Akamai Technologies, Inc. (AKAM) Q2 2021 Earnings Call Transcript
Published at 2021-08-03 19:49:03
Good day, and thank you for standing by. Welcome to the Q2 2021 Akamai Technologies Inc. Earnings Conference Call. At this time, all participants are in listen-only mode. After the speaker’s presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today’s conference is being recorded. [Operator Instructions] I would now like to hand the conference over to your speaker today, Tom Barth, Investor Relations for Akamai Technologies. Please go ahead.
Thank you, operator. Good afternoon, everyone, and thank you for joining Akamai’s second quarter 2021 earnings conference call. Speaking today will be Tom Leighton, Akamai’s Chief Executive Officer, and Ed McGowan, Akamai’s Chief Financial Officer. Before we get started, please note that today’s comments include forward-looking statements, including statements regarding revenue and earnings guidance. These forward-looking statements are subject to risks and uncertainties and involve a number of factors that could cause actual results to differ materially from those expressed or implied by such statements; the factors include uncertainty stemming from COVID-19 pandemic and any impact from unexpected geopolitical developments. Additional information concerning these factors is contained in Akamai’s filings with the SEC, including our Annual Report on Form 10-K and Quarterly Reports on Form 10-Q. The forward-looking statements included in this call represent the company’s view on August 3, 2021. Akamai disclaims any obligation to update these statements to reflect future events or circumstances. As a reminder, we will be referring to some non-GAAP financial metrics during today’s call. A detailed reconciliation of GAAP and non-GAAP metrics can be found under the financial portion of the Investor Relations section at akamai.com. And with that, let me turn the call over to Tom.
Thanks, Tom, and thank you all for joining us today. I'm pleased to report that Akamai delivered excellent financial results in the second quarter, coming in at/or above the high end of our guidance range for both revenue and EPS. Q2 revenue was $853 million, up 7% year-over-year and up 5% in constant currency. Non-GAAP operating margin in Q2 was 32%, which reflects our continued focus on operational efficiency, even as we've continued to invest for future growth. Q2 non-GAAP EPS was $1.42 per diluted share, up 3% year-over-year. Akamai Security Solutions continued to perform especially well in Q2, generating revenue of $325 million, up 25% year-over-year, and up 22% in constant currency. Cyberattacks generated headlines throughout the first half of the year, and our strong growth reflects the criticality of security to organizations in every sector and geography of the world. Akamai is increasingly recognized as a security leader that offers not just innovative and market leading solutions, but also insights into an enormous amount of Internet data and threat intelligence, a massive distributed platform at the edge of the Internet where most attacks originate. And the technical expertise of one of the industry's largest and most experienced teams of security professionals. The strong growth of our security portfolio was driven by several product lines, including our market leading solutions for web app firewall, bot management, DDoS prevention and Access Control. Our recently released Akamai Page Integrity Manager continued to have rapid adoption in Q2. Page Integrity Manager helps businesses protect their users from having credit card data or other personal information stolen by malware embedded in third-party content. It's also designed to prevent user data from being intentionally or inadvertently sent to third parties such as advertisers or social networks, which can result in a violation of privacy laws and steep fines. As an example, one of our customers is a leading furniture retailer. Page Integrity Manager detected that one of their partners, a major social media platform, was taking their shoppers' e-mail addresses in violation of their data privacy rules. Page Integrity Manager blocks such transfers of personal data and immediately notifies our customers so that appropriate business actions can be taken. In June, we entered beta with a related solution that we call; Audience Hijacking Protection. Audience Hijacking Protection is designed to detect and block malicious or unwanted activity from client side plug-ins, browser extensions and malware. For example, it can quickly identify vulnerable resources, detect suspicious behavior and block unwanted ads, pop-ups, affiliate fraud and other malicious activities that attempt to hijack a retailer's audience. Initial customer interest in this new capability is very strong. Akamai Bot Manager also continued to perform very well in Q2, with revenue growing 40% year-over-year. Bot Manager now has nearly 800 customers with an annualized revenue run rate of nearly $200 million. Our customers use Bot Manager to fort a variety of unwanted activities and attacks such as price scraping, inventory manipulation, credential stuffing and account takeover. Recently, we enhanced our ability to defend against account takeover attempts with the beta launch of Akamai Account Protector. It's designed to proactively identify and block human fraudulent