8/3/2021

speaker
Operator

Good day, and thank you for standing by. Welcome to the Q2 2021 Akamai Technologies, Inc. Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star 1 on your telephone. Please be advised that today's conference is being recorded. If you require any further assistance, please press star 0. I would now like to hand the conference over to your speaker today, Tom Barth, Investor Relations for Akamai Technologies. Please go ahead.

speaker
Tom Barth

Thank you, operator. Good afternoon, everyone, and thank you for joining Akamai's second quarter 2021 earnings conference call. Speaking today will be Tom Layton, Akamai's Chief Executive Officer, and Ed McGowan, Akamai's Chief Financial Officer. Before we get started, please note that today's comments include forward-looking statements, including statements regarding revenue and earnings guidance. These forward-looking statements are subject to risks and uncertainties and involve a number of factors that could cause actual results to differ materially from those expressed or implied by such statements. The factors include uncertainty stemming from the COVID-19 pandemic and any impact from unexpected geopolitical developments. Additional information concerning these factors is contained in Akamai's filings with the SEC, including our annual report on Form 10-K and quarterly reports on Form 10-Q. The forward-looking statements included in this call represent the company's view on August 3rd, 2021. Akamai disclaims any obligation to update these statements to reflect future events or circumstances. As a reminder, we'll be referring to some non-GAAP financial metrics during today's call. A detailed reconciliation of gap and non-gap metrics can be found under the financial portion of the investor relations section at Akamai.com. And with that, let me turn the call over to Tom.

speaker
Tom Layton

Thanks, Tom, and thank you all for joining us today. I'm pleased to report that Akamai delivered excellent financial results in the second quarter, coming in at or above the high end of our guidance range for both revenue and EPS. Q2 revenue was $853 million, up 7% year-over-year and up 5% in constant currency. Non-GAAP operating margin in Q2 was 32%, which reflects our continued focus on operational efficiency, even as we've continued to invest for future growth. Q2 non-GAAP EPS was $1.42 per diluted share, up 3% year-over-year. Akamai Security Solutions continued to perform especially well in Q2, generating revenue of $325 million, up 25% year-over-year, and up 22% in constant currency. Cyber attacks generated headlines throughout the first half of the year, and our strong growth reflects the criticality of security to organizations in every sector and geography of the world. Akamai is increasingly recognized as a security leader that offers not just innovative and market-leading solutions, but also insights into an enormous amount of internet data and threat intelligence, a massive distributed platform at the edge of the internet where most attacks originate, and the technical expertise of one of the industry's largest and most experienced teams of security professionals. The strong growth of our security portfolio was driven by several product lines. including our market-leading solutions for web app firewall, bot management, DDoS prevention, and access control. Our recently released Akamai Page Integrity Manager continued to have rapid adoption in Q2. Page Integrity Manager helps businesses protect their users from having credit card data or other personal information stolen by malware embedded in third-party content. It's also designed to prevent user data from being intentionally or inadvertently sent to third parties, such as advertisers or social networks, which can result in a violation of privacy laws and steep fines. As an example, one of our customers is a leading furniture retailer. Page Integrity Manager detected that one of their partners, a major social media platform, was taking their shopper's email addresses in violation of their data privacy rules. Page Integrity Manager blocks such transfers of personal data and immediately notifies our customers so that appropriate business actions can be taken. In June, we entered beta with a related solution that we call Audience Hijacking Protection. Audience Hijacking Protection is designed to detect and block malicious or unwanted activity from client-side plugins, browser extensions, and malware. For example, it can quickly identify vulnerable resources, detect suspicious behavior, and block unwanted ads, pop-ups, affiliate fraud, and other malicious activities that attempt to hijack a retailer's audience. Initial customer interest in this new capability is very strong. Akamai Bot Manager also continued to perform very well in Q2. with revenue growing 40% year-over-year. Bot Manager now has nearly 800 customers with an annualized revenue run rate of nearly $200 million. Our customers use Bot Manager to thwart a variety of unwanted activities and attacks, such as price scraping, inventory manipulation, credential stuffing, and account takeover. Recently, we enhanced our ability to defend against account takeover attempts with a beta launch of Akamai Account Protector. It's designed to proactively identify and block human fraudulent activity using advanced