspection of webpages to assess and correlate the risk of webpage objects, continuously discovering and blocking sophisticated threats.