UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
_____________________
FORM 10-K
_____________________
(Mark One)
For the fiscal year ended July 31 , 2021
or
For the transition period from to
Commission File Number 001-35594
(Exact name of registrant as specified in its charter)
| (State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification No.) | ||||
(Address of principal executive offices, including zip code)
(408 ) 753-4000
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading Symbol(s) | Name of each exchange on which registered | ||||||||||||
Securities registered pursuant to Section 12(g) of the Act:
None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| ☒ | Accelerated filer | ☐ | |||||||||
| Non-accelerated filer | ☐ | Smaller reporting company | |||||||||
| Emerging growth company | |||||||||||
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒
The aggregate market value of voting stock held by non-affiliates of the registrant was $33,296,058,434 as of January 31, 2021, the last business day of the registrant’s most recently completed second fiscal quarter (based on the closing sales price for the common stock on the New York Stock Exchange on such date). Shares of common stock held by each executive officer and director have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
On August 23, 2021, 97,406,113 shares of the registrant’s common stock, $0.0001 par value, were outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
TABLE OF CONTENTS
| Page | ||||||||
| PART I | ||||||||
| Item 1. | ||||||||
| Item 1A. | ||||||||
| Item 1B. | ||||||||
| Item 2. | ||||||||
| Item 3. | ||||||||
| Item 4. | ||||||||
| PART II | ||||||||
| Item 5. | ||||||||
| Item 6. | ||||||||
| Item 7. | ||||||||
| Item 7A. | ||||||||
| Item 8. | ||||||||
| Item 9. | ||||||||
| Item 9A. | ||||||||
| Item 9B. | ||||||||
| Item 9C. | ||||||||
| PART III | ||||||||
| Item 10. | ||||||||
| Item 11. | ||||||||
| Item 12. | ||||||||
| Item 13. | ||||||||
| Item 14. | ||||||||
| PART IV | ||||||||
| Item 15. | ||||||||
- 2 -
PART I
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K, including the sections entitled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan,” “expect,” and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
•our expectations regarding the impacts on our business, the business of our customers, suppliers and partners, and the economy as a result of the global COVID-19 pandemic and related public health measures;
•expectations regarding drivers of and factors affecting growth in our business;
•the performance advantages of our products and subscription and support offerings and the potential benefits to our customers;
•trends in and expectations regarding billings, revenue (including our revenue mix), costs of revenue, gross margin, cash flows, interest expense, operating expenses (including future share-based compensation expense), income taxes, investment plans and liquidity;
•our ability to and expectation that we will continue to grow our installed end-customer base;
•expected recurring revenues resulting from expected growth in our installed base and increased adoption of our products and cloud-based subscription services;
•our expectations regarding future investments in research and development, customer support, in our employees and in our sales force, including expectations regarding growth in our sales headcount;
•our ability to develop or acquire new product, subscription, and support offerings, improve our existing product, subscription, and support offerings, and increase the value of our product, subscription, and support offerings, including through deployment of new capabilities via security applications developed by third parties;
•our expectation that we will continue to expand internationally;
•our expectation that we will continue to renew existing contracts and increase sales to our existing customer base;
•seasonal trends in our results of operations;
•expected impact of the adoption of certain recent accounting pronouncements and the anticipated timing of adopting such standards;
•our expectation that we will expand our facilities or add new facilities as we add employees and enter new geographic markets and expectations related to charges incurred in connection with exiting our former headquarter facilities;
•our expectations regarding the future results of our People Strategy;
•our expectation that we will increase our customer financing activities;
•the sufficiency of our cash flow from operations with existing cash and cash equivalents to meet our cash needs for the foreseeable future;
•future investments in product development, subscriptions, or technologies, and any related delays in the development or release of new product and subscription offerings;
•our ability to successfully acquire and integrate companies and assets;
•expectations and intentions with respect to the products and technologies that we acquire and introduce;
•our ability to obtain adequate supply of our products from our third-party manufacturing partners;
•the timing and amount of capital expenditures and share repurchases; and
•other statements regarding our future operations, financial condition and prospects, and business strategies.
These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in “Risk Factors” included in Part I, Item 1A and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur, and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.
- 3 -
ITEM 1. BUSINESS
General
Palo Alto Networks, Inc. is a global cybersecurity provider with a vision of a world where each day is safer and more secure than the one before. We were incorporated in 2005 and are headquartered in Santa Clara, California.
We empower enterprises, service providers, and government entities to secure all users, applications, data, networks, clouds and devices with comprehensive visibility and context continuously across all locations. We deliver cybersecurity products covering a broad range of use cases, enabling our end-customers to secure their networks, remote and hybrid workforces, branch locations, and public and private clouds, and to advance their Security Operations Centers (“SOC”). We believe our portfolio offers advanced prevention and security, while reducing the total cost of ownership for organizations by improving operational efficiency and eliminating the need for siloed point products. We do this with solutions focused on delivering value in five fundamental areas:
Zero Trust Network Security:
•Enabling zero trust network security through our ML-Powered Next-Generation Firewalls, available in a number of form factors, including physical, virtual, and containerized appliances, as well as a cloud-delivered service. This also includes our add-on Cloud-Delivered Security Services, such as Threat Prevention, WildFire, URL Filtering, Advanced URL Filtering, DNS Security, IoT Security, GlobalProtect, SD-WAN, Enterprise Data Loss Prevention (“Enterprise DLP”), SaaS Security API and SaaS Security Inline that secure content, applications, users, and devices across our ML-Powered Next-Generation Firewalls, Prisma, and Cortex product lines, to enable best-in-class security across a broad range of applications. Panorama, our network security management solution, available as hardware or virtual machine, can centrally manage all of our firewalls irrespective of their form factor, location, or scale.
Cloud Security:
•Enabling cloud security through our Prisma security offerings. Prisma Cloud, the industry’s most comprehensive Cloud Native Security Platform (“CNSP”), secures multi- and hybrid-cloud environments and cloud native applications, integrating security across the full deployment lifecycle. VM-Series and CN-Series enforce in-line network security in multi- and hybrid-cloud environments.
Secure Access Service Edge:
•Prisma Access, the industry’s most complete cloud-delivered security platform, together with Prisma SD-WAN, SaaS Security API and SaaS Security Inline, provide a comprehensive Secure Access Service Edge (“SASE”) offering that is used to secure remote workforces and enable the cloud-delivered branch.
Security Analytics and Automation:
•Delivering the next generation of endpoint security, security analytics and security automation solutions through our Cortex portfolio. These include our industry-leading extended detection and response platform Cortex XDR to prevent, detect, and respond to complex cybersecurity attacks, Cortex XSOAR for security orchestration, automation, and response (“SOAR”), Cortex Xpanse for attack surface management (“ASM”) and Cortex Data Lake allowing our customers to collect and analyze large amounts of context-rich data across endpoints, networks, and clouds. These products are delivered as software or SaaS subscriptions.
Threat Intelligence and Security Consulting (Unit 42):
•Enabling security teams with up-to-date threat intelligence and deep cybersecurity expertise before, during and after attacks through our Unit 42 threat research and security consulting team. Unit 42 offers incident response, risk management, board advisory and proactive cybersecurity assessment services.
