Cyber Defense, Sovereignty and Growth By Acquisition

volume xviii - issue 5

Palo Alto Networks and Their Acquisition String

I penned an article in September, “Cyber Growth, Building an Ecosystem”, featuring Palo Alto Networks (NASDAQ:PANW) as a proxy in cybersecurity.  Pointed out there, that an astute investor would want to know about Palo Alto’s business with the government.  Cyber Defense is a strategic mission within developed countries that lives in both the military and the intelligence communities.  The most sophisticated cyber attacks come from sovereign domains.

Some due diligence about relationships with Uncle Sam is warranted here.  There is a  tremendous advantage when a company is given an opportunity to build cutting edge technologies for the military and intelligence community.  We spend a lot of tax dollars in these branches of government.  There is a long history of game changing applications in IT that comes to us by way of government research.  Mega disruptors appear every ten years or so and often the base technologies come from the government.

Alliance with Israeli Intelligence

Palo Alto does not segment government sales in financial statements.  Nor do they divulge much about their R&D efforts.  And they certainly don’t publish information about our government’s alliances with foreign countries.  So, it’s worth a deeper dive into the history of Palo Alto, its founders, financing, and evidence of government relationships that can be parsed from evaluating their acquisitions.

Palo Alto has been acquisitive from the start, founded by Nir Zuk in 2005.  He retains the role of CTO and is a board member. Mr. Zuk served in the Israeli Defense Forces intelligence corps, Unit 8200, their SIGINT (signal intelligence) division.  Unit 8200 in the Israeli military is comparable to our National Security Agency (the NSA).

It’s not much of a stretch, given an acquisition string that includes many Unit 8200 alumni, to believe that our own national defense agencies team with Israel as a military ally and cooperate with international cybersecurity defense programs.

Israel is probably the best choice.  We engage in competing and hostile cyber activity with other parts of the developed world.  Just read the daily news to speculate about the countries we compete with and who are likely to be our cyber foes.


Cash is needed for acquisitions.  So far, Palo Alto has gone the route of public debt financing only twice.  $575m of convertible notes were issued in April 2014 that mature next year.  The notes convert at $110 per share so given current prices ($178 at this writing), it’s likely the notes will be retired in exchange for stock.  In August, another $1.5B in convertible notes was raised in a private placement.

Borrowing money for acquisitions is usually a signal that the management team believes their growth opportunities will create more shareholder wealth with debt finance than issuing common stock.  Key officers have a significant stake in their performance compensation plans with awards paid in common stock and stock options.

These new notes convert at an equivalent price of roughly $418 per share, more than a double premium over current share prices.  The notes mature in 2023.  In five years and given CEO Nikesh Arora’s growth plans, it is within reach.  Continuing the share repurchase program should also serve to concentrate equity and improve the price of the stock.

Summary of Early Acquisitions

Cash on the balance sheet as of July 31, 2018, including proceeds from the new debt is about $2.5B.  It’s clear that Palo Alto prefers acquisitions rather than organic growth, and the successful deals are vertical integrations adding certain niche cyber solutions.  Here are the early-on additions:

  • Morta Security – the first acquisition made in 2014, an automated threat protection platform with a variety of utilities beyond firewalls.  The founders and seed capital originated inside the NSA,

  • Cyvera – acquired in 2014 for $200m, a small Israeli security firm with 55 employees.  The technology blocks “zero-day” attacks introduced through endpoints.  It integrates well with Traps, the award-winning flagship offering at Palo Alto that secures fringe networks and,

  • CirroSecure – acquired in 2015, a Silicon Valley company.  The technology secures SaaS applications, like Dropbox and Google Drive, cloud versions of SalesForce and Office 365.

The total spent on acquisitions since 2015 is $675m, not including Morta and CirroSecure.  The terms with these two early acquisitions were undisclosed.

Recent Acquisitions

Here are terms of more recent deals:

LightCyber – was acquired in February 2017 for $105m cash.  The company was founded in 2011, and over the course of their four private funding rounds, raised $36.5m.  Shlomo Kramer, who has been called the “Godfather of Israeli Cybersecurity”, is an investor.  He is also a graduate of the Israeli intelligence community, and co-founded Checkpoint.

LightCyber tracks adaptable malware, a threat that morphs from its original fingerprint and can hide inside a computer network for months.  The company points out that “dwell time” from introduction to the network until attack, usually through phishing, can last on average five months.  The undetected software, that probably changed several times since infection, eventually will launch the attack suited to its original purpose, to create havoc or worse – denial of service, destruction, ransom and theft of key data.  In January LightCyber was rebranded.  Its new name at Palo Alto is “Magnifier”.

Evident.IO – of Santa Clara, CA was acquired this March for $300m cash.  Rebranded simply as “Evident”, this application focuses on securing physical infrastructure in the cloud.  This means the servers, switches, routers and firewalls that manage the cloud application.  Cloud computing today requires distributed networks.  The associated hardware and switching equipment need not be co-located in the same data center, nor on the same continent for that matter.

Evident brought along a stable list of US government customers.  They successfully raised $49.1 million in venture capital prior to acquisition, including an undisclosed amount from the CIA’s financing arm In-Q-Tel.  Evident chief executive Tim Prendergast points out that government investment allowed the company to work more closely with our military and intelligence agencies and helped align Evident’s product road map with their customers’ missions.

Secdo – incorporated in Israel with headquarters in Ra’anana (near Tel Aviv) is a new addition, following on the heels of Evident.  Terms were not disclosed.  Sources believe the Secdo deal was about $100m cash with some equity.  Secdo was founded in 2015 by Gil Barak and Shai Morag.  Both served in Unit 8200.  Secdo is an endpoint detection and response (EDR) company – the fastest growing niche of cybersecurity applications.