activity using advanced machine learning, behavioral analytics and reputation heuristics. Account Protector intelligently evaluates every login request to determine, if it's coming from a legitimate user or an impersonator. Q2 bookings were also strong for our Prolexic service, which helps organizations defend against the surge of ransom DDOS attacks that began in Q3 of last year. As an example, a leading financial analytics company recently adopted Prolexic to protect them from this growing threat. Prior to that, the company faced operational and technical challenges from needing to manage multiple security technologies from various niche vendors and cloud service providers. Since consolidating with Akamai, they have greatly benefited from reduced complexity, improved security and greater consistency for compliance and risk management across their many business units. As you all likely know, there have been widespread ransomware, data theft and other malware attacks against major enterprises this year. Included were well-publicized attacks on critical infrastructure at a major pipeline company, the world's largest meat packer and a freight operator that serves as the lifeline for 2 popular island destinations in New England. The need to stop these kinds of attacks is driving organizations to adopt new Zero Trust and Secure Access Service Edge, or SASE Solutions, such as those offered by Akamai. For example, when the exchange server attack hit thousands of organizations in March, Akamai's e-mail wasn't compromised, because our IT department uses Akamai's Enterprise Application Access solution, which prevented unauthorized access to our exchange server. Our Access Control suite of products continue to be Akamai's fastest-growing security segment in Q2, with revenue up 161% year-over-year, including the acquisition of Asavie, and up 57% on an organic basis. As one example of a new customer, we closed a large security contract in Q2 with a company that helps maritime operators manage risk. This company has thousands of employees and hundreds of offices throughout the world. They adopted our Enterprise Application Access and Kona Site Defender solutions to secure the access to their applications and to protect their internal systems from malware and other threats. I'll now turn to our CDN portfolio, which generated revenue of $528 million in Q2, down 1% year-over-year and 4% in constant currency. This result was in line with our expectations and reflects the challenging comparison against last year's pandemic-related jump in traffic and the loss of revenue from Chinese applications that were banned from India in July of 2020. Traffic on our platform remained strong in Q2, with peaks exceeding 130 terabits per second every day throughout the quarter. This enormous amount of traffic provides strong evidence of how much customers were live on our platform's unparalleled scale and reach, which is enabled by more than 4,200 points of presence at the edge, in 135 countries around the world. Our tremendous global presence is especially important to the world's major broadcasters, who continue to look to Akamai to deliver the world's most significant events. For example, during the recent European football tournament, the peak traffic that we delivered globally for more than 30 broadcasters was 35 terabits per second, nearly 5 times the peak observed in 2016. Our fast-growing Edge Applications segment delivered $47 million in Q2, up 35% year-over-year and up 32% in constant currency. This rapid growth rate reflects the shift of compute workloads from core data centers, on-prem or in the cloud to our edge platform for offload, improved performance, security and global scale. For example, each time a user accesses one of our retailer customer sites, the retailer's geo location code is executed on an Akamai edge server to identify the user's location and then deliver content tailored for that location. Overall, we're now supporting an average of 5 billion such edge computing instantiations per day on our platform. In summary, I'm pleased to report that we've executed according to the plan we outlined for investors during our February Analyst Day. In particular, we continued to achieve strong demand from customers for our security and edge computing solutions, diversification of our business across products, geographies and sales channels, and strong financial performance on both the top and bottom lines. Before turning the call over to Ed, I'd like to formally welcome Sharon Bowen to our Board of Directors. Sharon's had extensive experience in financial and securities transactions for large global companies and we're very much looking forward to benefiting from her engagement and counsel. In addition, as many of you know, our Board is now chaired by Dan Hesse, who succeeded Fred Salerno in June. Dan has held senior management positions in the telco industry for many years, including as CEO of Sprint. He's also recognized as a leader in ESG and is providing valuable advice and oversight to our senior management team. Of course, we all deeply appreciate Fred's many years of outstanding leadership and service to Akamai, and we wish him the very best in his future endeavors. I'll now turn the call over to Ed to provide further details on our Q2 results and our outlook for next quarter and the full year. Ed?