Impact of COVID-19 on Our Business
We are actively monitoring, evaluating, and responding to developments relating to COVID-19, which has resulted in, and is expected to continue to result in significant global, social, and business disruption. While we instituted a global work-from-home policy beginning in March 2020, which has been modified to provide employees with the choice to work in certain of our offices when and as they feel comfortable, we did not incur significant disruptions in our work operations during fiscal 2021. We are conducting business as usual with restrictions to employee travel, and we have transitioned in-person marketing events to virtual formats, among other modifications. We expect these changes will substantially remain in effect in the first quarter of fiscal 2022 and could extend to future quarters. We will continue to actively monitor the situation, including progress made through vaccinations, and we will make further changes to our business operations as may be required by federal, state, or local authorities and that we determine are in the best interests of our employees, end-customers, partners, suppliers, and stockholders. Our focus remains on the safety of our employees, and we strive to protect the health and well-being of the communities in which we operate, in part, by providing technology to our employees, end-customers, and partners to help them do their best work while remote.
Although some end-customers adopted Prisma Access as their secure work-from-home solution for the longer term, COVID-19
- 4 -
has affected our end-customers’ spending and could lead them to delay or defer purchasing decisions, and lengthen sales cycles and payment terms, which could materially adversely impact our business, results of operations, and overall financial performance. Also, certain of our end-customers or partners may be or may become credit or cash constrained, making it difficult for them to fulfill their payment obligations to us. The extent of the impact of COVID-19 on our operational and financial performance will depend on developments, including the duration and spread of the virus and its variants, impact on our end-customers’ spending, volume of sales and length of our sales cycles, impact on our partners, suppliers, and employees, actions that may be taken by governmental authorities, and other factors identified in Part I, Item 1A “Risk Factors” in this Form 10-K. Given the dynamic nature of these circumstances, the full impact of COVID-19 on our ongoing business, results of operations and overall financial performance cannot be reasonably estimated at this time.
Product, Subscription, and Support Offerings
Our products are available in the form of the product, subscription, and support offerings described below.
Products
Firewall Appliances and Software. All of our firewall appliances and software incorporate our PAN-OS operating system and come with the same rich set of features ensuring consistent operation across our entire product line. These features include: App-ID, User-ID, Content-ID, Device-ID, site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service (“QoS”). Our appliances and software are designed for different performance requirements throughout an organization and are classified based on throughput, ranging from our PA-410, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use. Our firewall appliances come in a physical form factor, and in a virtual form factor, called VM-Series, that is available for virtualization and cloud environments from companies such as VMware, Inc. (“VMware”), Microsoft Corporation (“Microsoft”), Amazon.com, Inc. (“Amazon”), and Google, Inc. (“Google”), and in Kernel-based Virtual Machine (“KVM”)/OpenStack environments, as well as in a containerized form factor, called CN-Series.
Panorama. Panorama is our centralized security management solution for global control of all of our firewall appliances and software deployed on an end-customer’s network, as well as in their instances in public or private cloud environments, as a virtual appliance or a physical appliance. Panorama is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage. Panorama controls the security, network address translation (“NAT”), QoS, policy-based forwarding, decryption, application override, captive portal, and distributed denial of service/denial of service (“DDoS/DoS”) protection aspects of the appliances, software, virtual and containerized systems under management. Panorama centrally manages device software and associated updates, including SSL-VPN clients, SD-WAN, dynamic content updates, and software licenses. Panorama offers network security monitoring through the ability to view logs and run reports from all managed appliances and software in one location without the need to forward the logs and reliably expands log storage for long-term event investigation and analysis.
Virtual System Upgrades. Virtual System Upgrades are available as extensions to the Virtual System capacity that ships with our physical appliances. Virtual Systems provide a mechanism to support multiple distinct security policies and administrative access for tenants on the same hardware device, which is applicable to our large enterprise and service provider end-customers.
Subscriptions
We offer a number of subscriptions as part of our portfolio. Of these subscription offerings, cloud-delivered security services like Threat Prevention, WildFire, URL Filtering, Advanced URL Filtering, DNS Security, IoT Security, SaaS Security Inline, GlobalProtect, SD-WAN and Enterprise DLP are sold as options to our firewall appliances and software, whereas Prisma Cloud (formerly Redlock Inc. (“RedLock”), Twistlock Ltd. (“Twistlock”), PureSec Ltd. (“PureSec”), Aporeto Inc. (“Aporeto”)), Prisma Access, Prisma SD-WAN (formerly CloudGenix SD-WAN), SaaS Security API (formerly Prisma SaaS), Cortex XDR (formerly Traps), Cortex XSOAR (formerly Demisto Inc. (“Demisto”)), Cortex Xpanse and Cortex Data Lake are sold on a per-user, per-endpoint, or capacity-based basis. Our subscription offerings include:
Zero Trust Network Security:
•Threat Prevention. This subscription provides intrusion detection and prevention capabilities and blocks vulnerability exploits, viruses, spyware, buffer overflows, denial-of-service attacks, and port scans from compromising and damaging enterprise information resources. It includes mechanisms such as protocol decoder-based analysis, protocol anomaly-based protection, stateful pattern matching, statistical anomaly detection, heuristic-based analysis, custom vulnerability and spyware “phone home” signatures, and workflows to manage popular open-source signature formats to extend our leading coverage.
•WildFire. This cloud-based or appliance-based subscription provides protection against targeted malware and advanced persistent threats and provides a near real-time analysis engine for detecting previously unseen malware while resisting attacker evasion techniques. The core component of this subscription goes beyond traditional sandbox environments and can operate on an end-customers’ local environment, private cloud or our public cloud. WildFire combines dynamic and
- 5 -
static analysis, recursive analysis, and a custom-built analysis environment with network traffic profiling and fileless attack detection to discover even the most sophisticated and evasive threats. A machine learning module derived from the cloud sandbox environment is now delivered in-line on the ML-Powered Next-Generation Firewalls to identify the majority of unknown threats without cloud connectivity. Once identified, whether in the cloud or in-line, preventive measures are automatically generated and delivered in seconds or less across networks, clouds, endpoints, or wherever WildFire-enabled sensors are deployed. By providing this as a cloud-based subscription, all of our end-customers benefit from malware found on any of our end-customers’ networks.
•URL Filtering. This subscription provides the uniform resource locator (“URL”) filtering capabilities of our portfolio. Our cloud-based URL filtering database consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats such as phishing, malware, and command-and-control. The curated on-appliance URL database can be augmented to suit the traffic patterns of the local user community with a custom URL database. Native integration with our ML-Powered Next-Generation Firewalls eliminates the need for customers to deploy and manage their web security separately from network security.
•Advanced URL Filtering. This subscription builds on all of the capabilities of URL Filtering, adding the industry’s first in-line ML-powered web protection engine. It delivers real-time detection and prevention of unknown, evasive, and targeted web-based threats such as phishing, malware, and command-and-control. While many vendors use machine learning to categorize web content or prevent malware downloads, Advanced URL Filtering is the first offering to protect patient zero from unknown fileless and file-based web attacks in real-time.