Endpoint detection has traditionally meant anti-virus software installed on a workstation and at the firewall.  Even though the threats still originate out in the fringes, EDR now has more to do with detection deep inside networks.  The application creates threads – strings of related events – and populates an incident report log integrated with Palo Alto’s Traps EDS.  Once an event is flagged as a potential breach, false positives are sorted out and an automatic defensive response is made within seconds.  This preempts the need for an immediate human reaction and gives the security team more time to evaluate and completely shut down the uncovered threat.

RedLock, Inc. – is the most recent transaction, closed last month for $173m in cash.  RedLock was launched in 2015 and raised $12 million while private.  RedLock addresses new international rules, the General Data Protection Regulation (GDPR), enacted by the European Union (EU) and effective last May.  GDPR requires cloud network vendors to prove they can secure their own infrastructure and protect their customers’ Personally Identifiable Information (PII).

The three largest cloud service providers, Amazon Web Services, Google Cloud and Microsoft Azure have done a decent job shoring up their networks.  GDPR as written has teeth.  The EU can impose penalties up to four percent of gross annual revenue for each instance of non-compliance leading to a breach and theft of PII.  Says RedLock founder Varun Badhwar, “We built a technology platform that’s entirely cloud-based [with a] very quick time to [create tangible] value since customers can just turn it on through API’s”.  This means that RedLock can easily link a company and its cloud application to its cloud service provider and can assure customers they are immediately GDPR compliant.


  • Palo Alto Networks is in the space of supporting US cyber defense initiatives in alliance with other countries, namely Israel.

  • It is assumed that the US and Israel devote significant budget for custom cyber defense software development.  Cybersecurity is such a large international threat that cannot be ignored.

  • A technique is used with this evaluation that probes the depth of a financial relationship between the United States and Israel in the growth of Palo Alto Networks, by means of exploring its acquisitions.

  • Of the complete list of acquisitions here, over $800m has been spent on companies with origins, operations and financing inside the US and Israeli military and intelligence agencies.  Well over half of what Palo Alto has spent on acquisitions since its inception.

Copyright © 2018 New Edge Analytics, All rights reserved

Cyber Growth, Building an Ecosystem

volume xviii - issue 4

Please see the companion article, NextGen Firewalls and the Cyber Business Cycle, on the New Edge Analytics website. New Edge considers Palo Alto Networks as a proxy for the cybersecurity industry and gives the company a Gold Performance rating.

Palo Alto Networks (NASDAQ:PANW) needs a strategy to maintain double-digit growth in a consolidating cybersecurity industry. New CEO Nikesh Arora has thrown down the gauntlet and challenged the company to grow the business 2 to 3 times current revenue. Doing the CAGR math, this means 15% to 25% annual growth over the next five years.

Investors need to look for success in developing an ecosystem. One that attracts the best talent in the industry, fills out the key industry segments by acquisition, and all at a time when it will become more important to avoid paying too much for the assets. I count human capital, particularly cyber programmers, informally as assets to the corporation. You simply need to hire the best hackers. Such developments won’t show up in quarterly earnings reports.

While 20% to 30% revenue growth has been the norm for PANW since they went public, firewall sales have slowed. The business of firewalls is midway through a technology refresh cycle that began in early 2017. When firewall replacements among Palo Alto’s customers and competitive wins are complete, it could be another three to five years before the next buying cycle returns for hardware.

The size of the market for all cybersecurity solutions in 2017 was about $138 billion in sales. There is a lot of very bullish sentiment out there, particularly among industry consultants. But Wall Street and CEO’s in the cybersecurity industry agree that a likely annual growth rate going forward is 8% to 10%. Taking the high side of the range, this makes a planning number for size of the market about $200 billion by 2021.

Palo Alto’s refresh product line falls in their Next Generation Firewall group among a bevy of cyber solutions. There are two offerings: VM-Series and GlobalProtect. PANW cites a competitive advantage with their NextGen firewalls. They have 54,000 and counting customers, and recent competitive wins versus Cisco, Checkpoint and Symantec.

When PANW went public in 2012, annual revenue was $225.1 million. For the fiscal year ending July 31, 2018, revenue was $2.3 billion. PANW stock trades at 10x fiscal 2018 revenue and is in the low end of a valuation range between 6- and 20-times trailing revenue using the price-to-sales ratio for guidance about valuation. Maintaining these growth rates requires scaling.

Mr. Arora was hired in part for his tenure at Google as Chief Business Officer, where he served in key strategic roles with the company from 2004 to 2014. Sales grew from $3.2 billion to $65.7 billion in that timeframe. He served as President and Chief Operating Officer at SoftBank between 2014 and 2016 and was widely thought to succeed CEO Masayoshi Son, until Son decided to stay on for at least five more years.

Palo Alto went live with Application Framework in August. This is the third iteration of attempts to create an open source software development platform for cyber coders that integrates with their firewalls. They absolutely must make it work this time. Growth in the industry is shifting to software subscriptions – cloud revenue – and Application Framework needs to be the catalyst at Palo Alto Networks.

Develop an ecosystem. Therein, lies the opportunity, and the risk.

Smooth Integration and Economics Required

By recent estimates, over 80% of security breaches happen in the application layer, so application security testing is the current buzz. If PANW can incorporate solutions to address the application threats and integrate the software with their Next Generation Firewalls, they should be successful in developing an industry leadership reputation.

Application Framework creates sticky relationships. Developers and their customers become dependent on PANW because they have already bought the firewalls. New Application Framework customers include Microsoft, ServiceNow, ProofPoint, Phantom, and Splunk. So there appears to be a market and Palo Alto is assumed to have pedigree. PANW promotes that AF will make it easier and less expensive to integrate software solutions with their firewalls.