Thank you, Tom. As Tom outlined, Akamai delivered another excellent quarter. Q2 revenue was $853 million, at the high end of our guidance range and up 7% year-over-year or 5% in constant currency. Revenue growth was led by broad-based strength across our Security business globally. Revenue from our Security Technology Group was $325 million, up 25% year-over-year or 22% in constant currency. Security now accounts for 38% of our total revenue. We saw strong performance across our major security products, including Bot Manager, Prolexic, and our Access Control product suite. Revenue from our Edge Technology Group was $528 million, down 1% year-over-year or 4% in constant currency. These results were in line with our internal expectations, which factored in challenging comparisons from our outstanding CDN results in Q2 a year ago. The tough year-over-year compares within our Edge delivery business offset the continued strong growth in our edge applications business. Foreign exchange fluctuations had a negative impact on revenue of $2 million on a sequential basis and a positive $19 million on a year-over-year basis, largely in line with our expectations. International revenue was $403 million, up 15% year-over-year or 9% in constant currency. Sales in our international markets represented 47% of total revenue in Q2, up three points from Q2 2020 and up two points from Q1 levels. As a reminder, our Q2 results last year included approximately $15 million of revenue from China-based apps that were banned in India from Q3 2020 onwards. Adjusting for this impact, international growth would have been approximately 20% year-over-year and 14% in constant currency. Finally, revenue from our US market was $450 million, up 1% year-over-year. Moving now to costs. Cash gross margin was 76%, in line with our expectations. GAAP gross margin, which includes both depreciation and stock-based compensation, was 62%. Non-GAAP cash operating expenses were $259 million, slightly below our guidance range due to lower-than-expected hiring during the quarter. Now, moving on to profitability. Adjusted EBITDA was $386 million. Our adjusted EBITDA margin was 45%, in line with our guidance. Non-GAAP operating income was $270 million, and our non-GAAP operating margin was 32%, slightly favorable to our guidance due to lower operating expenses I just mentioned. Capital expenditures in Q2, excluding equity compensation and capitalized interest expense were $138 million, consistent with our guidance range. GAAP net income for the second quarter was $156 million or $0.94 of earnings per diluted share. Non-GAAP net income was $233 million or $1.42 of earnings per diluted share, up 3% year-over-year, down 1% in constant currency and $0.02 above the high end of our guidance range. Taxes included in our non-GAAP earnings were $39 million, based on a Q2 effective tax rate of approximately 14.5%. Now I will discuss some balance sheet items. As of June 30th, our cash, cash equivalents and marketable securities totaled approximately $2.6 billion. After accounting for the $2.3 billion of combined principal amounts of our two convertible notes, net cash was approximately $281 million as of June 30th. Now I will review our use of capital. During the second quarter, we spent approximately $96 million to repurchase shares, buying back approximately 900,000 shares. We ended Q2 with approximately $417 million remaining on our previously announced share repurchase authorization. Our plan remains to leverage our share buyback program to offset dilution, resulting from equity compensation over time. Moving on to Q3 guidance. We are projecting Q3 revenue in the range of $845 million to $860 million or up 7% to 9% as reported or 6% to 8% in constant currency over Q3 2020. Foreign exchange fluctuations are expected to have a negative $3 million impact on Q3 revenue compared to Q2 levels and a positive $5 million impact year-over-year. At these revenue levels, we expect cash gross margins of approximately 76%. Q3 non-GAAP operating expenses are projected to be $257 million to $262 million, and we anticipate Q3 EBITDA margins of approximately 45%. Moving now to depreciation. We expect non-GAAP depreciation expense to be between $120 million to $121 million. Factoring in this guidance, we expect non-GAAP operating margin of approximately 31% for Q3. Moving on to CapEx. We expect to spend approximately $135 million to $140 million excluding equity compensation in the third quarter. And with the overall revenue and spend configuration I just outlined, we expect Q3 non-GAAP EPS in the range of $1.37 to $1.41. This EPS guidance assumes taxes of $38 million to $39 million based on an estimated quarterly non-GAAP tax rate of approximately 14.5%. It also reflects a fully diluted share count of approximately 165 million shares. Looking ahead to the full year, we are raising our guidance for both revenue and EPS. We now expect revenue of $3.42 billion to $3.45 billion, which is up 7% to 8% year-over-year as reported, or up 6% to 7% in constant currency. We now expect Security revenue growth to be in the low to mid-20% range for the full year 2021. We are estimating non-GAAP operating margin of approximately 31% and non-GAAP earnings per diluted share of $5.54 to $5.65. And this non-GAAP earnings guidance is based on a non-GAAP effective tax rate of approximately 14.5% and a fully diluted share count of approximately 164 million shares. Finally, full year CapEx is anticipated to be approximately 16% of revenue, consistent with our prior guidance. We are very pleased with our excellent financial results in the first half, and we look forward to delivering a strong second half. Thank you. Tom and I would be happy to take your questions. Operator?
[Operator Instructions] Our first question comes from the line of James Breen from William Blair. Your line is now open.
Thanks for taking the question. Can you talk about some of the seasonality around the business, second, third quarter? Obviously, the Olympics is happening right now and sort of how you see the impact in the business, given how the traffic patterns have been so far. And then it seems like operating income 31% is moving up a little bit. Can you just talk about some of the dynamics and where you see that going as security maybe becomes a bigger part of the business?