•DNS Security. This cloud-based subscription uses machine learning to proactively block malicious domains and stops attacks in progress. Unlike other solutions, it does not require endpoint routing configurations to be maintained and therefore cannot be bypassed. It allows firewalls access to DNS signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part. Expanded categorization of DNS traffic and comprehensive analytics allow deep insights into threats, empowering security personnel with the context to optimize their security posture. It includes industry-first protections against multiple emerging DNS-based network attacks.
•IoT Security. IoT Security is a new subscription on our ML-Powered Next-Generation Firewalls with backward compatibility to older versions of PAN-OS. Using machine learning and our App-ID technology, it can accurately identify and classify various IoT and operational technology (“OT”) devices, including never-been-seen-before devices, mission critical OT devices and unmanaged legacy systems. It uses machine learning to baseline normal behavior, identify anomalous activity, assess risk, and provide policy recommendations to allow trusted behavior with a new Device-ID policy construct on our ML-Powered Next-Generation Firewalls. Our existing subscription-based security services have also been enhanced with IoT context to prevent threats on various devices, including IoT and OT devices.
•SaaS Security API. SaaS Security API (formerly Prisma SaaS) is a multi-mode, cloud access security broker service that helps govern sanctioned SaaS application usage across all users and helps prevent breaches and non-compliance. Specifically, the service enables the discovery and classification of data stored across the supported SaaS applications, protects sensitive data from accidental exposure, identifies and protects against known and unknown malware, and performs user activity monitoring to identify potential misuse or data exfiltration. It delivers complete visibility and granular enforcement across all user, folder, and file activity within sanctioned SaaS applications, and can be combined with SaaS Security Inline for a complete integrated cloud access security broker (“CASB”).
•SaaS Security Inline. SaaS Security Inline is a new subscription on our ML-Powered Next Generation Firewalls that adds an in-line service to automatically gain visibility and control over the tens of thousands of known and new sanctioned, unsanctioned and tolerated SaaS applications in use within organizations today. It provides enterprise data protection and compliance across all SaaS applications and prevents cloud threats in real time with best-in-class security. The solution is easy to deploy being natively integrated on our range of ML-Powered Next-Generation Firewalls, eliminating the architectural complexity of traditional CASB products, while offering the lowest total cost of ownership. It can be combined with SaaS Security API (formerly Prisma SaaS) as a complete integrated CASB.
•GlobalProtect. This appliance-based subscription provides protection for users of both traditional laptop and mobile devices. It expands the boundaries of the end-users’ physical network, effectively establishing a logical perimeter that encompasses remote laptop and mobile device users irrespective of their location. When a remote user logs into the device, GlobalProtect automatically determines the closest gateway available to the roaming device and establishes a secure connection. Regardless of the operating systems, laptops, tablets and phones will stay connected to the corporate network when they are on a network of any kind and, as a result, are protected as if they never left the corporate campus. GlobalProtect ensures that the same secure application enablement policies that protect users at the corporate site are enforced for all users, independent of their location.
•SD-WAN. Our SD-WAN subscription is now integrated with PAN-OS, so that our end-customers can get the security features of our PAN-OS ML-Powered Next-Generation Firewall together with SD-WAN functionality. The SD-WAN
- 6 -
overlay supports dynamic, intelligent path selection based on the applications, services and conditions of the links that each application or service is allowed to use, allowing applications to be prioritized based on criteria such as whether the application is mission-critical, latency-sensitive, or meets certain health criteria.
•Enterprise DLP. Our data loss prevention service is a cloud service that provides consistent, reliable protection of sensitive data, such as personally identifiable information (“PII”) and intellectual property, for all traffic types, applications, and users. Native integration with our products makes it simple to deploy, and advanced machine learning minimizes management complexity. Enterprise DLP allows organizations to consistently discover, classify, monitor, and protect sensitive data, wherever it may reside. It helps minimize the risk of a data breach both on-premises and in the cloud—such as in Office/Microsoft 365™, Salesforce®, and Box—and assists in meeting stringent data privacy and compliance regulations, including GDPR, CCPA, PCI DSS, HIPAA, and others.
Cloud Security:
•Prisma Cloud. Prisma Cloud is the industry’s most comprehensive CNSP, securing public clouds and cloud native applications. Prisma Cloud delivers cloud security posture management, cloud workload protection platform, cloud network security, and cloud infrastructure entitlement management capabilities that provide comprehensive visibility and protection across an organization’s hybrid, multi-cloud infrastructure.
Secure Access Service Edge:
•Prisma Access. Prisma Access consolidates more point-products into a single converged cloud-delivered platform than any competing solution, transforming network security and allowing organizations to enable secure hybrid workforces. Unlike competing platforms, only Prisma Access protects all application traffic with complete, best-in-class security while ensuring an exceptional user experience with industry-leading service-level agreements (“SLA”s).
•Prisma SD-WAN. Our Prisma SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible. Unlike legacy SD-WAN solutions that introduce cost and complexity, our Prisma SD-WAN ensures exceptional user experience with application-defined policies and simplifies network and security operations using machine learning and automation.
Security Analytics and Automation:
•Cortex XDR. This cloud-based subscription enables organizations to collect telemetry from endpoint, network, identity and cloud data sources and apply advanced analytics and machine learning across all data, to quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR has two product tiers: XDR Prevent and XDR Pro. XDR Prevent delivers enterprise-class endpoint security focused on preventing attacks. XDR Pro extends endpoint detection and response (“EDR”) to include cross-data analytics, including network, cloud and identity data. These capabilities build on each other such that a customer can start with XDR Prevent, then upgrade to XDR Pro for EDR or XDR Pro for cross-data analytics.
•Cortex XSOAR. Available as a cloud-based subscription or an on-premises appliance, Cortex XSOAR is the industry’s most comprehensive SOAR offering that unifies playbook automation, case management, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle. With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks and manage incidents across their security product stack to improve response time and analyst productivity. It learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations.
•Cortex Xpanse. This cloud-based subscription provides attack surface management, which is the ability for an organization to identify what an attacker would see amongst all of its sanctioned and unsanctioned Internet-facing assets. In addition, Cortex Xpanse detects risky or out-of-policy communications between Internet-connected assets that can be exploited for data breaches or ransomware attacks. Finally, Cortex Xpanse continuously identifies Internet assets, risky services or misconfigurations in third parties to help secure a supply chain or identify risks for mergers and acquisitions due diligence.
•Cortex Data Lake. This cloud-based subscription allows our customers to collect and analyze large amounts of context-rich network security data. This includes collection of enhanced network logs generated by our security offerings, including those of our ML-Powered Next-Generation Firewalls and Prisma Access subscription, eliminating the need to plan for local data storage.
Support
Customer Support. We offer Standard Support, Premium Support, Four-Hour Premium Support and Platinum Support to our end-customers and channel partners. Our channel partners that operate a Palo Alto Networks Authorized Support Center (“ASC”) typically deliver level-one and level-two support. We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer a service offering called Focused Services that includes Service Account
- 7 -
Management (“SAM”) to provide support for end-customers with unique or complex support requirements. We offer our end-customers ongoing support for hardware, software and certain cloud offerings in order to receive ongoing security updates, PAN-OS upgrades, bug fixes, and repair. End-customers typically purchase these services for a one-year or longer term at the time of the initial product sale and typically renew for successive one-year or longer periods. Additionally, we provide expedited replacement for any defective hardware. We use a third-party logistics provider to manage our worldwide deployment of spare appliances and other accessories.