machine learning, behavioral analytics, and reputation heuristics. Account Protector intelligently evaluates every login request to determine if it's coming from a legitimate user or an impersonator. Q2 bookings were also strong for our Perlexic service, which helps organizations defend against the surge of ransom DDoS attacks that began in Q3 of last year. As an example, a leading financial analytics company recently adopted Perlexic to protect them from this growing threat. Prior to that, the company faced operational and technical challenges from needing to manage multiple security technologies from various niche vendors and cloud service providers. Since consolidating with Akamai, they have greatly benefited from reduced complexity, improved security, and greater consistency for compliance and risk management across their many business units. As you all likely know, there have been widespread ransomware, data theft, and other malware attacks against major enterprises this year. Included were well-publicized attacks on critical infrastructure at a major pipeline company, the world's largest meatpacker, and a freight operator that serves as the lifeline for two popular island destinations in New England. The need to stop these kinds of attacks is driving organizations to adopt new zero-trust and secure access service edge, or SASE, solutions, such as those offered by Akamai. For example, when the Exchange server attack hit thousands of organizations in March, Akamai's email wasn't compromised because our IT department uses Akamai's enterprise application access solution, which prevented unauthorized access to our Exchange server. Our access control suite of products continued to be Akamai's fastest growing security segment in Q2, with revenue up 161% year-over-year, including the acquisition of Asavi, and up 57% on an organic basis. As one example of a new customer, we closed a large security contract in Q2 with a company that helps maritime operators manage risk. This company has thousands of employees and hundreds of offices throughout the world. They adopted our enterprise application access and Kona Site Defender solutions to secure the access to their applications and to protect their internal systems from malware and other threats. I'll now turn to our CDN portfolio, which generated revenue of $528 million in Q2, down 1% year-over-year and 4% in constant currency. This result was in line with our expectations and reflects the challenging comparison against last year's pandemic-related jump in traffic and the loss of revenue from Chinese applications that were banned from India in July of 2020. Traffic on our platform remains strong in Q2, with peaks exceeding 130 terabits per second every day throughout the quarter. This enormous amount of traffic provides strong evidence of how much customers relied on our platform's unparalleled scale and reach, which is enabled by more than 4,200 points of presence at the edge. in 135 countries around the world. Our tremendous global presence is especially important to the world's major broadcasters who continue to look to Akamai to deliver the world's most significant events. For example, during the recent European football tournament, the peak traffic that we delivered globally for more than 30 broadcasters was 35 terabits per second, nearly five times the peak observed in 2016. Our fast-growing edge application segment delivered $47 million in Q2, up 35% year-over-year, and up 32% in constant currency. This rapid growth rate reflects the shift of compute workloads from core data centers, on-prem or in the cloud, to our edge platform for offload, improved performance, security, and global scale. For example, each time a user accesses one of our retailer customer sites, The retailer's geolocation code is executed on an Akamai Edge server to identify the user's location and then deliver content tailored for that location. Overall, we're now supporting an average of 5 billion such Edge computing instantiations per day on our platforms. In summary, I'm pleased to report that we've executed according to the plan we outlined for investors during our February analyst day. In particular, we've continued to achieve strong demand from customers for our security and edge computing solutions, diversification of our business across products, geographies, and sales channels, and strong financial performance on both the top and bottom lines. Before turning the call over to Ed, I'd like to formally welcome Sharon Bowen to our board of directors. Sharon's had extensive experience in financial and securities transactions for large global companies, and we're very much looking forward to benefiting from her engagement and counsel. In addition, as many of you know, our board is now chaired by Dan Hesse, who succeeded Fred Salerno in June. Dan has held senior management positions in the telco industry for many years. including as CEO of Sprint. He's also recognized as a leader in ESG and is providing valuable advice and oversight to our senior management team. Of course, we all deeply appreciate Fred's many years of outstanding leadership and service to Akamai, and we wish him the very best in his future endeavors. I'll now turn the call over to Ed to provide further details on our Q2 results and our outlook for next quarter and the full year. Ed?