Jim, thanks for the question. This is Ed. In terms of seasonality, Q3, typically, we tend to see a little bit of slowdown in traffic over the summer months, we were calling for sort of a flattish quarter to Q2 here with the guide. We'll see a little bit of slowdown in August. I would expect -- I've got the Olympics in there. Not expecting a ton from the Olympics this year, it's a couple of million bucks that we have in the quarter. We did see in terms of seasonality in Q2, we did see a bit of a lighter gaming quarter in Q2. We would expect to see that probably pick up a bit here in the back half of the year. And then obviously, in Q4, that's our most challenging quarter to call, which you've got really 2 seasons there. You've got the commerce season and then the -- we typically see a large media season as well. So we're expecting that in Q4. And we'll update you as we go and we'll get more information as the year goes on. And for the next call, we'll update you on what we're seeing for the Q4 seasonality. The margin question, yes, we had a better quarter from an operating margin perspective. Hiring was a little bit lighter than normal. Just a couple of things to keep in mind on the margin front. July is when we have our annual merit increase or our salary increases, so that comes into effect beginning in Q3. Then also, we do expect that we'll see some travel expenses and some costs related to offices reopening in the back half of the year as well. Tom and I have talked about, we plan on operating the business in the 30% range. This year, we'll do a little bit better, but we do want to continue to invest for the opportunities we see in front of us in Security.
Thank you. Our next question comes from the line of Sterling Auty from JPMorgan. Your line is now open.
Yes, thanks. Hi, guys. I'm curious to understand, how you're thinking about the investment on the go-to-market, specifically sales headcount in the security side of the business, given the strength that you're seeing?
We do have a specialist team for our newest security products. And that's very helpful until the field can get up to speed. But our entire go-to-market operation is now well versed in selling security products. So they really only need the assist for the newly released products. And so we don't have a bifurcated sales force now.
Understood. And then just one follow-up in terms of the security competitive landscape, especially on the newer solutions like Page Integrity Manager. Who is the point person you're selling into? And are these uncontested, or what other solutions do they tend to consider when they're looking at it?
Yes. For our new solutions, you might see a start-up out there with something similar. Our normal competition doesn't have these capabilities. And it's a big advantage to be able to offer these capabilities with the existing platform because once you're on Akamai, for example, you're using our Web App Firewall, which is a market-leading solution, it's very easy to add Page Integrity Manager on top. We just take care of that. The customer says they want it and we turn it on. And the request – the data flow is not changed. The same will be true with Audience Hijacking Protection, same thing, built right on top of the Web App Firewall, and our other solutions. So it really is very convenient for customers to buy from us. And there really isn't something that's comparable in the marketplace. And these are adding great value. In terms of the buyer, Audience Hijacking Protection, that could really go the range. Probably it ends up more towards the marketing side of the house because literally, their audience is being hijack today. Any retailer has a problem where – because of malware that's on the user's browser or plug-ins or extensions they have, that malware and those plug-ins are looking for somebody about to do a transaction. And what they'll do is put some pop-up over at saying, wait a minute, go here instead. Or even worse, it will be some fraud, where they'll change the refer header and claim credit for this buyer and our customer now has to pay more. So if for products like that, it could be anywhere from the security side all the way through the website and through the marketing side of the house because it provides so much value, it reduces cost, increases revenue and provides greater security. Really, it's very nice to see that because it's a very good blend between our delivery and performance solutions and our security solutions all wrapped up in one package.
Thank you. Our next question comes from the line of Will Tyler from Baird. Your line is now open.
This is Charlie Erlikh on for Will. Thanks for taking my question. I had a sort of a sort of a two-part question on contract renegotiations. I guess, first, are there any big contracts coming up that we should be aware of, or is it pretty spread out over the back half of the year and into next year? And then part two, for the contract renegotiations that you've already had, kind of curious what you're hearing in terms of sort of the health of the customers? And are they still asking for price concessions, or are we closer to back to pre-pandemic levels in that respect? Thanks.
Yes. So on the -- in terms of the big contracts up for renewal, we had a few that we did this quarter. And then, I'd say, the rest are sort of spread out fairly evenly. If there's ever anything that is major, I tend to try to call that out. But as we disclosed in our IR day, we don't have significant customer concentration risk. But sometimes you can get a few of them all together that can make a little bit of noise in the quarter, but they're pretty much spread out. And in terms of the health of the customers, it really varies by vertical. We do see, I would say, pretty standard pricing discussions. This industry traditionally has had deflationary pricing when it comes to -- especially volumes, but it's being driven by volume. And I don't see any major change there. Really nothing to call out. I think it's still too early to call an end to the pandemic, obviously. So we've got some significant business with commerce and retailers, and that's still kind of playing itself out at this point. We've seen some pickup in volume, but we're not out of the woods yet there. But in terms of overall pricing, really nothing to call out in terms of any major changes.