Threat Intelligence and Cyber Security Consulting. Unit 42 brings together our world-renowned threat researchers with an elite team of security consultants (formerly Crypsis) to create an intelligence-driven, response-ready organization. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. As threats escalate, Unit 42 is available to advise customers on the latest risks, assess their readiness, and help them recover when they are victim of a cybersecurity breach. Unit 42 Security Consultants serve as a trusted partner with state-of-the-art cyber risk expertise and incident response capabilities, helping customers focus on their business before, during, and after a breach.
Professional Services. Professional services are delivered directly by us and through our authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements. These services include architecture design and planning, implementation, configuration, and firewall migrations, as well as Prisma and Cortex deployments. Customers can also purchase on-going technical experts to be part of customer’s security teams to aid in the implementation and operation of their Palo Alto Networks capabilities. Our education services include certifications, as well as online and in-classroom training, which are primarily delivered through our authorized training partners.
Technology
We provide comprehensive and integrated cybersecurity solutions with a portfolio that eliminates the need for siloed security products.
ML-Powered Next-Generation Firewall. Our ML-Powered Next-Generation Firewalls embed machine learning in the core of the firewall, empowering our customers to stay ahead of new emerging threats, see and secure their entire enterprise, including IoT, and support speed and error reduction with automatic policy recommendations. Our ML-Powered Next-Generation Firewalls extend visibility and security to all devices connecting to an end-user’s network, including unmanaged IoT devices without the need to deploy additional sensors. Our ML-Powered Next-Generation Firewalls inspect all traffic defined by the end-users policies, including all applications, threats, and content, and tie that traffic to the user, regardless of location or device type. The user, application, devices and content—the elements that run a business—become integral components of an enterprise’s security policy via our User-ID, App-ID, Device-ID and Content-ID technology. As a result, security aligns with business policies, as well as writes rules that are easy to understand and maintain. Our ML-Powered Next-Generation Firewalls can be deployed in multiple form factors, including hardware, software and cloud service, all managed centrally.
Prisma Access. Prisma Access is a SASE technology that helps organizations deliver consistent security to remote networks and mobile users. Located in more than 100 locations around the world in 77 countries, Prisma Access consistently inspects all traffic across all ports and provides bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic.
Delivering protection at scale, Prisma Access provides global coverage so teams do not have to worry about sizing and deploying hardware firewalls at the branch. Prisma Access uses Cortex Data Lake for centralized analysis, reporting, and forensics.
Prisma SD-WAN. Prisma SD-WAN is the industry’s first next-generation SD-WAN solution that makes the secure cloud-delivered branch possible, delivering an ROI of up to 243%. Unlike legacy SD-WAN solutions that introduce cost and complexity, Prisma SD-WAN ensures exceptional user experience with application-defined policies and simplifies network and security operations using machine learning and AI.
Prisma Cloud. Prisma Cloud is a unified CNSP with broad security and compliance coverage for the entire cloud across hybrid and multi-cloud environments. Prisma Cloud protects cloud native applications spanning hosts, containers, serverless architectures and other platform as a service (“PaaS”) offerings across cloud platforms. It dynamically discovers public cloud resources as they are deployed and correlates data cloud services (resource configurations, flow logs, audit logs, host and container logs, etc.) to provide security and compliance insights for cloud applications. It uses machine learning to profile user, workload, and application behaviors to identify and prevent advanced threats.
Prisma Cloud integrates with continuous integration and continuous development (“CI/CD”) tool chains to provide full lifecycle vulnerability management, compliance, infrastructure-as-code scanning, and runtime defense. With a comprehensive library of compliance frameworks, it vastly simplifies the task of maintaining compliance. Prisma Cloud provides this through deep context-sharing that spans infrastructure, PaaS, users, development platforms, data, and application workloads. Seamless integration with security orchestration tools ensures rapid remediation of vulnerabilities and security issues.
- 8 -
SaaS Security. SaaS Security enables safe cloud adoption by providing visibility, compliance controls, and security for cloud applications and sensitive data. It helps minimize the use of shadow IT, secure access to corporate SaaS applications and mitigate the risk of a data breach in the cloud. SaaS Security is an integrated CASB and includes SaaS Security API and SaaS Security Inline.
Cortex XDR. Cortex XDR is an industry-recognized extended detection and response offering that integrates endpoint, network, and cloud data to stop sophisticated attacks. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, reducing investigation time by 88% compared to manual processes.
Cortex XSOAR. Cortex XSOAR improves SOC efficiency with an industry-recognized extended SOAR offering. Security leaders can transform every aspect of their operations with a comprehensive, unified approach to case management, automation, real-time collaboration, and threat intelligence management. Cortex XSOAR enables security teams to manage alerts across all sources, standardize any processes with playbooks, take action on threat intelligence, and automate response for every security use case, and use of which has resulted, for many of our customers, in significantly faster SOC response times and a significant reduction in alerts to the SOC which require human intervention.
Cortex Xpanse. Cortex Xpanse is an attack surface management platform that provides an attacker’s view of your enterprise. Cortex Xpanse gives a complete and accurate inventory of an organization’s global Internet-facing assets and misconfigurations, allowing them to continuously discover, evaluate, and mitigate an external attack surface, flag risky communications, evaluate supplier risk or assess the security of merger and acquisition targets. With Cortex Xpanse, enterprises are armed with complete asset inventories in order to reduce risk from vulnerabilities and improve mean time to discover and respond. Audit and Compliance teams use Cortex Xpanse to improve their audit processes and stay in compliance by assessing their access controls against regulatory frameworks.
Certifications. Many of our products have been awarded Federal Information Processing Standard (“FIPS”) 140-2 Level 2, Common Criteria/National Information Assurance Partnership (“NIAP”) Evaluation Assurance Level (“EAL”) 2, Common Criteria/NIAP EAL4+, Network Equipment-Building System (“NEBS”), and ICSA Firewall certifications.
Research and Development
Our research and development efforts are focused on developing new hardware and software and on enhancing and improving our existing product and subscription offerings. We believe that hardware and software are both critical to expanding our leadership in the enterprise security industry. Our engineering team has deep networking, endpoint, and security expertise and works closely with end-customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into applications and threats, which allows us to respond to the rapidly changing application and threat landscape. We supplement our own research and development efforts with technologies and products that we license from third parties. We test our products thoroughly to certify and ensure interoperability with third-party hardware and software products.
We believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2021, we introduced several new offerings, including: Cortex XDR 2.5, Next Generation SD-WAN, Prisma Cloud 2.0, Enterprise DLP, 5G Security, IoT Healthcare Security, Prisma Access 2.0 and Complete Zero Trust Network Security. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, we acquired the Crypsis Group (“Crypsis”), which we expect will expand our incident response capabilities and strengthen our Cortex strategy; we acquired Sinefa Group, Inc. (“Sinefa”), which we expect will extend our Prisma Access offering; we acquired Expanse Inc. (“Expanse”), which we expect will enrich our Cortex offerings and provide organizations an integrated view of the enterprise to combine external, internal, and threat data; and we acquired Bridgecrew Inc. (“Bridgecrew”), which we expect will expand our Prisma Cloud offering to deliver security across the full application lifecycle.