speaker
Tom

Thank you, Tom. As Tom outlined, Akamai delivered another excellent quarter. Q2 revenue was $853 million at the high end of our guidance range and up 7% year-over-year or 5% in constant currency. Revenue growth was led by broad-based strength across our security business globally. Revenue from our security technology group was $325 million, up 25% year-over-year were 22% in constant currency. Security now accounts for 38% of our total revenue. We saw strong performance across our major security products, including Bot Manager, Prolexic, and our Access Control product suite. Revenue from our edge technology group was $528 million, down 1% year-over-year, or 4% in constant currency. These results were in line with our internal expectations, which factored in challenging comparisons from our outstanding CDN results in Q2 the year ago. The tough year over year compares within our edge delivery business offset the continued strong growth in our edge applications business. Foreign exchange fluctuations had a negative impact on revenue of $2 million on a sequential basis and a positive $19 million on a year-over-year basis, largely in line with our expectations. International revenue was $403 million, up 15% year-over-year, or 9% in constant currency. Sales in our international markets represented 47% of total revenue in Q2, up three points from Q2 2020, and up two points from Q1 levels. As a reminder, our Q2 results last year included approximately $15 million of revenue from China-based apps that were banned in India from Q3 2020 onwards. Adjusting for this impact, international growth would have been approximately 20% year over year and 14% in constant currency. Finally, revenue from our U.S. market was $450 million, up 1%, year-over-year. Moving now to costs. Cash gross margin was 76 percent, in line with our expectations. Gap gross margin, which includes both depreciation and stock-based compensation, was 62 percent. Non-gap cash operating expenses were $259 million, slightly below our guidance range due to lower than expected hiring during the quarter. Now moving on to profitability. Adjusted EBITDA was $386 million. Our adjusted EBITDA margin was 45%, in line with our guidance. Non-GAAP operating income was $270 million, and our non-GAAP operating margin was 32%, slightly favorable to our guidance due to lower operating expenses I just mentioned. Capital expenditures in Q2, excluding equity compensation and capitalized interest expense, were $138 million, consistent with our guidance range. Gap net income for the second quarter was $156 million, or 94 cents of earnings per diluted share. Non-gap net income was $233 million, or $1.42 of earnings per diluted share, up 3% year-over-year down 1% in constant currency, and 2 cents above the high end of our guidance range. Taxes included in our non-GAAP earnings were $39 million, based on a Q2 effective tax rate of approximately 14.5%. Now I will discuss some balance sheet items. As of June 30th, our cash, cash equivalents, and marketable securities totaled approximately $2.6 billion. After accounting for the $2.3 billion of combined principal amounts of our two convertible notes, net cash was approximately $281 million as of June 30th. Now I will review our use of capital. During the second quarter, we spent approximately $96 million to repurchase shares, buying back approximately 900,000 shares. We ended Q2 with approximately $417 million remaining on our previously announced share repurchase authorization. Our plan remains to leverage our share buyback program to offset dilution resulting from equity compensation over time. Moving on to Q3 guidance. We are projecting Q3 revenue in the range of $845 to $860 million. We're up 7% to 9% as reported. We're 6% to 8% in constant currency over Q3 2020. Foreign exchange fluctuations are expected to have a negative $3 million impact on Q3 revenue compared to Q2 levels and a positive $5 million impact year over year. At these revenue levels, we expect cash gross margins of approximately 76%. Q3 non-GAAP operating expenses are projected to be $257 to $262 million, and we anticipate Q3 EBITDA margins of approximately 45%. Moving now to depreciation. We expect non-GAAP depreciation expense to be between $120 to $121 million. Factoring in this guidance, we expect non-GAAP operating margin of approximately 31% for Q3. Moving on to CapEx, we expect to spend approximately $135 to $140 million excluding equity compensation in the third quarter. And with the overall revenue and spend configuration I just outlined, we expect Q3 non-GAAP EPS in the range of $1.37 to $1.41. This EPS guidance assumes taxes of $38 to $39 million based on an estimated quarterly non-GAAP tax rate of approximately 14.5%. It also reflects a fully diluted share count of approximately 165 million shares. Looking ahead to the full year, we are raising our guidance for both revenue and EPS. We now expect revenue of 3.42% to $3.45 billion, which is up 7% to 8% year-over-year as reported, or up 6% to 7% in constant currency. We now expect security revenue growth to be in the low to mid-20% range for the full year 2021. We are estimating non-GAAP operating margin of approximately 31% and non-GAAP earnings per diluted share of $5.54 to $5.65. And this non-GAAP earnings guidance is based on a non-GAAP effective tax rate of approximately 14.5% and a fully diluted share count of approximately 164 million shares. Finally, full-year CapEx is anticipated to be approximately 16% of revenue, consistent with our prior guidance. We are very pleased with our excellent financial results in the first half, and we look forward to delivering a strong second half. Thank you. Tom and I would be happy to take your questions. Operator?

speaker
Operator

As a reminder, to ask a question, you will need to press star one on your telephone. To withdraw your question, press the pound key. Please stand by while we compile the Q&A roster. Our first question comes from the line of James Green from William Blair. Your line is now open.

speaker
James Green

Thanks for taking the question. Can you talk about some of the seasonality around the business, second, third quarter? Obviously the Olympics is happening right now and sort of how you see the impact in the business given how the traffic patterns have been so far. And then it seems like operating income, 31% is moving up a little bit. Can you just talk about some of the dynamics and where you see that going as security maybe becomes a bigger part of the business? Thanks. Thanks.

speaker
Tom

Hey Jim, thanks for the question. This is Ed. In terms of seasonality, Q3 typically we tend to see a little bit of a slowdown in traffic over the summer months. We're calling for sort of a flat-ish quarter to Q2 here with the guide. We'll see a little bit of slowdown in August, I would expect. I've got the Olympics in there. Not expecting a ton from the Olympics this year. It's a couple million bucks that we have in the quarter. We did see, in terms of seasonality in Q2, we did see a bit of a lighter gaming quarter in Q2. You know, we would expect to see that probably pick up a bit here in the back half of the year. Then, obviously, in Q4, that's our most challenging quarter to call. You've got really two seasons there. You've got the commerce season and then the typically large media season as well. So we're expecting that. in Q4. We'll update you as we go. We'll get more information as the year goes on. And for the next call, we'll update you on what we're seeing for the Q4 seasonality. The margin question. Yeah, we had a better quarter from an operating margin perspective. Hiring was a little bit lighter than normal. Just a couple things to keep in mind on the margin front. July is when we have our annual merit increase to our salary increases. So that comes into effect beginning in Q3. And also, we do expect that we'll see some travel expenses and some costs related to offices reopening in the back half of the year as well. You know, as Tom and I have talked about, we plan on operating the business in the 30% range. This year we'll do a little bit better. But, you know, we do want to continue to invest for the opportunities we see in front of us in security.