Great. Thanks, Ed. And just if I can just squeeze in another one. You used to give this helpful metric on the percentage of customers that are taking one security product and the percentage that are taking multiple security products. Is that something that you could provide us now or you're not giving that metric anymore?
Yeah, sure. I can give you that number. So right now, we've got about 55% of our customers that are buying one security product and about 32% that are buying more than one. But just keep in mind that our customer base has grown over the last year, it's up probably by 5% or 6% over the last year. So we're doing a pretty good job of getting penetration into the base. But the base is also growing. If I go back a year ago, Q2 of 2020, that number for folks that have acquired a security product was around 59%. So we're seeing really healthy growth in terms of the overall number of customers, both from penetration of the base, but also just the size of the customer base is growing as well.
Thank you. Our next question comes from the line of Keith Weiss for Morgan Stanley. Your line is now open.
Hi. It's Mike Wilson on for Keith Weiss. Thank you for taking our question. I'd like to dig a little bit deeper into the Edge Applications. What type of use cases you're seeing? And what other verticals you're kind of seeing traction in besides retail? You gave a nice example in your prepared remarks, but anything additional would be helpful.
Sure. It really is useful, I think, across all verticals. Gaming is another example of the big -- our big gaming customers had interest there. They want to get local decisions made in terms of who's playing who, what master server maybe they go back to for the gaming instructions. Another great example is the COVID vaccine registration sites. In this case, it was a third-party company unrelated to us, built a queuing application on top of our EdgeWorkers solution that is used today by, I think, dozens now, governments and pharmaceutical companies to assist in getting vaccine registrations. And of course, in the early days in the U.S. and still in many countries, there's a lot more people that want to get a vaccine than you have capacity for and so you want to be fair. So if somebody comes into the website, they get into the queue, and they know how long the queue is and that whole process is managed. And again, that's an ideal application to run with our edge computing service. And also handles all the excess load and the flash crowd around the site when you announced, okay, we got a lot of vaccines available in a certain period of time. A lot of people come at once. So maybe they know when that's going to happen, and so we provide the overflow capacity for that. But really, anything you could imagine that involves locality, the need to rapidly scale would be a suitable use for our EdgeWorkers solutions. IoT applications, I think, in the future is a big driver of demand there. And I think that gets enabled by 5G as that gets deployed, and you get a lot more devices connected. But there, you've got a lot of devices with a lot of communication back and forth, very chatty protocols, data being sent in and you need to aggregate that and make decisions quickly locally on the fly, edge computing, edge applications is a good example for that. Tailoring the content based on the device type and the local connectivity is another example. We do that with our image and video manager applications, where if you're on a, say, a cellular device, you don't have a big screen and maybe you don't have great connectivity, we will automatically, at the edge with the edge computing, put in a smaller – a lower resolution version of the image. And on your device, it will look the same. So there's no real reduction in quality, but the less traffic needed to convey the image means you get better performance for the end user. So there's just all sorts of applications that people are using. And now we're doing those, kinds of, things five billion times a day on our edge platform using Edge Java.
That's really great color. And then pivoting to the CDN solutions within the Edge Technology Group, anything to call out in terms of pricing? And then how should we think about revenue from the Internet platform customers and the second half of 2021?
Yes. I'll take that one, Tom. So the -- in terms of pricing, as I just mentioned, really nothing to call out on the pricing side. As far as Internet platform customers go, the team's doing a great job executing there, we continue to grow that group of customer’s obviously very highly innovative customer base, a lot of them have their own CDN, but we're doing a good job of growing that business and very happy with the performance there. I expect that revenue stream to continue to run along about the same pace that it's going now for the rest of the year, maybe see a little bit of upside in this fourth quarter.
Thank you. Our next question comes from the line of James Fish from Piper Sandler. Your line is now open.
Hey guys, thanks for the questions. First, on the external and internal-based cloud access solutions, what one is really leading the charge at this point? And what has been the pushback from customers that are evaluating other solutions that may pick a competitor? And do you plan on building or acquiring into the rest of that SASE stack like in DLP or CASB?