We plan to continue to significantly invest in our research and development efforts as we evolve and extend the capabilities of our portfolio.
Intellectual Property
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the enterprise security industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. We continue to grow our patent portfolio and own intellectual property and related intellectual property rights around the world that relate to our products, services, research and development, and other activities, and our success depends in part upon our ability to protect our core technology and intellectual property. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products.
We actively seek to protect our global intellectual property rights and to deter unauthorized use of our intellectual property by controlling access to and use of our proprietary software and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers and partners, and our software is protected by U.S. and international copyright laws. Despite our efforts to protect our intellectual property rights, our rights may not be successfully
- 9 -
asserted in the future or may be invalidated, circumvented or challenged. In addition, the laws of various foreign countries where our offerings are distributed may not protect our intellectual property rights to the same extent as laws in the United States. See “Risk Factors-Claims by others that we infringe their proprietary technology or other rights could harm our business,” “Risk Factors-Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us,” and “Legal Proceedings” below for additional information.
Government Regulation
We are subject to numerous U.S. federal, state, and foreign laws and regulations covering a wide variety of subject matters. Like other companies in the technology industry, we face scrutiny from both U.S. and foreign governments with respect to our compliance with laws and regulations. Our compliance with these laws and regulations may be onerous and could, individually or in the aggregate, increase our cost of doing business, impact our competitive position relative to our peers, and/or otherwise have an adverse impact on our business, reputation, financial condition, and operating results. For additional information about government regulation applicable to our business, see Part I, Item 1A “Risk Factors” in this Form 10-K.
Competition
We operate in the intensely competitive enterprise security industry that is characterized by constant change and innovation. Changes in the application, threat, and technology landscape result in evolving customer requirements for the protection from threats and the safe enablement of applications. Our main competitors fall into five categories:
•large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”) or those that have acquired, or may acquire, large network and endpoint security vendors and have the technical and financial resources to bring competitive solutions to the market;
•independent security vendors such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), and Zscaler, Inc. (“Zscaler”) that offer a mix of network and endpoint security products;
•startups and single-vertical vendors that offer independent or emerging solutions across various areas of security;
•public cloud vendors and startups that offer solutions for cloud security (private, public and hybrid cloud); and
•large and small companies, such as Crowdstrike, Inc (“Crowdstrike”) that offer solutions for security operations and endpoint security.
As our market grows, it will attract more highly specialized vendors, as well as larger vendors that may continue to acquire or bundle their products more effectively.
The principal competitive factors in our market include:
•product features, reliability, performance, and effectiveness;
•product line breadth, diversity, and applicability;
•product extensibility and ability to integrate with other technology infrastructures;
•price and total cost of ownership;
•adherence to industry standards and certifications;
•strength of sales and marketing efforts; and
•brand awareness and reputation.
We believe we generally compete favorably with our competitors on the basis of these factors as a result of the features and performance of our portfolio, the ease of integration of our products with technological infrastructures, and the relatively low total cost of ownership of our products. However, many of our competitors have substantially greater financial, technical, and other resources, greater name recognition, larger sales and marketing budgets, broader distribution, more diversified product lines, and larger and more mature intellectual property portfolios.
Sales, Customer Support and Marketing
Customers. Our end-customers are predominantly medium to large enterprises, service providers, and government entities. Our end-customers operate in a variety of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. Our end-customers deploy our portfolio of products for a variety of security functions across a variety of deployment scenarios. Typical deployment scenarios include the enterprise perimeter, the enterprise data center, and the distributed enterprise perimeter. Our end-customer deployments typically involve at least one pair of our products along with one or more of our subscriptions, depending on size, security needs and requirements, and network complexity. No single end-customer accounted for more than 10% of our total revenue in fiscal 2021, 2020, or 2019.
- 10 -
Distribution. We primarily sell our products and subscription and support offerings to end-customers through our channel partners utilizing a two-tier, indirect fulfillment model whereby we sell our products and subscription and support offerings to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers. Sales are generally subject to our standard, non-exclusive distributor agreement, which provides for an initial term of one year, one-year renewal terms, termination by us with 30 to 90 days written notice prior to the renewal date, and payment to us from the channel partner within 30 to 45 calendar days of the date we issue an invoice for such sales. For fiscal 2021, 56.0% of our total revenue was derived from sales to three distributors.
We also sell our VM-Series virtual firewalls directly to end-customers through Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, and Google’s Cloud Platform Marketplace under a usage-based licensing model.
Sales. Our sales organization is responsible for large-account acquisition and overall market development, which includes the management of the relationships with our channel partners, working with our channel partners in winning and supporting end-customers through a direct-touch approach, and acting as the liaison between our end-customers and our marketing and product development organizations. We expect to continue to grow our sales headcount to expand our reach in all key growth sectors.
Our sales organization is supported by sales engineers with responsibility for pre-sales technical support, solutions engineering for our end-customers, and technical training for our channel partners.
Channel Program. Our NextWave Channel Partner program is focused on building in-depth relationships with solutions-oriented distributors and resellers that have strong security expertise. The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing funds, technical and sales training, and support. To promote optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2021, we had more than 5,900 channel partners.
Customer Support. Our customer support organization is responsible for delivering support, professional, and educational services directly to our channel partners and to end-customers. We leverage the capabilities of our channel partners and train them in the delivery of support, professional, and educational services to enable these services to be locally delivered. We believe that a broad range of support services is essential to the successful customer deployment and ongoing support of our products, and we have hired support engineers with proven experience to provide those services.
Marketing. Our marketing is focused on building our brand reputation and the market awareness of our portfolio and driving pipeline and end-customer demand. Our marketing team consists primarily of product marketing, brand, demand, field, communications, including analyst relations and digital and analytics functions. Marketing activities include pipeline development through demand generation, social media and advertising programs, managing the corporate website and partner portal, trade shows and conferences, analyst relationships, customer advocacy, and customer awareness. Every year we organize our end-customer conference “Ignite.” We also publish threat intelligence research such as the Unit 42 Cloud Threat Report and the Unit 42 IoT Threat Report, which are based on data from our global threat intelligence team, Unit 42. These activities and tools benefit both our direct and indirect channels and are available at no cost to our channel partners.
Backlog. Orders for subscription and support offerings for multiple years are generally billed upfront shortly after fulfillment and are included in deferred revenue. Timing of revenue recognition for subscription and support offerings may vary depending on the contractual period or when the subscription and support offerings are rendered. Products are shipped and billed shortly after receipt of an order. However, insufficient supply and inventory may delay our product shipments. The majority of our product revenue comes from orders that are received and shipped in the same quarter. As such, we do not believe that our product backlog at any particular time is meaningful and it is not necessarily indicative of our future operating results.
Seasonality. Our business is affected by seasonal fluctuations in customer spending patterns. We have begun to see seasonal patterns in our business, which we expect to become more pronounced as we continue to grow, with our strongest sequential revenue growth occurring in our fiscal second and fourth quarters.