speaker
James Green

Great. Thanks.

speaker
Operator

Thank you. Our next question comes from the line of Sterling Audie from J.P. Morgan. Your line is now open.

speaker
Sterling Audie

Yeah, thanks. Hi, guys. I'm curious to understand how you're thinking about the investment on the go-to-market, specifically sales headcount in the security side of the business, given the strength that you're seeing.

speaker
Tom Layton

We do have a specialist team for our newest security products. And that's very helpful until the field can get up to speed. But our entire go-to-market operation is now well-versed in selling security products. So they really only need the assist for the newly released products. And so we don't have a bifurcated sales force now.

speaker
Sterling Audie

Understood. And then just one follow-up in terms of the security competitive landscape, especially on the newer solutions like Page Integrity Manager, who is the point person you're selling into and are these uncontested or what other solutions do they tend to consider when they're looking at them?

speaker
Tom Layton

Yeah, for our new solutions, you might see a startup out there with something Our normal competition doesn't have these capabilities. And, you know, it's a big advantage to be able to offer these capabilities with the existing platform. Because once you're on Akamai, for example, you're using our web app firewall, which is, you know, market leading solution. It's very easy to add page integrity manager on top. You know, we just take care of that. The customer says they want it and we turn it on. And the request and data flow is not changed. The same will be true with audience hijacking protection. Same thing. Built right on top of the web app firewall and our other solutions. So it really is very convenient for customers to buy from us. And there really isn't, you know, something that's comparable in the marketplace. And these are adding great value. In terms of the buyer experience, You know, audience hijacking protection, that could really go the range. Probably it ends up more towards the marketing side of the house because literally their audience is being hijacked today. Any retailer has a problem where, you know, because of malware that's on the user's browser or plug-ins or extensions they have, that malware and those plug-ins are looking for somebody about to do a transaction. And what they'll do is put some pop-up over it saying, wait a minute, go here instead. Or even worse, it'll be some fraud where they'll change the refer header and claim credit for this buyer and our customer now has to pay more. So for products like that, it could be anywhere from the security side all the way through the website and through the marketing side of the house because it provides so much value. It reduces cost, increases revenue, and provides greater security. And really, it's very nice to see that because it's a very good blend between, you know, our delivery and performance solutions and our security solutions all wrapped up in one package.

speaker
Sterling Audie

Makes sense. Thank you.

speaker
Operator

Thank you. Our next question comes from the line of Will Tyler from Baird. Your line is now open.

speaker
Will Tyler

Hey, this is Charlie Erlich on for Will. Thanks for taking the question. I had sort of a two-part question on contract renegotiations. I guess first, are there any big contracts coming up that we should be aware of, or is it pretty spread out over the back half of the year and into next year? And then part two, for the contract renegotiations that you've already had, I'm kind of curious what you're hearing in terms of sort of the health of the customers, and are they still asking for price concessions, or are we closer back to pre-pandemic levels in that respect? Thanks.

speaker
Tom

Yeah, so in terms of the big contracts up for renewal, we had a few that we did this quarter. And I'd say the rest are sort of spread out fairly evenly. If there's ever anything that is major, I tend to try to call that out. But, you know, as we disclosed in our IR day, you know, we don't have, you know, significant customer concentration risk. But sometimes you can get a few of them all together that can make a little bit of noise in a quarter. But they're pretty much spread out. And in terms of the health of the customers, it really varies by vertical. You know, we do see, I would say, pretty standard pricing discussions. You know, this industry traditionally has had deflationary pricing when it comes to especially volumes, driven by volume. And I don't see any major change there. Really nothing to call out. You know, I think it's still too early to call out. you know, an end to the pandemic, obviously. So we've got some significant business with commerce and retailers, and, you know, that's still kind of playing itself out at this point. You know, we've seen some pick up in volume, but we're not out of the woods yet there. But in terms of overall pricing, really nothing to call out in terms of any major changes.

speaker
Will Tyler

Great. Thanks, Ed. And if I can just squeeze in another one. You used to give this helpful metric, the percentage of customers that are taking one security product and the percentage that are taking multiple security products. Is that something that you could provide us now or are you not giving that metric anymore?