So yes, we're interested in the entire SASE stack. I would say we're really focused though on stopping malware, stopping these ransom DDoS, ransomware attacks, stopping data exfiltration. And that puts us in the direction of a focus on access to make sure that we do the access control of the application layer, not as it's traditionally done at the network layer, and that makes a huge difference in terms of the malware getting inside in the first place. Also, we have Secure Web Gateway capabilities, probably market-leading DNS capabilities, which makes a big difference in terms of data exfiltration. And we do have some DLP capabilities today with our newest version of Enterprise Threat Protector. CASB, less capabilities there today, potentially of interest, but not the primary mission in terms of stopping the data exfiltration, the ransomware attacks, the malware attacks on enterprises. And of course, ransom DDoS, which our Prolexic solution helps a lot with -- along with Kona. So good traction there. As you see the growth on the access side of the house now, well over 50% organically. And of course, if you account the Asavie acquisition, over 160% year-over-year. We plan to continue investing there organically, also through potentially M&A, we're always looking there. And I think that has a lot of future potential for us.
That's helpful, Tom. And I guess I'll be the one to take the bait. Obviously, 2 outages during the last couple of months here. Can you just walk us through, maybe add what the financial impact could be in terms of any SLA refunds or what you heard back in terms of feedback from customers regarding the DNS and the DDoS issues? Thanks?
Yes. In terms of financial impact, de minimis. We lost, at the peak, about 2% of our traffic for up to 1 hour. So not any financial impact per se. That said, we care a lot about reliability at Akamai. It is core to everything we want to do. And we've put a ton of effort into making our solutions be reliable over the last 10-plus years. In fact, you have to go back to 2004 to find anything comparable in terms of what's happened on our platform. In 2004, we actually took the entire platform down for about an hour, which was disastrous. That didn't happen in this case, but we did hurt hundreds of our customers, and we deeply regret that. We impacted them and their users, and that's unacceptable. In both cases, there was an update that caused a problem. And we have invested a lot in infrastructure to make sure that updates are done safely. In this case, the updates were totally different and totally different systems at Akamai. But as a result of this, we are taking a fresh look at how we release updates to make sure that something like this won't happen again. And meanwhile, we've locked down all update channels as we do a thorough investigation of each one. People don't often realize it, but we are constantly doing updates. We have a platform with dozens of services. We have many, many thousands of customers. Any given customers maybe wanted to make an update to their site on an hourly basis or more. And so it's just thousands and thousands a day of updates that are taking place in the platform. And because of the really very intense work that we've done over the last decade, we have had an excellent track record of keeping any problem with an update from spreading. Humans making updates will make mistakes. And our goal is to prevent -- to catch them early and prevent them from spreading. And in this case, there were 2 different channels where that didn't happen the way we want it to. And so we are putting in a lot of effort to look at every possible channel and make sure it is working the way we want to. And not only do we not want to have any more incidents this year, we don't want to be having this happen in the next 10 years. And so there's a lot of effort going into making sure that's the case.
Thank you. Our next question comes from the line of Tim Horan from Oppenheimer. Your line is now open.
Thanks. Tom, just maybe two really higher level questions. Can you just talk about how important edge compute do you think is going to be in the cloud in terms of -- for specific applications? What percentage will have some edge component to it? And how do you think your infrastructure holds up compares to competitors for providing that edge? And then on the security front, another just really high-level question. Do customers understand how much better cloud-based security is than on-prem? And where are we with that process?
Yes, good questions. I think edge computing is really important in the future. And when I say edge, I really mean edge, and that's a big difference with the competition, none of whom really have an edge platform. Of course, for the last couple of years, everybody says they have edge everything. It's just -- it's not true. We're in over 4,000 locations, in about 1,000 cities and 135 countries, and nobody is anywhere, anywhere close to that. And we offer native Javascript support now, which a lot of the folks that talk about edge computing don't. And we spin up our apps in a few milliseconds, and that's a factor of 1,000 better than some of the folks that talk a lot about edge computing out there. So, I think we stack up very well against the competition there. And I think you see that reflected in our very strong growth. That segment now well over 30% growth year-over-year. We think we can maintain that. And on a reasonable size number, last year, $150 million, we're now almost up to a $200 million annual revenue run rate for our edge applications business. So, I think very strong future potential. And as you grow in your 30% a year on a number that's about $200 million now, after a few years, that starts really being meaningful. And I think that drives accelerated growth for the CDN business. And remind me again of the security question you had.
Well, it seems like security is rapidly moving to the cloud. I guess the customers understand how much better that is, where do you think we are in the process?