Manufacturing
We outsource the manufacturing of our security products to various manufacturing partners, which include our electronics manufacturing services provider (“EMS provider”) and original design manufacturers. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust more quickly to changing end-customer demand. Our EMS provider is Flextronics International, Ltd. (“Flex”), who assembles our products using design specifications, quality assurance programs, and standards that we establish, and procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.
The component parts within our products are either sourced by our manufacturing partners or by various component suppliers. We do not have any long-term manufacturing contracts that guarantee us any fixed capacity or pricing, which could increase our exposure to supply shortages or price fluctuations related to raw materials.
- 11 -
Human Capital
We believe our ongoing success depends on our employees. Development and investment in our people have always been central to who we are, and will continue to be so. Our People Strategy is a comprehensive approach to source, hire, onboard, integrate, develop, engage and reward employees. With a global workforce of 10,473 (as of July 31, 2021), we take our People Strategy seriously and manage it as a critical element of our overall company strategy.
Source & Hire. Sourcing and hiring diverse talent and setting them free to create and execute is central to our approach to our people. Our talent acquisition team utilizes a number of methods to find subject experts in their respective fields, including the use of a variety of channels that focus on reaching diverse and underserved communities. Our university relations team partners with hundreds of academic institutions, including colleges and universities that focus on serving underrepresented populations, to provide career pathways for early-in-career candidates. We also encourage current employees to provide qualified referrals. Through our License-to-Hire program, we ensure that hiring managers are trained to recruit, that they are made aware of potential unconscious biases and interview for the values and competencies that we believe enhance our culture. We have diverse interview panels to deliver a quality interview experience to a diverse slate of candidates.
Onboard & Integrate. We believe that a positive onboarding experience is foundational to positive employee engagement and rapid productivity. During the COVID-19 pandemic, we built and utilized virtual learning platforms and employee communication channels to provide new employees with inspirational, often personalized, onboarding experiences. Onboarding is a journey of integration that extends through the first year at Palo Alto Networks for every employee. In addition, we have built specialist learning tracks for interns and new graduates that have been recognized as best in class externally. As part of our merger and acquisition strategy, we have also established a robust integration program with the goal to enable individuals joining our teams to feel part of our culture at speed.
Develop & Motivate. FLEXLearn is our unique approach to personalized employee development. FLEXLearn is a learning experience platform that provides employees with a path based on their needs, interests, style, and career journey. Development information about core business elements, professional skill sets, working in a distributed environment, as well as required compliance training, such as Code of Conduct, anti-discrimination, anti-harassment, and anti-bribery training, is also deployed through the FLEXLearn platform. In addition, FLEXLearn provides employees with events and activities that motivate and spark critical thinking, on topics ranging from inclusion, to well-being and collaboration. As of July 31, 2021, 99.5% of our employees had completed Code of Conduct and Business Ethics training. On average, employees had completed 12 hours of development through the FLEXLearn platform during fiscal 2021.
Engage & Reward. We conduct weekly executive listening sessions and frequent “pulse surveys” to better understand employee engagement, sentiment well-being, and latterly, the agility to transition to a distributed work model. Many of these sessions have informed our holistic People Strategy through programs like FLEXWORK, Inclusion and Diversity, and Internal Mobility.
Employee sentiment has continued to be highly positive. In February 2021, we conducted an anonymous global employee engagement survey. The response rate was 92% representing all functions and geographies. The overall engagement score was 81%. Employees indicated a strong sense of belonging, confidence in leadership, and an understanding of how their work contributes to the Company’s goals. Outcomes from the survey are being used to develop company-wide and function-specific action plans.
In addition to a comprehensive compensation and diverse benefits program, we believe in an always-on feedback and rewards philosophy. From recurring 1:1 sessions and quarterly performance feedback to use of our Cheers for Peers peer recognition program, employees get continuous input about the value they bring to the organization.
Inclusion & Diversity. We are intentional about including diverse points of view, perspectives, experiences, backgrounds and ideas in our decision-making processes. We deeply believe that true diversity exists when we have representation of all ethnicities, genders, orientations and identities, and cultures in our workforce. Our Inclusion and Diversity (“I&D”) programs continue to advance those visions. The diversity of our board of directors, with women representing 33% of our board (as of July 31, 2021), is an example of that vision in action. We have eight employee network groups (“ENG”s) which are employee-led groups that play a vital role in building understanding and awareness. Over 25% of our global workforce was involved in at least one ENG as of July 31, 2021. Our ENGs are provided with a budget to fund activities for their communities, we involve our ENGs in listening sessions with executive teams and we work in partnership to develop our annual I&D plans, because we believe involvement is critical. Our I&D philosophy is fully embedded in our talent acquisition, learning and development and rewards and recognition programs.
FLEXWORK. Throughout the COVID-19 pandemic, while prioritizing the health and safety of our employees, we have learned how to collaborate in a distributed work reality and to create opportunities for employees to maintain a sense of belonging and focus on well-being. The pivot to a distributed work model presented an opportunity to re-examine how and where we work going forward past the pandemic. Moving into the future we aim to disrupt the nature of work. Our philosophy is simple: place our employees at the center of their working life by providing employees flexibility, personalization, and choice regarding how they work, the benefits they choose, the way they consume learning and, where possible, where they work. We truly believe that the more our
- 12 -
employees have choice, the more engaged they will be. This theory has proven out in both the productivity and positive sentiment achieved across the months of the pandemic.
FLEXWORK adds even more opportunity to scale our efforts to improve Inclusion and Diversity. It further enables us to recognize each individual as unique, with their own priorities and needs, and gives the employee greater agency to personalize their decisions and utilize our programs and initiatives to meet those interests and desires.
The change to the nature of work won’t happen in isolation as other organizations must make similar transitions. We created the FLEXWORK Coalition, a group of over 800 companies that have joined discussion sessions about the nature of work. Our company leads these conversations, bringing in expert speakers and case studies to guide other company transformations.
Environmental, Social & Governance
We recognize our duty to address environmental, social and governance (“ESG”) practices. From our Climate Commitment and our social impact programs to our Supplier Responsibility initiatives and Code of Business Conduct and Ethics, we value the opportunity to have meaningful outcomes that reinforce our intention to respect our planet, uplift our communities and advance our industry.
Environmental. We recognize climate change is a global crisis and are committed to doing our part to reduce environmental impacts by setting clear goals, engaging in coalitions and collaborating across our value chain. In February 2021, we declared a set of climate commitments. Aligned to the Paris Agreement, we set a goal to be carbon neutral by 2030 and outlined three strategies to reach that goal: utilize 100% renewable energy, reduce our greenhouse gas (“GHG”) emissions using guidance established by the Science Based Targets initiative and to offset remaining emissions by investing in quality carbon offset programs. We committed to being transparent about our progress over time through annual reporting.