speaker
Tom

Yeah, sure. I can give you that number. So right now we've got about 55% of our customers that are buying one security product and about 32% that are buying more than one. But just keep in mind that our customer base has grown over the last year. It's up probably by 5% or 6% over the last year. So You know, we're doing a pretty good job of getting penetration into the base, but the base is also growing. If I go back a year ago, Q2 of 2020, that number for folks that have acquired a security product was around 59%. So we're seeing really healthy growth in terms of the overall number of customers, both for penetration of the base, but also just the size of the customer base is growing as well.

speaker
Will Tyler

Great. Thanks very much.

speaker
Operator

Thank you. Our next question comes from the line of Keith Weiss from Morgan Stanley. Your line is now open.

speaker
Edge Java

Hi, it's Matt Wilson on for Keith Weiss. Thank you for taking our question. I'd like to dig a little bit deeper into the edge applications, what type of use cases you're seeing, and what other verticals you're kind of seeing traction in besides retail. You gave a nice example in your prepared remarks, but anything additional would be helpful.

speaker
Tom Layton

Sure. It really is useful, I think, across all verticals. You know, gaming is another example. Our big gaming customers have interest there. They want to get local decisions made in terms of who's playing who, what master server maybe they go back to for, you know, the gaming instructions. You know, another great example is the COVID vaccine registration sites. In this case, was a third party company unrelated to us, uh, built a queuing application on top of our edge worker solution, uh, that is used today by I think dozens now, uh, governments and, uh, pharmaceutical companies, um, to, you know, assist in, uh, getting vaccine registrations. Um, and of course in the early days in the U S and still in many countries, There's a lot more people that want to get a vaccine than you have capacity for. And so you want to be fair. So if somebody comes into the website, they get into the queue and they know how long the queue is and that whole process is managed. And again, that's an ideal application, you know, to run with our edge computing service and also handles all the excess load and the flash crowd around the site when you announce, okay, we got a lot of vaccines available in a certain period of time, a lot of people come at once, or maybe they know when that's going to happen, and so we provide the overflow capacity for that. But really, you know, anything you could imagine that, you know, involves locality, the need to rapidly scale, you know, would be a suitable use for our edge worker solutions. IoT applications, I think in the future is a a big driver of demand there, and I think that gets enabled by, you know, 5G as it gets deployed, and you get a lot more devices connected. But there you've got, you know, a lot of devices with a lot of communication back and forth, very chatty protocols, data being, you know, sent in, and you need to aggregate that and make decisions quickly locally on the fly. Edge computing, edge applications is a good example for that. You know, tailoring the content, based on the device type and the local connectivity is another example. We do that with our image and video manager applications, where if you're on, say, a cellular device, you don't have a big screen, and maybe you don't have great connectivity, we'll automatically at the edge with the edge computing put in a smaller, a lower resolution version of the image. And on your device, it'll look the same, so there's no real reduction in quality. but the less traffic needed to convey the image means you get better performance for the end user. So there's just all sorts of applications that people are using, and now we're doing those kinds of things 5 billion times a day on our Edge platform using Edge Java.

speaker
Edge Java

That's a really great color. And then pivoting to the CDN solutions within the Edge technology group, Anything to call out in terms of pricing, and then how should we think about revenue from the internet platform customers in the second half of 2021?

speaker
Tom

Yes, I'll take that one, Tom. So in terms of pricing, as I just mentioned, really nothing to call out on the pricing side. As far as internet platform customers go, the team's doing a great job executing there. We continue to grow that group of customers, obviously very highly innovative. customer base. A lot of them have their own CDNs, but we're doing a good job of growing that business and very happy with the performance there and expect that revenue stream to continue to run along about the same pace that it's going now for the rest of the year, maybe see a little bit of upside in the fourth quarter.

speaker
Edge Java

All right. Thanks, guys.

speaker
Operator

Thank you. Our next question comes from the line of James Fish from Piper Sandler. Your line is now open.

speaker
James Fish

Hey, guys. Thanks for the questions. First, you know, on the external and internal-based cloud access solutions, what one is really leading the charge at this point, and what has been the pushback from customers that are evaluating other solutions that may pick a competitor? And do you plan on building or acquiring into the rest of that SASE stack, like in DLP or CASB?

speaker
Tom Layton

So, yes, we're interested in the entire SASE stack. I would say we're really focused, though, on stopping malware, stopping these ransom DDoS, ransomware attacks, stopping data exfiltration. And that puts us in the direction of a focus on access to make sure that we do the access control of the application layer not as it's traditionally done at the network layer, and that makes a huge difference in terms of the malware getting inside in the first place. Also, we have secure web gateway capabilities, probably market-leading DNS capabilities, which makes a big difference in terms of data exfiltration. We do have some DLP capabilities today with our newest version of Enterprise Threat Protector, CASB, less capabilities there today, potentially of interest, but not the primary mission in terms of stopping the data exfiltration, the ransomware attacks, the malware attacks on enterprises. And of course, ransom DDoS, which our Plexig solution helps a lot with along with Kona. So good traction there as you see the growth on the access side of the house now. well over 50% organically, and of course, if you count the Asavi acquisition, over 160% year over year. We plan to continue investing there organically, also through potentially M&A. We're always looking there, and I think that has a lot of future potential for us.