The economics for developers in private cybersecurity companies include cheap access to next generation firewall technology, bloom on the rose from association with Palo Alto, and access to private equity and partnerships with the best cyber companies in the industry. It is difficult to hang a value on Application Framework because sales due to the platform are not broken out with revenue and expenses in financial reports. Contribution to sales, net income and a higher valuation are strategic initiatives and depend on the performance of the ecosystem.

Investors should look for an ecosystem and consider these variables:

  • Can new software go straight to a SaaS model,

  • Can the opportunities and financial incentives attract the best cyber programmers,

  • Can engineers’ compensation with acquisitions be applied to COGS,

  • Can new customers be acquired without adding salespeople,

  • Can key acquisitions be made at fair prices,

  • Can any premium paid be absorbed without increasing operating expenses,

  • Is there enough cash on hand and plentiful VC funding to incubate startups?

Employee compensation is the largest chunk of operating expenses. Silicon Valley reports non-GAAP net operating income/loss where the stock compensation expense is stripped out. Because of this, PANW has shown a non-GAAP net operating profit the last four years. In 2018 operating margin was 14% of sales. But financial statements must be adjusted for GAAP requirements and include share compensation as an expense, which creates a net loss and negative 6% operating margin for 2018. It’s notable that the negative operating margin is narrowing and half the amount in 2015.

The obvious attractions for software engineers are stock signing bonuses and compensation plans that include a large percentage of pay in the form of incentive stock options. This has been the Silicon Valley model for decades. Palo Alto has one of the largest percentage share compensation plans for employees in Silicon Valley. The only way to measure whether PANW is attracting the best talent is to ask around. Talk with the millennial engineers at the company, among PANW competitors and the FANG crowd. Who are the cyber rock stars and where do they work? This is a soft metric but may be the most important. Trade journals and local papers might have some good insight.

Qualification of Risks

PANW is publicly concerned with attracting large enterprise customers where they compete with Cisco and Juniper Networks, others that have a strong switch/routing platform with firewalls in the product mix. Probably the biggest risk, is the acquisition of a major competitor by a behemoth network equipment manufacturer who has an installed base among the largest enterprise customers and the government. Cisco buying Fortinet comes to mind as a possibility.

Virtually all PANW revenue is generated through resellers and channel partners – which would be a valuation risk if Arora and the board decide that PANW is for sale. With recent private cyber deals, the channel partner sales are stripped out of revenue when figuring the multiple. PANW as currently structured gives up a measure of control by relying on channel partners to build the business.

Next. ASC Rule 606, Revenue from Contracts with Customers, is an accounting standard published in 2014 and required for revenue measurement this year. PANW has chosen the full retrospective method, which will be in place for the fiscal year beginning August 1, 2018. Adjustments will be included in the 2018 annual report when published, for prior accounting periods. This has an effect of boosting revenue in the year adopted, but less predictable figures in forward years.

There is much greater forgiveness charging employee compensation expenses to Cost of Goods Sold (COGS) in a software subscription model, where gross margin is many times a whopping 80%. And here is where accounting meets strategy. R&D software development is charged as an operating expense and can easily create a loss, particularly with the GAAP numbers. Via thoughtful acquisitions, if a new software-only cyber solution company is brought into the fold, it would be hoped that the bulk of the R&D effort was completed while the company was still private.

A Good Strategy for Scaling

Arora has spent his first three months as CEO with key customers, the management team, outside experts and integrators. When asked about generalizing Application Framework, he points out that customers want better integration in a market that has become fragmented. IT managers want to manage the cost and level of effort needed to incorporate solutions that work.

About $500 million was spent on acquisitions between 2015 and 2018. Goodwill and intangibles increased from $216 million to $664 million – so about $450 million in that period. It doesn’t seem that they are overpaying for new technology and new customers in the last three acquisitions. All three solutions are applied to segments in the industry that don’t overlap, and they are all software-based.

Total debt in April 2018 was $540 million and reflects the remaining obligation on convertible senior notes due for repayment or conversion by 2019. $1.5 billion of new capital was raised with convertible notes offered through a private placement and completed in August. Cash on the balance sheet for the fiscal year ending July 31, 2018, including proceeds from the convertible underwriting, is $2.5 billion. It’s likely this money in part is raised to finance more acquisitions tied into Application Framework.

Palo Alto already has in place a $20 million venture fund in association with Greylock Partners and Sequoia Ventures. One could reasonably assume that Arora can pick up the phone and call a partner at SoftBank given a deal that makes sense – would love to see his Rolodex! One could also make a case that all this access to capital and the Silicon Valley elite makes Palo Alto look like a private equity fund. An interesting point of view.

Guidance for Investors

Foremost, understand that the thesis by CEO decree is 15% to 25% per annum revenue growth in a business that is now widely forecasted to improve at a more modest 8% to 10%, which is about the compound annual growth rate for the S&P 500. Look for evidence in quarterly reports that the company is on that “fifteen to twenty-five” trajectory in their year-over-year statistics.

Look at the quarterly SEC filings, the 10-Q, for the income statement, under “Total Revenue”, and calculate the percentage of total revenue that is reported as “Subscriptions and Support”. This metric should be increasing annually. Reviewing this data quarterly might be too granular but it’s worth checking out. Per the most recent 10-K (page 41) the ratio is 61.7% so about two-thirds of total. “Product” listed under Total Revenue makes up the other third.

PANW doesn’t itemize their sales or discuss software development efforts with the US Government in reports. An astute investor would like to know more about this. Remember the soft data example about success with hiring the best hackers. Information about US Government installed firewalls, agencies participating with Application Framework, and cyber software R&D efforts, would be useful but hard to find.