Yes, that's a good question. It's interesting because we started with application firewall. And if you go back five or six years, pretty much everybody bought a device and managed it in their data set. And today, there's still a few enterprises that do that. But pretty much all the major B2C companies on large -- majority of them are now using Akamai for that as a cloud service. And we're the market leader by far in application firewall. You look at DDoS. And again, go back five-plus years, that was managed either in the data center or with a single carrier. And that just doesn't work anymore. You can't handle the volume. And so now Akamai is the market leader by far with a cloud service there. I think you will see the same thing happen with enterprise security. Today, it is done, you get your VPN and you get your boxes and you manage them in your data center. That is not a good way to do it. That's why you have all these breaches. When you're providing network layer access, it's a disaster. You look at the big pipeline company that had a problem. It's just one of many thousands of enterprises. Credentials to the BPM are stolen, put on the dark web, somebody gets them. And that just gives them access to the entire network. And you can't do it that way. And that's why our solutions are so important with application layer access. Now sure you can steal somebody's credentials, but of course, you want multifactor authentication. And then you only get access to the app. And if you're using Akamai, you don't even get access to the app directly. You got to come through us, and we'll make sure there's no malware going to that app or you're not exploiting vulnerabilities, and then you don't have those kind of situations. So I think if you look at the exchange server situation, which I talked about a few minutes ago. Again, by having Akamai in front with our Enterprise Application Access, our e-mail wasn't stolen, even though we had the vulnerable software like everybody else did. So it will take some time. We're at the beginnings of, I'd say, Zero Trust approach and moving to the cloud, in particular to the edge – My Edge platform for enterprise security, but I do think there's a tremendous future there because we're in a position to really stop those breaches.
Thank you. Our next question comes from the line of Colby Synesael from Cowen. Your line is now open.
Thank you. Two modeling questions, if I might. The first one, just looking at the guide increase for 2021. Just curious if you're going to agree with how I'm thinking about it, which is it seems like it reflects a 2Q upside, maybe a little bit of upside in terms of your expectations for 3Q, but really no change as it relates to your assumptions for 4Q. And it sounds like that's more a function of just lack of visibility opposed to some type of step-down or negative impact, if you will, that you're now anticipating? Just curious, if I'm thinking about that correctly. And then secondly, it sounds like in response to one of questions, regarding M&A it may have been suggesting that you guys obviously continue to look and may even be close to something. Are you guys still holding a line where M&A is expected to be accretive within some short period of time, or are valuations getting to a point now, where if you were, in fact, to do something of materiality, it could actually be relatively meaningfully dilutive just given what you'd have today? Thank you.
All right. So I'll take the first question, Colby. So in terms of Q4, I think you're thinking about it correctly, we always talk on Q4 being the hardest quarter to call. And then obviously, there's been a bit of a flare-up here with the Delta virus. So we're going with what we see now, as I said earlier in the call, we'll update you as we get more visibility. There's two seasons to call. There's the commerce season, and commerce is a very important vertical for us. And then also, as we've seen in the last several years, there tends to be a big jump step-up in media. So we'll get some more information as we go. But I think you're thinking about it correctly.
Yes. And in terms of the M&A question, we're always looking for companies that have novel capabilities that we can use to build products for our customers that are synergistic with our platform and our solutions we have today. And you're right, there are areas, particularly in security and also edge computing that have very high valuations to that. And that makes it harder to do acquisitions that make sense because we're not going to do something that's crazy. Now when you're looking at acquisition, we look at it over the long-term and so that we want it to be accretive, certainly over the long-term. In addition to the purchase price, we also worry about the hit margins, especially when you do an acquisition, often as you know, the first year, you have revenue recognition issues where you don't get to recognize all the revenue right away. And so in the first year, you can take a hit to your margins. And if we find the right acquisition that is really helpful to us in growth over the long-term and it will be accretive to margins over the long-term, there may be a situation where we would take a short-term hit to margins, and then we would improve them from there.
Thank you. Our next question comes from the line of Brandon Nispel from KeyBanc Capital. Your line is now open.
Great. Thanks for taking the question. Ed, I'm curious about, you mentioned headcount growth slowed and actually was down sequentially. Can you update us on your hiring plans for the rest of the year? And do you believe the company needs another phase of investment in headcount in order to sustain the current growth trajectory? Thanks.
Yeah, sure. So I talked about headcount being a little bit behind hiring. Obviously, last year, we had record low attrition. And we're still not back to the attrition levels that we saw pre-pandemic. But we're just a little bit behind on our hiring. I expect that will catch up. We're scaling the company very well. As you can see, our margins have improved quite a bit. But we still want to make investments in security. You've seen some of our newer products have grown to a pretty material size. We've got some very fast and exciting growing businesses with our edge computing business along with very deep product bench for security. So we're going to continue to invest there. There will be some investments in go-to-market. And then, obviously, as we continue to grow, there'll be some scaling heads that we have to add. But nothing in terms of like a major investment cycle or anything like that that we anticipate coming.
Thank you. Our next question comes from the line of Mike Cikos from Needham & Company. Your line is now open.