speaker
James Fish

That's helpful, Tom, and I guess I'll be the one to take the bait. Obviously, two outages during the last couple of months here Can you just walk us through maybe add what the financial impact could be in terms of any SLA refunds or what you heard back in terms of feedback from customers regarding the DNS and the DDoS issues? Thanks guys.

speaker
Tom Layton

Yeah. In terms of financial impact at De Minimis, we lost at the peak about 2% of our traffic for up to an hour. So not, not any financial impact per se. That said, You know, we care a lot about reliability at Akamai. It is core to everything we want to do. And we have put a ton of effort into making our solutions be reliable, you know, over the last, you know, 10 plus years. In fact, you have to go back to 2004 to find anything comparable in terms of what's happened on our platform. In 2004, we actually took the entire platform down for about an hour, which was, you know, disastrous. That didn't happen in this case, but we did hurt hundreds of our customers, and we deeply regret that. We impacted them and their users, and that's unacceptable. In both cases, there was an update that caused a problem, and we have invested a lot in infrastructure to make sure that updates are done safely. In this case, the updates were totally different and totally different systems at Akamai, but as a result of this, We are taking a fresh look at, you know, how we release updates to make sure that something like this won't happen again. And meanwhile, we've locked down all update channels as we do a thorough investigation of each one. You know, people don't often realize it, but we are constantly doing updates. You know, we have a platform with dozens of services. We have many, many thousands of customers. Any given customers maybe wanted to make an update to their site on an hourly basis or more. And so it's just thousands and thousands a day of updates that are taking place in the platform. And because of the really, you know, very intense work that we've done over the last decade, we have had an excellent track record of keeping any problem with an update from spreading. Humans making updates will make mistakes. And our goal is, is to catch them early and prevent them from spreading. And in this case, there were two different channels where that didn't happen the way we wanted to. And so we are putting in a lot of effort to look at every possible channel and make sure it is working the way we want to. And not only do we not want to have any more incidents this year, we don't want to be having this happen in the next 10 years. And so there's a lot of effort going into making sure that's the case.

speaker
Operator

Thank you. Our next question comes from the line of Tim Horan from Oppenheimer. Your line is now open.

speaker
Tim Horan

Thanks. Tom, just maybe two really higher-level questions. Can you just talk about how important edge compute do you think is going to be in the cloud, you know, in terms of specific applications, what percentage will have some edge component to it? And, you know, how do you think your infrastructure, you know, holds up and compares to competitors, you know, for providing that edge? And then on the security front, another just really high-level question. Do customers understand how much better cloud-based security is than on-prem, and where are we with that process?

speaker
Tom Layton

Yeah, good questions. I think edge computing is really important in the future. And when I say edge, I really mean edge. And that's a big difference with the competition, none of whom really have an edge platform. Of course, you know, for the last couple of years, everybody says they have edge everything. It's just it's not true. You know, we're in over 4,000 locations in about 1,000 cities and 135 countries. And nobody is anywhere, anywhere close to that. And we offer, you know, native JavaScript support now, which, you know, a lot of the folks that talk about edge computing don't. And, you know, we spin up, you know, our apps in a few milliseconds. And that's, you know, a factor of 1,000 better than some of the folks that talk a lot about edge computing out there. So I think we stack up very well against the competition there. And I think you see that reflected in our very strong growth. You know, that segment now, you know, well over 30% growth year over year. We think we can maintain that. And on a reasonable size number, last year $150 million were now almost up to a $200 million annual revenue run rate. for our edge applications business. So I think very strong future potential. And as you're growing at 30% a year on a number that's about 200 million now, after a few years, that starts really being meaningful. And I think that drives accelerated growth for the CDN business. And remind me again of the security question you had.

speaker
Tim Horan

Well, it seems like security is rapidly moving to the cloud. I guess the customers understand how much better that is. Where do you think we are in the process?