The notion of ecosystem is about creating a community so that the best and brightest talent in the industry will seek to join the Application Framework platform. PANW will hopefully establish themselves as the go-to employer/partner due to pedigree of the new CEO, an installed base of firewalls, and access to billions of dollars in capital. The best acquisitions are going to win large swaths of enterprise customers, delivering to them SaaS solutions that integrate with firewalls.

Don’t be alarmed by a mega-deal that includes a competitor acquired by someone like Cisco. There is plenty of room in the market among the larger players, and PANW may in fact have the best solutions for cyber software and firewalls, for now and going forward if AF succeeds. Cisco makes switches and routers.

Decide as an investor how much you personally are willing to pay based on a multiple of sales. The price-to-sales ratio is currently 10x. The range has been 6x to 20x. With negative earnings, a price-earnings ratio has no meaning. It would be great if Palo Alto soon reports a quarterly profit on a GAAP-adjusted basis. Eventually everyone must grow up.

A broad NASDAQ selloff, or a selloff more specific to IT, isn’t farfetched in the next twelve months. This bull market has had a relatively normal cyclical rotation and IT is due to slow down. It’s ok to buy the dips if you are on board with the opportunities discussed here. Finally, growth and momentum investors will tell you that the fundamentals are bunk but, in the end, it pays to be able to make a buy or sell decision understanding both technical and fundamental characteristics of a stock. This is one of those truths that cannot easily be taught. Palo Alto is a great story. Tech stocks are volatile.

Copyright © 2018 New Edge Analytics, All rights reserved

NextGen Firewalls and the Cyber Business Cycle

volume xviii - issue 3

Firewall companies are midway through a technology refresh cycle that began in early 2017.  This is common in the IT sector.  All businesses go through growth cycles when sales are robust, and then fade a little.  Those who make it through a full cycle emerge with stronger product platforms and services.  The new technology achievements in cyber worthy of attention live in what is called a Next Generation Firewall (NGFW).  New Edge Analytics believes these new and updated features are a good proxy for the direction of the cybersecurity industry as a whole.

Cyber is a fragmented and consolidating industry and a big spend for IT departments.  Sales and order growth are likely to slow down in the next twelve months after the bulk of the new firewall hardware and related apps are installed.  Now is a good time to benchmark the new features.  Despite a plethora of cyber solutions and the thousands of companies working in the space, those companies that make the firewalls and have an application framework to peer with third-party software developers have the upper hand.

Palo Alto Networks (NASDAQ: PANW) is a New Edge Gold Performance company.  A gold performer is a company whose metrics are cream of the crop, with better financial performance than 90% of its peers over the past 26-weeks (half a year).  Gold Performance is a ranking that NEA awards based on data from financial reports and computer models, aggressive growth in sales and earnings, price and volume trading patterns of the stock, news releases and comments from the management team.

PANW has the financial depth to do it all – an application firewall, central and distributed controls for security equipment, encryption with a VPN (virtual private network) interface, traditional packet and port analysis, and endpoint management.  Cloud security at PANW is only a five-year-old effort.  They must adapt quickly to build market share to address increasing competition from Amazon Web Services, Microsoft Azure and Google Cloud.

The basics of how firewalls manage computer viruses and malware have been the same for over thirty years.  There have been lots of new risks and improvements.  A Next Generation Firewall goes beyond port and protocol inspection that denies or allows traffic through the firewall based on permissions.  The developing model takes the same idea and looks for misbehavior in the operating system and application layers.

A computer application has its own unique fingerprint so to speak. Applications have predictable behavior; how they use the CPU, how they manage resources like DRAM and storage, how they make program calls to the operating system.  Threat analysis also considers how the algorithms work, how the application communicates with other servers, network management and other cyber applications.

Threats also have their own signatures and are becoming a lot more complex.  Some of the most dangerous can live undetected inside a network for an extended period before exploiting a vulnerability and creating havoc.  Operating directly on databases and applications, these threats as a group are called ‘malicious code’.

Malicious code searches for a path to hack and disable an application or steal database records.  Of the most formidable challenges ahead, is the ability to detect and manage threats enabled with Artificial Intelligence.  AI-enabled malware has the disturbing ability to repeatedly morph into another difficult if not impossible to track piece of harmful code that remains hidden inside the network.

In the business of cyber, the ability to find, analyze and shut down malicious code can be grouped according to techniques.  Vulnerability assessment, dynamic firewall, threat mitigation, threat detection, and incident response are the most common classifications.  Leading edge solutions in these categories are the industry fundamentals that management and investors must understand as the business of cyber continues to mature.

The Palo Alto Networks Application Framework, beyond the ability to manage all of Palo Alto’s own hardware and cyber applications, allows integration with software made by third parties.  PANW will be rolling out Application Framework over the next twelve months, it was discussed extensively in their last earnings conference call in June.

Rapidly becoming a threat, and maybe the most vexing problem to challenge cyber defense programmers, are thugs (a personification) that penetrate the network through endpoints; mobile devices, sensors and IoT actuators for automated factories and connected cars.  The list in a world of IoT is possibly endless.  Microsoft, Amazon and Google are keen to build endpoint defense and working on it now.  Palo Alto is addressing the endpoint race with their Traps Advanced Endpoint Protection.

Rather than a piecemeal approach to traditional antivirus protection, Traps AEP provides its own application framework to manage viruses and malicious code, particularly those threats introduced by endpoint devices.  NSS Labs published its 2018 Advanced Endpoint Protection (AEP) Group Test  in April, an independent evaluation of twenty endpoint cyber solution vendors and announced the results at RSA 2018.  The findings placed Traps AEP 4.1 at the top of the list. Traps AEP 5.0 was released in March.