Hi team. Thanks for taking the questions. I wanted to focus on the security and the improved outlook you guys provided today. It seems like the security, in general is facing broad-based demand, but are there any solutions specifically that are driving this improved outlook? And then I guess a follow-on, with the current threat environment, the headlines we're seeing, is this driving a material change in customer interest? Are you seeing any noticeable impact on sales cycles or budget flowing into this space as a result of that?
The good news is we're seeing strong demand across all of our major security product lines. And also the new security products are obviously not contributing a lot of revenue yet, but we're seeing strong interest in those as well. So it's just a -- it's a good picture across the board. The threat environment certainly increases the awareness and need for our solutions. In terms of sales cycle, obviously, if a customer is under attack, the sales cycle can be very short. In many cases, we'll integrate the customer within a matter of hours or days and often a follow-up with all the details of the contract later, and we've seen a lot of that. With these ransom DDoS attacks, dozens and dozens of major enterprises in that situation that very quickly become happy Akamai customers. So it's a good environment, I would say, in terms of security sales for all of our security products right now.
Thanks for that. And if I'm just thinking about the traffic trends, trying to parse out between the typical seasonality where there's a slower leg, if you will, in the summer months. And I'm matching that up against what we have with COVID and this Delta variant we're seeing, trying to -- can you guys better comment on that? I'm just trying to put those two pieces together to see what's baked into the guidance as we stand today, or how you see that traffic playing out over the last month, now that we're in Q3? Thank you.
Yeah, good question. So what we've assumed here is that there really isn't going to be a major step-up in demand like we saw last year. So not anticipating major lockdowns or anything like that. So then, obviously, if something like that were to happen, it could increase our traffic in the quarter. We do see typical seasonality in the summer months, typically August in, hopefully Europe, in particular, tends to be lighter than expected. So we're anticipating that. It's offset a little bit by the Olympics. Again, I told you not a ton there, a few million bucks for the Olympics. But security growth is also not necessarily impacted by traffic. So we could see if we do see lockdowns, you could see traffic accelerate a bit. And we're not really anticipating that, it's not in our guide at this point. We are expecting to see a strong seasonal Q4. And like I said a couple of times now, we'll update when we talk to you again, when we get more visibility. But traffic has got back to, what I would call, more normal growth rates. Obviously, we went through a year-and-a-half of accelerated traffic growth with the launch of some major OTT platforms along with the pandemic. So we’re modeling what I would consider to be sort of a more normal CDN outlook.
Thank you. Our next question comes from the line of Ben Rose from Battle Road Research. Your line is now open.
Yes. Good afternoon. A question for Tom and then a question for Ed. For Tom, you mentioned at the outset, the Akamai Account Protector that you're working on in beta. I was curious to know if you could provide a little bit more information on the kind of benefits to customers that would come from this product that may not be available in Akamai's security portfolio currently.
Sure. Account Protector is sort of the next step beyond Bot Manager. Bot Manager detects whether it's a human being that's trying to, for example, to log into an account. And as you probably know, there's a ton of account stuffing going on. We see every day now about 1 billion illegitimate attempts to log into an account of some kind, a bank account, gaming account, a commerce account. And the vast, vast majority of that is bot traffic. Credentials have been stolen somewhere and a Bot network is used to check out those credentials against a lot of websites to see if you get a hit. Now the adversaries have evolved, the attackers have evolved. And now I will use humans to attempt to log in and steal accounts. Now you can't do that at the same scale as you can with a bot army. But you use things that you think may well get in and now the human will do it. And so we need to decide, well, okay, it's human, but is it the right human? And that's what Account Protector is all about. And it will use information about the human that's been using that account before with a variety of inputs and trust scores and then using machine learning to the side on the fly based on everything we can see here, is this the right human for this account? And we give a score that is used to decide, are we going to provide access directly? Do you go to some other security mechanism, like you get asked questions or a capture test of some kind, or do you just block? And that's what Account Protector does. So it is one-step deeper analysis that will now deal with human-based fraud and then specifically around the log-in function. Now of course, Bot Manager covers a lot of other things, too, like price scraping, inventory stealing, inventory – reserving all the seats in a hotel or an airline by a competitor, that kind of thing. So, this is really focused on fraud and log-in that's being done by humans.
Ben, you had a question for Ed, maybe you could restate it.
I don't think it was stated.
Ben, what was your question for Ed? Thank you, everyone. In closing, we will be presenting at several investor conferences and road shows throughout the rest of the third quarter. Details of these can be found on the Investor Relations section of akamai.com. Thank you for joining us, and all of us here at Akamai wish have a wonderful evening.
This concludes today's conference call. Thank you for participating. You may now disconnect.