speaker
Tom Layton

Oh, yeah, that's a good question. You know, it's interesting because we started with application firewall. And if you go back five or six years, pretty much everybody bought a device and managed it in their data center. And today, you know, there's still a few enterprises that do that, but pretty much all the major B2C companies, well, largely, The majority of them are now using Akamai for that as a cloud service and with a market leader by far in application firewall. You look at DDoS, and again, go back five plus years, that was managed either in the data center or with a single carrier. And that just doesn't work anymore. You can't handle the volume. And so now Akamai is the market leader by far with a cloud service there. I think you will see the same thing happen We have enterprise security. Today it is done, you know, you get your VPN and you get your boxes and you manage them in your data center. That is not a good way to do it. That's why you have all these breaches. When you're providing network layer access, it's a disaster. You look at, you know, the big pipeline company that had a problem. It's just one of many thousands of enterprises. You know, credentials to the VPN are stolen, put on the dark web. Somebody gets them. And that just gives them access to the entire network. And you can't do it that way. And that's why our solutions are so important with application layer access. Now, sure, you can steal somebody's credentials, but, of course, you want multi-factor authentication. And then you only get access to the app. And if you're using Akamai, you don't even get access to the app directly. You've got to come through us, and we'll make sure there's no malware going to that app or you're not exploiting vulnerabilities. And then you don't have those kind of situations. So I think, look at the Exchange server situation, which, you know, talked about a few minutes ago. Again, by having Akamai in front with our enterprise application access, our email wasn't stolen, even though we had the vulnerable software like everybody else did. So it will take some time. We're at the beginnings of, I'd say, the zero trust approach and moving to the cloud in particular to the Edge, my Edge platform for enterprise security. But I do think there's a tremendous future there because we're in a position to really stop those breaches.

speaker
Tim Horan

Thank you.

speaker
Operator

Thank you. Our next question comes from the line of Colby Nisdale from Cowan. Your line is now open.

speaker
spk01

Great. Thank you. Two modeling questions, if I might. The first one, just looking at the guide increase for 2021, just curious if you're going to agree with how I'm thinking about it, which is it seems like it reflects the 2Q upside, maybe a little bit of upside in terms of expectations for 3Q, but really no change as relates to your assumptions for 4Q. And it sounds like that's more a function of just lack of visibility opposed to some type of step down or negative impact, if you will, that you're now anticipating. Just curious if I'm thinking about that correctly. And then secondly, it sounds like in response to one of the questions regarding M&A, Tom may have been suggesting that you guys obviously continue to look and may even be close to something. Are you guys still holding a line where M&A is expected to be accretive within some short period of time or are valuations getting to a point now where if you were in fact to do something of materiality, It could actually be, you know, relatively meaningfully diluted, just given what you'd have to pay. Thank you.

speaker
Tom

All right. So, I'll take the first question, Colby. So, in terms of Q4, I think you're thinking about it correctly. You know, we always talk about Q4 being the hardest quarter to call. And then, obviously, there's been a bit of a flare-up here with the Delta virus. So, You know, we're going with what we see now, as I said earlier in the call. We'll update you as we get more visibility. There's two seasons to call. There's the commerce season, and commerce is a very important vertical for us. And then also, as we've seen the last several years, there tends to be a big step up in media. So we'll get some more information as we go, but I think you're thinking about it correctly.

speaker
Tom Layton

Yeah, and in terms of the M&A question, We're always looking for companies that have novel capabilities that we can use to build products for our customers that are synergistic with our platform and our solutions we have today. And you're right. There are areas, particularly in security and also edge computing, that have very high valuations today. And that makes it harder to do acquisitions that make sense because we're not going to do something that's crazy. Now, when you're looking at acquisition, we look at it over the long term, and so that we want it to be accretive certainly over the long term. In addition to the purchase price, we also worry about the hit margins, especially when you do an acquisition. Often, as you know, the first year you have revenue recognition issues where you don't get to recognize you know, all the revenue right away. And so in the first year, you can take a hit to your margins. And, you know, if we find the right acquisition that is really helpful to us in growth over the long term and will be accreted to margins over the long term, there may be a situation where, you know, we would take a short-term hit to margins and then we would improve them from there.

speaker
spk01

Okay, great. Thank you.

speaker
Operator

Thank you. Our next question comes from the line of Brandon from KeyBank Capital. Your line is now open.

speaker
spk06

Great. Thanks for taking the questions. I'm curious about, you mentioned headcount growth slowed and actually was down sequentially. Can you update us on your hiring plans for the rest of the year? And do you believe the company needs another phase of investment in headcount in order to sustain the current growth trajectory? Thanks.

speaker
Tom

Yeah, sure. So, uh, you know, I've talked about headcount being, um, a little bit behind hiring, you know, obviously last year we had sort of record low attrition and we're still not back to the attrition levels that, uh, we saw pre pandemic, but, um, you know, we just a little bit behind on, on our hiring. I expect that we'll, we'll catch up. Uh, you know, we're scaling the company very well, as you can see, our margins have improved quite a bit, but we still want to make it, you know, investments in security. You've seen some of our newer products, have grown to some pretty material size. We've got some very fast and exciting growing businesses with our edge computing business, along with, you know, very deep product banks for security. So we're going to continue to invest there. There'll be some investments and go to market. And then obviously as we continue to grow, there'll be some scaling heads that we have to add, but nothing in terms of like a major investment cycle or anything like that, that we anticipate coming.

speaker
Operator

Thank you. Our next question comes from the line of Mike Sikos from Needham and Company. Your line is now open.