A final bit about the economic cycle and a consolidating industry:  M&A in this space will be vibrant over the next 24 months.  Stick to looking for companies who make network routers, switches and firewalls as the buyers.  Stick to evaluating the main categories of cyber solutions.  A good solution by a small company with paying customers still will need a parent or a peer to grow.

Avoid giving much attention to companies who claim to have a – unique and independent solution – to a cyber threat, other than in one or more of the categories mentioned here.  The classifications for threat management are clear by now and they are going to live in hyper-programmable firewalls with portable cyber application development platforms.

Copyright © 2018 New Edge Analytics, All rights reserved.

The Loudoun Technology Coalition Solicits Advice from a Panel of Blockchain Experts

volume xviii issue 2

Written by Tom Finkenbinder, New Edge Analytics

In May, the Technology Coalition of Loudoun County hosted an event on blockchain.  Coalition co-chair Paul McNeal worked with the panelists who represented business process engineering, enterprise IT and data center integration of blockchain, and purposeful blockchain applications built by developers.  Generally, the question was asked, “How would a company use blockchain to meet profit-achieving and risk management goals”.

Blockchain is a hot and newsworthy topic.  At first look, several key questions were asked.  Will blockchain technology be considered the next disruptor?  Should you jump on The Blockchain Train or watch for a while?  Will blockchain upend industries in the same way Amazon is reshaping brick and mortar retailers and ecommerce?

Economists already agree that blockchain is a general-purpose technology, with a great variety of potential applications across all industries and vertical markets.  But the main notion is that blockchain will make trading (economic transactions) more efficient.  The most impacted industries in the near term will be in the banking and financial services industry, to cut out the cost of the middle man.

Paul asked how blockchain technology should be evaluated and implemented in an organization and can blockchain applications be economical for companies of any size.  Generally, the advice of the panel was to start small, and the advice applies to companies of all sizes.  Pick one business process.  Analyze that process and either develop or find and acquire code to implement a blockchain application for your company or internal line of business.

Large companies can afford to buy, lease or build a blockchain transaction system.  It is a database application.  Look for solutions that can be integrated with a network service provider.  If the preference of the IT staff is to outsource the work, treat blockchain as an infrastructure application, such as Storage as a Service, or a private VPN. An organization who has an IT department with programmers, would build an encrypted database on a secured server.

Programmers and managers should treat the project with the same life cycle engineering techniques as any internally generated database application.  Use version control.  For now, this is a simpler and less expensive strategy to acquire the technology, and to avoid missing or falling behind on potentially ‘the next big thing’.  If built correctly the database can be migrated to a vendor or network service provider as application usage grows and upscaling becomes an issue.

Per one of the programmers on the panel, it is not terribly difficult to code scripts and build applications that handle the creation and management of blocks.  What is difficult, is managing the Quality Assurance (QA) loop with the code development process.  A high degree of confidence needs to be accepted, that the code is bug-free when it goes live.  This is most important with applications using tokens.  Real money is at stake with cryptocurrencies.  There are instances where coding errors are responsible for tokens being sent to bogus accounts or that they simply disappear from the network.

Not unlike databases in use today, an organization must consider the risk of a malicious threat; someone with intent to disrupt a process or steal private information or steal cryptocurrency.  This is always a risk with programmers inside the company.  So internal authentication, tracking methods and rules of use need to be established.  On the outside, the blockchain application needs to be robust so that the transmission channel is fully encrypted, and access to the information is controlled.  The default consideration is to treat the database like a vault, the entire resource and appliance should be encrypted and the API’s protected as they are developed.

Finally, and going forward, there is regulatory risk and most people eventually find themselves thinking about the possibility of a cryptocurrency shutdown by the Fed for example. So, if a company decides to use a cryptocurrency for trade, and so as not to be surprised at a minimum, or deprived of a large sum of money, be sure to find a blockchain company who is properly advancing/establishing their cryptocurrency through application to financial regulators. And remember, start small.

Paul wrapped up the event with a challenge to the Chamber and the greater Loudoun community; to implement a blockchain application.  He asked to explore use of a blockchain database to manage the voting for awards the Chamber makes to members as an example.  Another and slightly more ambitious project would be to establish a unique cryptocurrency for the Chamber – to allow members to conduct transactions with each other and avoid their credit card transaction fees at the point-of-sale. Stay tuned!

Copyright © 2018 New Edge Analytics, All rights reserved.

More Than an Indestructible Bull Market

volume xvii issue 4

The Financial Accounting Standards Board (FASB) and the IASB (FASB’s international peer) jointly released Accounting Standards and Codification Rule 606 as a requirement for companies to report revenue, with a few exceptions, in the accounting period earned.  In other words, when the vendor is paid.  Heretofore, revenue smoothing techniques were allowed in certain industries, so that companies could record average income over several years.

ASC 606, aka “Revenue from Contacts with Customers” is widely considered the most significant change to accounting standards since Sarbanes Oxley.  606 has been in development for a decade.  It goes live January 1, 2018.

In January, when full-year earnings reports for 2017 come out, US stock prices will react poorly due to greater uncertainty in corporate earnings, than due to Republican/Democrat competition for new legislation, unease about President Trump’s domestic and foreign policy decisions, combined.

The Rule affects publicly traded companies reporting adjusted sales for the fiscal year ending in December 2017.  For privately held companies, the deadline for compliance is December 2018.  Companies must also be prepared to disclose more information about their contracts and order backlogs in notes to financial statements.

In a recent publication from Citigroup, "We expect that (the new rules) will cause significant investor confusion over the next 12 months to the financial analysis of companies ranging from small companies up to the largest, including Microsoft”.

And here’s why.

ASC 606 requires all industries to use the same reporting guidelines.  Companies like Yum Brands (owners of Kentucky Fried Chicken and Pizza Hut) and Proctor & Gamble (laundry detergent, toothpaste and paper towels) aren’t much affected by the Rule since consumer products manufacturing and retailers have no economic need to defer revenue.  Income at every stage in the supply chain is recorded at the point-of-sale.

But a lot of other multi-billion-dollar industries are affected.  Revenue smoothing is enjoyed by companies who have large, multi-year contracts with government and private industry.  Companies that build roads and bridges, data centers, manufacture aircraft, submarines, and rail engines are particularly impacted.  With defense industry contract labor, a dominant source of employment where I live in Washington DC, the current practice of recognizing order backlog can no longer be used to adjust reported revenue.

Here is an example:  Let’s say Company A sells contract labor for software development to the Defense Department.  Company A is awarded a contract with total revenue of $10M, earned over the five-year life, aka “period of performance”.  $2M is claimed (booked as revenue) per year with current smoothing methods, allowed by law.  Without smoothing, Company A must book revenue when it’s received, so maybe $3M in year one is recorded.  Then $1M in each of the following two years.

Let’s say further that up to $5M is forecasted to be received in years four and five, depending on performance incentives.  Standing alone, this contract would now show a revenue drop by two-thirds after the first year.  And maybe the government included provisions in the contract to cancel at any time after year two – not an uncommon caveat.

Contract cancellation can occur if the vendor doesn’t perform well, or if the government decides to change the scope of work, or wants new pricing.  Now the out-year revenue forecasts have become entirely a wildcard.  Those estimates cannot be included on the income statement.  Instead, the revenue risks are highlighted in notes to the financial statements with no material impact to the bottom line.

The math for calculating cash flow in the future is pretty simple.  To evaluate projects, Company A must apply a higher discount rate, maybe derived from higher borrowing costs, that reduces the likelihood or guarantee of sources of future income.  The result, and Wall Street analysts can run the numbers pretty quickly, is a lower valuation for the company, and in turn a lower share price.

Stock price targets in the most impacted industries need to be adjusted downward and the market will react to the change.  The effect is equally painful if the company wants to be acquired.  It won’t fetch as much in the M&A marketplace than it would have a year ago. M&A deals are valued on sales (more so than earnings), cash flow and working capital.

With software, entirely SaaS companies are expected to be the least affected among the industry group.  Once the application or an update is released, the vendor is paid monthly.  Thirty years of historical pricing with multi-year site license and user agreements – enterprise installations – will be a memory soon.  Have these accounting changes been anticipated by the software industry?  Do the changes support pricing via recurring revenue in the cloud? Look at Adobe.  Look at with Oracle nipping at their heels for the lion’s share of cloud revenue.  You bet it’s strategic!

So where are the profit opportunities?  ASC 606 is an accounting change to reporting requirements on financial statements.  ASC 606 is not a change of the underlying fundamentals and business opportunities of the company or the industry it's in.  So view this as a temporary uncertainty that could lower stock prices and present buying opportunities.

Earnings are a real concern in Q1 2018 for these affected companies, given the backdrop of a complacent US stock market immune to bad news.  Investors on the buy side benefit, provided they keep cash available and are willing to stomach the risk. Forget about the 24-hour news cycle.  We are way overdue for a market correction anyway.  Stay tuned for more volatility, and a little more drama in 2018.

Copyright © 2017 New Edge Analytics, All rights reserved.

Chips Ride Atop the Leader Board, Part 2

volume xvii issue 3

Macom, Inc. of Lowell, Mass. (NASDAQ:MTSI) has been busy building semiconductors for more than sixty years, primarily microwave applications for the military.   Wall Street analysts consider Macom the last remaining pure play focused on microwave chips for radio.  These chips can be used in all sorts of applications.  Commercial cellular telephone frequencies in North America occupy spectrum at about 700-900 MHz for 3G/LTE, and microwave frequencies north of 2 GHz employed with 4G/LTE and in planning for 5G/LTE networks.

Today we categorize chip manufacturers based on whether they fabricate their own – a foundry with etching and photolithography equipment.  Otherwise we call these fabless, which means the companies design chips but outsource the manufacturing.  Macom considers themselves ‘fab-lite’.  They maintain a facility near headquarters outside of Boston for high-end applications, testing, and R&D.  The bulk of the manufacturing business is outsourced to six foundries in Asia.

CEO John Croteau likes to proclaim that Macom’s future is blessed with the insatiable demand for communication in all varieties, and has centralized Macom’s strategy on chips placed with OEM’s building Ethernet port cards and switches for data centers.  He points out, that of bits traveling in the cloud, three quarters of the traffic is inside the data centers.  Macom estimates there are 40M Ethernet ports in North American data centers today, and they are using a planning number of 70M by 2020.

Macom’s big deal right now is a growing foray into optics.  Via acquisitions for the most part, they build chips that produce pulses of light in a single wavelength, and the chips needed to amplify the light connected to fiber optic cable. Macom completed an acquisition of Applied Micro Circuits Corporation (NASDAQ:AMCC) in January following a trend of consolidation in the business that has been going on for a couple of years.  Macom paid $770M in cash and stock for the company.

The winning piece with the acquisition is Applied Micro’s progress with PAM-4.  In a layman’s description, PAM-4 is a set of rules that describes how to translate light over a fiber optic link into usable information.  Data centers have endorsed PAM-4 as the optics standard for moving to 100 Gbps and faster speeds.  This is a not-so-often case where less is more.  Important because PAM-4 reduces the lasers and drivers needed in current circuit modules from four to one.  Multimode fiber has some speed limitations above 100 Gbps that are avoided when using a laser source transmitting only one wavelength over the fiber.