speaker
Mike Sikos

Hi, team. Thanks for taking the questions here. I wanted to focus on the security and the improved outlook you guys provided today. It seems like the security in general is facing broad-based demand, but are there any solutions specifically that are driving this improved outlook? And then I guess the follow-on question, With the current threat environment, the headlines we're seeing, is this driving a material change in customer interest? Are you seeing any noticeable impact on sales cycles or budget flowing into this space as a result of that?

speaker
Tom Layton

The good news is we're seeing strong demand across all of our major security product lines and also the new security products are obviously not contributing a lot of revenue yet, but we're seeing strong interest in those as well. So it's just a good picture across the board. The threat environment certainly increases the awareness and need for our solutions. In terms of sales cycle, obviously if a customer is under attack, the sales cycle can be very short. In many cases, you know, we'll, you know, integrate the customer within a matter of hours or days and often, you know, follow up with all the details of the contract later. And we've seen a lot of that, you know, with these ransom DDoS attacks, dozens and dozens of major enterprises, you know, in that situation that very quickly become happy Akamai customers. So it's a, you know, it's a good environment, I would say, you know, in terms of security sales for all of our security products right now.

speaker
Mike Sikos

Thanks for that. And if I'm just thinking about the traffic trends, trying to parse out between the typical seasonality where there's a slower lag, if you will, in the summer months, and I'm matching that up against what we have with COVID and this Delta variant we're seeing, trying to T. Can you guys better comment on that? I'm just trying to put those two pieces together to see what's baked into the guidance as we stand today or how you see that traffic playing out over the last month now that we're in Q3. Thank you.

speaker
Tom

T. Yeah, good question. So what we've assumed here is that there really isn't going to be a major step up in demand like we saw last year. So, you know, not anticipating major lockdowns or anything like that. So then obviously if something like that were to happen, it could increase our traffic in the quarter. You know, we do see typical seasonality in the summer months, typically August, you know, Europe in particular tends to be lighter than expected. So we're anticipating that, you know, it's offset a little bit by the Olympics. Again, I told you not a ton there, a few million bucks for the Olympics, but, you know, security growth is also, you know, not, necessarily impacted by traffic. If we do see lockdowns, you could see traffic accelerate a bit. We're not really anticipating that. It's not in our guide at this point. We are expecting to see a strong seasonal Q4. Like I said a couple times now, we'll update when we talk to you again when we get more visibility. Traffic has got back to what I'd call more normal growth rates. Obviously, we went through a year and a half of accelerated traffic growth with launch of some major OTT platforms along with the pandemic. So we're modeling in what I would consider to be sort of a more normal CDN outlook.

speaker
Operator

Thank you. Our next question comes from the line of Ben Rose from Battle Road Research. Your line is now open.

speaker
Ben Rose

Yes, good afternoon. Question for Tom and then a question for Ed. For Tom, you mentioned at the outset the Akamai Account Protector that you're working on in beta. I was curious to know if you could provide a little bit more information on the kind of benefits to customers that would come from this product that may not be available in Akamai's security portfolio currently.

speaker
Tom Layton

Sure. Account Protector is sort of the next step beyond bot management. Bot Manager detects whether it's a human being that's trying to, for example, to log into an account. And as you probably know, there's a ton of account stuffing going on. We see every day now about a billion illegitimate attempts to log into an account of some kind, a bank account, a gaming account, a commerce account. And the vast, vast majority of that is bot traffic. You know, credentials have been stolen somewhere, and a bot network is used to check out those credentials against a lot of websites to see if you get a hit. Now, the adversaries have evolved, the attackers have evolved, and now we use humans to attempt to log in and steal accounts. Now, you can't do that at the same scale as you can with a bot army, but you use things that you think may well get in and now the human will, will do it. And so we need to decide, well, okay, it's human, but is it the right human? And that's what account protector is all about. And it will use information about the human that's been using that account before with a variety of inputs and you know, trust scores and then using, you know, machine learning to decide on the fly, based on everything we can see here, is this the right human for this account? And we give a score that is used to decide, are we going to provide access directly? Do you go to some other security mechanism, like you get asked questions or a capture test of some kind, or do you just block? And that's what account protector does. So it is one step deeper analysis that will now deal with human-based fraud and And it's specifically around the login function. Now, of course, Bot Manager covers a lot of other things too, like price scraping, inventory stealing, inventory, you know, reserving all the seats in a hotel or an airline, you know, by a competitor, that kind of thing. So this is really focused on fraud and login that's being done by humans.

speaker
spk11

Ben, you had a question for Ed. Maybe you could restate it.

speaker
Tom Layton

I don't think it was stated.

speaker
spk11

Ben, what was your question for Ed? Thank you, everyone. In closing, we will be presenting at several investor conferences and roadshows throughout the rest of the third quarter. Details of these can be found on the Investor Relations section of Akamai.com. Thank you for joining us, and all of us here at Akamai wish you continued good health and have a wonderful evening.

speaker
Operator

This concludes today's conference call. Thanks for participating. You may now disconnect.

Disclaimer

This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.

-

-