Speed with this architecture is now a function of grouping modules together rather than multiplexing.  All you need to know is that modules using only one flavor of light are faster and cost less to make than multiple wavelength solutions.  Four 100 Gbps PAM-4 modules can be bound together to make a 400 Gbps ensemble on one Ethernet port.  The data center business predicts the rollout to fully 400 Gbps capable hardware by 2018/2019, just around the corner.

The other jewel with the AMCC acquisition brings hardware-based encryption via the IEEE 802.1AE link-layer standard.  This standard defines how an Ethernet card keeps track of an encrypted data signal coming and going between two capable ports.  802.1AE is called MACsec.  Cisco has a significant role along with other IT communications hardware companies in designing the 802.1AE standard.  Prior to the merger, AMCC was already way out in front of the pack as a strategic supplier of MACsec technology to major OEMs.  Without the hardware encryption, data centers would be easy cyber-targets for malicious hackers at the network layer.

Together, MACsec (hardware encryption) and PAM-4 (optics-based modulation) technologies acquired through M&A have given Macom a seat at the table for architectural discussions with the world's leading enterprise and cloud data center providers to deliver single-mode, fiber-based optical transmission.  PAM-4, now adopted by the IEEE as a commercially suitable optics solution, is expected to be the most cost-effective and efficient enabler of 100/400 Gbps transmission in data centers for years to come.

Last September in Düsseldorf, Macom and BrPhotonics made a demonstration at a trade show with AMCC’s 100 Gbps PAM-4 technology.  Macom successfully repeated the demonstration with Sumitomo Electric, at the Optical Fiber Communications Conference – 2017 in Los Angeles, and announced the new chips as soon to become commercially available.

The other really big deal in Macom’s portfolio is the progress they have made replacing Gallium Arsenide with Gallium Nitride for microwave power amplifiers.  And at reasonable cost with non-government applications.  New GaN amplifiers will be installed in the base stations for cellular telephone antennas at the tower.  The most lucrative, near-term opportunity lies with the rollout of 4G/LTE base stations – a billion-dollar semiconductor market – where GaN plays a critical role in the ability for carriers to expand network coverage, increase data rates and reduce energy costs with operating base stations.

Cell towers and base stations never sleep.  The networks operate 24/7, 365 days a year.  The more robust the amplifier equipment, the better, and major carriers like AT&T and Verizon can afford switching to GaN.  These benefits are rooted in the material science of GaN as a semiconductor, which yields superior power efficiency, signal bandwidth and clean operating frequencies for the most advanced 4G/LTE and future 5G/LTE networks.

There is a bit more relevant detail with the financing that surrounds all of this M&A activity, and Macom issued their IPO in 2012.  The stock is closely held by founders.  Stay tuned for a follow-up discussion in this blog about the financials, to be posted in July.

Copyright © 2017 New Edge Analytics, All rights reserved.

Chips Ride Atop the Leader Board, Part 1

volume xvii issue 2

Semiconductor manufacturing is the most complex industrial feat we take on as a species - worldwide.  Modern microprocessors are incredibly complex housing more than a billion transistors, each about .02% the width of a human hair.

Semi (chip) manufacturing seemed until a few years ago, to have matured, enjoying plenty of worldwide building capacity despite the investment and technology challenges.  But then the industry suffered brutal price competition for central processing units (CPU's) and memory chips as the business commoditized.

Due to the continuing evolution of the Internet and the ability to merge software with chips, manufacturers again have the ability to create economies of specialization, allowing suppliers to set prices in certain markets.

Look at a company like Intel whose stock price showed a secular bear market pattern - lower highs followed by lower lows - for a decade.  Intel suffered the tech bust in 2000 and it was 2009 until it seemed to turn a corner.  An extended period of low interest rates certainly goosed capital and R&D spending.  Intel both designs and builds chips.  The foundry business is extremely capital intensive.

Now we have a growing list of ‘fabless’ semiconductor companies who design the chips and outsource some or all the manufacturing to the foundries.  I have long held the belief that the day would come when semiconductor companies could cheaply burn applications onto chips, shorten the manufacturing cycle, and better control inventory pushed into the supply chain.  And that's exactly what's happening.

Nvidia (NVDA:NASDAQ) is the Wall Street darling in the space of bit-level processors, up 600% in five years, 200% last year alone.  Remember when Nvidia was the graphics card you bought for your PC with a special chip that made the monitor look great without slowing it down?  Pre Dell, XBox, eBay and Amazon, you bought the card and the games from ComputerLand, Radio Shack or Best Buy, wherever you would go to buy a PC.  You controlled the game from your keyboard, maybe you bought a joy stick.

Guys who worked for me when I ran a help desk at a large financial firm in 1995, figured out how to group-game on the Ethernet behind our firewall.  Our workstations were video enabled for bit-mapped graphics.  They thought that I didn't know, but I allowed it and the network administrators never caught on.  Now these chips are capable of heavy duty bit flipping for lots of high performance computing applications.  No longer a chip on an insert-able card, it is called a Graphics Processing Unit (GPU) and can run alongside the CPU as a dual processor to make servers run faster.

Nvidia has transformed from a special-purpose semiconductor company for games and graphics, to one that can build general-purpose processors, like a CPU.  NVDA would rather call their solutions a platform, offering a suite of chip-enabled applications.  The marketing slant is in their pubic presentations and financial reports.

The thing that has really changed our company, what really defines how our company goes to market today, is really the platform approach, that instead of just building a chip that is industry standard, we created software stacks on top of it to serve vertical markets that we believe will be exciting long term that we can serve. And we find ourselves incredibly well positioned now in gaming, in AI and in self-driving cars.
NVidia CEO Jen-Hsun Huang

Bank of America Merrill Lynch (BoAML) published a Semiconductor Playbook in January and it is convincing that NVDA has leadership - as in top of the heap - with these chip applications:  PC gaming (still 60% of NVDA revenue with an 18% CAGR), Artificial Intelligence (deep learning), AI for self-driving and co-piloted cars, and a budding Virtual Reality (VR) business.

Beyond the predictable cash flow from the gaming business, if just one of these new businesses blooms and NVDA sticks to a fabless model, they win.  Regardless of competition that validates their markets, they are first to the dance with a meaningful customer base and financial commitment, and negligible CapEx.

Artificial Intelligence is the biggest wager in bit-level computing per Goldman Sachs, who sees the current addressable market at $5B - $10B in annual sales.  Compare these estimates to total annual sales in the semiconductor industry at $350B.  That is a lot of headroom.  As of the third calendar quarter 2016, Goldman Sachs estimates there are about 1500 AI startups worldwide, nearly all running the applications in the cloud.  AWS, Azure, and IBM Cloud are favorites to house co-processors with burned-in apps, designed to easily scale along with CPUs in data centers.  Startups fuel the bleeding edge innovation, venture capital, private equity investment and M&A pipeline.

Copyright © 2017 New Edge Analytics, All rights reserved.

Equinix Buys Verizon Data Centers

volume xvii issue 1

Driving home on one of the coldest nights this winter, past the data centers on Waxpool Road, I notice the billowing steam from the HVAC systems, but not from smoke stacks.  It strikes me that these are our 21st century factories.  Bits – small reference voltages – come in, bits are massaged, bits go on their way back to a user or routed somewhere else.

Amazon has a co-location site in Loudoun County, Virginia.  Microsoft is here, Facebook is here, Google is here.  Many others.  Equinix and Verizon issued a news release in December that EQIX is buying 29 of Verizon’s data centers including NAP (Network Access Point) of the Americas in Miami, NAP of the Capital Region, others in Sao Paulo, Brazil and Bogotá, Columbia.

This was announced as a $3.6B all-cash deal.  It is notable this month that EQIX successfully closed €1 billion in new term financing (8-K filing date January 9) to help with the additions – double the original Euro borrowing estimate.  Understandably this indicates that EQIX is bullish, using leverage rather than only cash and equity to add these operations to their portfolio properties.

2.4 million gross square feet of rack-available space will be annexed bringing the EQIX point of presence to 17 million gross square feet reaching 43 markets.  EQIX believes the acquisition is immediately accretive to AFFO (AFFO, a REIT’s measurement of earnings and capital spend).  But $40 million of the deal requires integration costs, which analysts believe pushes a fully-accretive impact 16 - 18 months after closing.

So Verizon divests real estate businesses and will be buying Yahoo!  Equinix picks up lucrative NAP sites that fit with their core business.  Strategically, great idea for both.

Copyright © 2017 New Edge Analytics, All rights reserved.


volume xvi issue 10

These blogs and those to come express my thoughts about news in the IT industry impacting meaningful long term trends - microsteps in the evolution of IT that cannot be easily undone.  Newsworthy this month is the merger announced between NXP Semiconductors and Qualcomm.  Originally pegged at $30B, QCOM proposes to acquire NXPI per news late last week for $110 per share, an all-cash deal.  Shares of QCOM are rich at this point and the prevailing advice is to assume a risk-off position here; the deal could fall through, corporate earnings could disappoint, the election is a wild card for stocks anyway you look at it.  If the acquisition is delayed due to regulatory action, then NXPI is a good short here if you have risk appetite.

Valuation discussions are ongoing at this writing.  Both companies have, for me, a most compelling story in the future of the Internet of Things.  NXPI – originally the semiconductor manufacturing arm of Koninklijke Philips N.V – only last December acquired Freescale Semiconductor for nearly $12B.  And Freescale has pedigree as the original semiconductor business at Motorola, added to their portfolio in 1948.  Motorola was one of the first technology companies to make radios for the military, and in recent decades, many applications with semiconductors in the automotive industry.  Think chip-enabled safety and security features, and the Google Self-Driving Car.

Motorola spun off Freescale in 2004.  When NXPI and Freescale combined, they at once became the largest manufacturer of chips for cars.  NXPI also has the lion’s share of the market for near field communication chips that enable tap-to-pay features used in mobile phones.  This technology will increasingly show up in the guts of hardware that allow IoT devices to communicate.  Not to mention, improved capabilities of smartphones, ID chips for credit cards and the like.

Qualcomm of course was a pioneer with spread spectrum technology (CDMA modulation) that became the commercialized wideband radio access method for wireless phones in the 1980’s.  Spread spectrum technology is the foundation of modern 3g and 4g cellular networks. Qualcomm’s OmniTRACS system for truckers was one of the first of its kind used as a commercialized CDMA application.

Inside the Beltway this merger is a sentimental win, as all of these technologies grew out of military research, government and private partnership laboratories, that were later enabled by companies who made the right choices along the way in taking advantage of disruptive improvements in radio – further enabled by the Internet.

Other risk-off comments:  Small cap and mid cap stocks are overvalued at current prices and should be avoided.  If the market experiences a sharp decline or consolidation, large and mega-cap stocks with solid earnings growth and healthy dividends would be good portfolio additions.  I typically look at a stock’s current price-earnings multiple and evaluate as over or under its average multiple for the prior decade, and buy typically when the ratio is under its long term average if nothing has changed with the stock’s fundamentals.  Dividend yields among large cap stocks are fairly valued.
Tom Finkenbinder

Copyright © 2016 New Edge Analytics, All rights reserved.