Social. In addition to our FLEXWORK People Strategy described in the section titled “Human Capital” above, we prioritized the health and safety of our employees during the COVID-19 pandemic. Through the deployment of our Global Supplier Code of Conduct, we continued to reach across our supply chain to communicate our expectations regarding labor standards, business practices and workplace health and safety conditions. During fiscal 2021, we became an affiliate member of the Responsible Business Alliance and published a Supplier Diversity statement to advance our supplier responsibility programs. We value our role as a good corporate citizen and scaled our social impact programs in fiscal 2021, focusing on helping colleagues and communities impacted by the COVID-19 pandemic through charitable donations, employee giving and volunteer programs. We also expanded our cybersecurity education programs to help youth protect their digital way of life and to prepare diverse adults for careers in cybersecurity.
Governance. Integrity is one of our core values. Our corporate behavior and leadership practices model ethical decision making. Employees and suppliers are informed about our governance expectations through our Codes of Conduct, compliance training programs and ongoing communications. As of July 31, 2021, 99.5% of our employees had completed Code of Conduct and Business Ethics training. Reinforcing the importance of our ESG performance, the charter of the Nominating and Governance Committee of the board of directors includes the primary oversight of ESG.
Available Information
Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available free of charge on the Investors portion of our website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (“SEC”). We also provide a link to the section of the SEC’s website at www.sec.gov that has all of our public filings, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, all amendments to those reports, our Proxy Statements, and other ownership-related filings.
We also use our investor relations website as a channel of distribution for important company information. For example, webcasts of our earnings calls and certain events we participate in or host with members of the investment community are on our investor relations website. Additionally, we announce investor information, including news and commentary about our business and financial performance, SEC filings, notices of investor events, and our press and earnings releases, on our investor relations website. Investors and others can receive notifications of new information posted on our investor relations website in real time by signing up for email alerts and RSS feeds. Further corporate governance information, including our corporate governance guidelines, board committee charters, and code of conduct, is also available on our investor relations website under the heading “Governance.” The contents of our websites are not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.
- 13 -
ITEM 1A. RISK FACTORS
Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition, and operating results could be materially adversely affected, and the market price of our common stock could decline. In addition, the impacts of COVID-19 and any worsening of the economic environment may exacerbate the risks described below, any of which could have a material impact on us. This situation is changing rapidly, and additional impacts may arise that we are not currently aware of.
RISK FACTOR SUMMARY
Our business is subject to numerous risks and uncertainties. These risks include, but are not limited to, the following:
•The ongoing global COVID-19 outbreak could harm our business and results of operations.
•Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.
•Our operating results may vary significantly from period to period and be unpredictable, which could cause the market price of our common stock to decline.
•Ongoing global economic uncertainty could have an adverse effect on our business and operating results.
•Our revenue growth rate in recent periods may not be indicative of our future performance.
•We have a history of losses, anticipate increasing our operating expenses in the future, and may not be able to achieve or maintain profitability or maintain or increase cash flow on a consistent basis, which could cause our business, financial condition, and operating results to suffer.
•If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, our future revenue and operating results will be harmed.
•We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
•A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.
•Reliance on shipments at the end of the quarter could cause our revenue for the applicable period to fall below expected levels.
•Seasonality may cause fluctuations in our revenue.
•If we are unable to hire, integrate, train, retain, and motivate qualified personnel and senior management, our business could suffer.
•If we are not successful in executing our strategy to increase sales of our products, subscriptions and support offerings to new and existing medium and large enterprise end-customers, our operating results may suffer.
•We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales of these subscription and support offerings are not immediately reflected in full in our operating results.
•Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.
•False detection of applications, viruses, spyware, vulnerability exploits, data patterns, or URL categories could adversely affect our business.
•We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited, and our operating results will be harmed.
•If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.
•Our current research and development efforts may not produce successful products, subscriptions, or features that result in significant revenue, cost savings or other benefits in the near future, if at all.
- 14 -
•We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, and adversely affect our operating results, may not result in the expected benefits of such acquisitions and may dilute stockholder value.
•Because we depend on manufacturing partners to build and ship our products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.
•Managing the supply of our products and product components is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
•Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to our end-customers and may result in the loss of sales and end-customers.
•The sales prices of our products and subscriptions may decrease, which may reduce our gross profits and adversely impact our financial results.
•We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
•We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and operating results.
•We are exposed to the credit and liquidity risk of some of our channel partners and end-customers, and to credit exposure in weakened markets, which could result in material losses.
•A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
•Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.
•Claims by others that we infringe their proprietary technology or other rights could harm our business.
•Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.
•Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.
•We license technology from third parties, and our inability to maintain those licenses could harm our business.
•Our failure to adequately protect personal information could have a material adverse effect on our business.
•We face risks associated with having operations and employees located in Israel.
•We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
•Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.
•We have a corporate structure aligned with the international nature of our business activities, and if we do not achieve increased tax benefits as a result of our corporate structure, our financial condition and operating results could be adversely affected.
•We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.
•Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.
- 15 -
Risks Related to Our Business and Our Industry
The ongoing global COVID-19 outbreak could harm our business and results of operations.
The novel strain of COVID-19 identified in late 2019 has spread globally, including within the United States, and has resulted in government authorities implementing numerous measures to try to contain the virus, such as travel bans and restrictions, quarantines, shelter in place orders, and shutdowns. This outbreak has negatively impacted and will likely continue to have a negative impact on, worldwide economic activity and financial markets and has impacted, and will further impact, our workforce and operations, the operations of our end-customers, and those of our respective channel partners, vendors and suppliers. In light of the uncertain and rapidly evolving situation relating to the spread of this virus and various government restrictions and guidelines, we have taken measures intended to mitigate the spread of the virus and minimize the risk to our employees, channel partners, end-customers, and the communities in which we operate. These measures include transitioning our employee population to work remotely from home beginning in March 2020, which continued through the fiscal year ended July 31, 2021, and may continue into future quarters. Although we continue to monitor the situation and may adjust our current policies as more information and public health guidance become available, including progress made through vaccinations, these precautionary measures that we have adopted could negatively affect our customer success efforts, sales and marketing efforts, delay and lengthen our sales cycles, and create operational or other challenges, any of which could harm our business and results of operations. In addition, COVID-19 may continue to disrupt the operations of our end-customers and channel partners for an indefinite period of time, including as a result of travel restrictions and/or business shutdowns, all of which could negatively impact our business and results of operations, including cash flows.
The ongoing impact of COVID-19 is fluid and uncertain, but it has caused and may continue to cause various negative effects, including an inability to meet with our existing or potential end-customers; our end-customers deciding to delay or abandon their planned purchases; increased requests for delayed payment terms or product discounts by our end-customers and channel partners; us delaying, canceling, or withdrawing from user and industry conferences and other marketing events, including some of our own; changes in the demand for our products, which has caused us to reprioritize our engineering and research and development efforts and make changes to our original offering roadmap; and delays or possible disruptions in our supply chain. As a result, we may experience extended sales cycles; our demand generation activities, and our ability to close transactions with end-customers and partners may be negatively impacted; our ability to provide 24x7 worldwide support and/or replacement parts to our end-customers may be adversely affected; and it has been and, until the COVID-19 outbreak is contained and global economic activity stabilizes, will continue to be more difficult for us to forecast our operating results.
More generally, the outbreak has not only significantly and adversely increased economic and demand uncertainty, but it has caused a global economic slowdown, and continuing global economic uncertainty which could decrease technology spending and adversely affect demand for our offerings and harm our business and results of operations.
Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.
We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased significantly, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2020 to the end of fiscal 2021, our headcount increased from 8,014 to 10,473 employees. In addition, as we have grown, our number of end-customers has also increased significantly, and we have increasingly managed more complex deployments of our products and subscriptions with larger end-customers. The growth and expansion of our business and product, subscription, and support offerings places a significant strain on our management, operational, and financial resources. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner, all of which may be more difficult to accomplish the longer that our employees must work remotely from home.
We may not be able to successfully implement or scale improvements to our systems, processes, and controls in an efficient or timely manner. In addition, our existing systems, processes, and controls may not prevent or detect all errors, omissions, or fraud. We may also experience difficulties in managing improvements to our systems, processes, and controls or in connection with third-party software licensed to help us with such improvements. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs, disrupt our existing end-customer relationships, reduce demand for or limit us to smaller deployments of our products, or harm our business performance and operating results.
- 16 -
Our operating results may vary significantly from period to period and be unpredictable, which could cause the market price of our common stock to decline.
Our operating results, in particular, our revenues, gross margins, operating margins, and operating expenses, have historically varied from period to period, and even though we have experienced growth, we expect variation to continue as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
•our ability to attract and retain new end-customers or sell additional products and subscriptions to our existing end-customers;
•the budgeting cycles, seasonal buying patterns, and purchasing practices of our end-customers, including the likely slowdown in technology spending due to the global economic downturn;
•changes in end-customer, distributor or reseller requirements, or market needs;
•price competition;
•the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of our industry, including consolidation among our competitors or end-customers and strategic partnerships entered into by and between our competitors;
•changes in the mix of our products, subscriptions, and support, including changes in multi-year subscriptions and support;
•our ability to successfully and continuously expand our business domestically and internationally, particularly in the current global economic slowdown;
•changes in the growth rate of the enterprise security industry;
•deferral of orders from end-customers in anticipation of new products or product enhancements announced by us or our competitors;
•the timing and costs related to the development or acquisition of technologies or businesses or strategic partnerships;
•lack of synergy or the inability to realize expected synergies, resulting from acquisitions or strategic partnerships;
•our inability to execute, complete, or integrate efficiently any acquisitions that we may undertake;
•increased expenses, unforeseen liabilities, or write-downs and any impact on our operating results from any acquisitions we consummate;
•our ability to increase the size and productivity of our distribution channel;
•decisions by potential end-customers to purchase security solutions from larger, more established security vendors or from their primary network equipment vendors;
•changes in end-customer penetration or attach and renewal rates for our subscriptions;
•timing of revenue recognition and revenue deferrals;
•our ability to manage production and manufacturing related costs, global customer service organization costs, inventory excess and obsolescence costs, and warranty costs, especially due to potential disruptions in our supply chain as a result of COVID-19;
•our ability to manage cloud hosting service costs and scale the cloud-based subscription offerings;
•insolvency or credit difficulties confronting our end-customers, which could increase due to the effects of COVID-19 and adversely affect their ability to purchase or pay for our products and subscription and support offerings in a timely manner or at all, or confronting our key suppliers, including our sole source suppliers, which could disrupt our supply chain;
•any disruption in our channel or termination of our relationships with important channel partners, including as a result of consolidation among distributors and resellers of security solutions;
•our inability to fulfill our end-customers’ orders due to supply chain delays or events that impact our manufacturers or their suppliers, which may be adversely affected by the effects of COVID-19;
•the cost and potential outcomes of litigation, which could have a material adverse effect on our business;
•seasonality or cyclical fluctuations in our markets;
•future accounting pronouncements or changes in our accounting policies;
- 17 -
•increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates, as an increasing amount of our expenses is incurred and paid in currencies other than the U.S. dollar;
•political, economic and social instability caused by the United Kingdom’s exit from the European Union (“Brexit”), continued hostilities in the Middle East, terrorist activities, any disruptions from COVID-19 and any disruption these events may cause to the broader global industrial economy; and
•general macroeconomic conditions, both domestically and in our foreign markets that could impact some or all regions where we operate, including the expected global economic slowdown, increased risk of inflation, and potential global recession caused by the COVID-19 pandemic.
Any one of the factors above, or the cumulative effect of some of the factors referred to above, may result in significant fluctuations in our financial and other operating results. This variability and unpredictability could result in our failure to meet our revenue, margin, or other operating result expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
Ongoing global economic uncertainty could have an adverse effect on our business and operating results.
We operate globally and as a result our business and revenues are impacted by global macroeconomic conditions. The multinational efforts to contain the spread of COVID-19 have had a significant adverse effect on the global macroeconomic environment that continues to cause economic uncertainty. In addition, the instability in the global credit markets, falling demand for oil and other commodities, uncertainties regarding the effects of Brexit, uncertainties related to the timing of the lifting of governmental restrictions to mitigate the spread of COVID-19, changes in public policies such as domestic and international regulations, taxes, or international trade agreements, international trade disputes, government shutdowns, geopolitical turmoil and other disruptions to global and regional economies and markets continue to add uncertainty to global economic conditions.
These adverse conditions could result in reductions in sales of our products and subscriptions, longer sales cycles, reductions in subscription or contract duration and value, slower adoption of new technologies, and increased price competition. As a result, any continued or further uncertainty, weakness or deterioration in global macroeconomic and market conditions may cause our end-customers to modify spending priorities or delay purchasing decisions, and result in lengthened sales cycles, any of which could harm our business and operating results.
Our revenue growth rate in recent periods may not be indicative of our future performance.
We have experienced revenue growth rates of 24.9% and 17.5% in fiscal 2021 and fiscal 2020, respectively. Our revenue for any prior quarterly or annual period should not be relied upon as an indication of our future revenue or revenue growth for any future period. If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to achieve and maintain profitability or maintain or increase cash flow on a consistent basis.
We have a history of losses, anticipate increasing our operating expenses in the future, and may not be able to achieve or maintain profitability or maintain or increase cash flow on a consistent basis, which could cause our business, financial condition, and operating results to suffer.
Other than fiscal 2012, we have incurred losses in all fiscal years since our inception. As a result, we had an accumulated deficit of $1.7 billion as of July 31, 2021. We anticipate that our operating expenses will continue to increase in the foreseeable future as we continue to grow our business. Our growth efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenues sufficiently, or at all, to offset increasing expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including the downturn in the global and U.S. economy due to COVID-19, slowing demand for our products or subscriptions, increasing competition, a decrease in the growth of, or a demand shift in, our overall market, or a failure to capitalize on growth opportunities. Any failure to increase our revenue as we grow our business could prevent us from achieving or maintaining profitability or maintaining or increasing cash flow on a consistent basis. In addition, we may have difficulty achieving profitability under U.S. GAAP due to share-based compensation expense and other non-cash charges. If we are unable to navigate these challenges as we encounter them, our business, financial condition, and operating results may suffer.
If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, our future revenue and operating results will be harmed.
Our future success depends, in part, on our ability to expand the deployment of our portfolio with existing end-customers and create demand for our new offerings, including cloud security, AI, and analytics offerings. This may require increasingly sophisticated and costly sales efforts that may not result in additional sales. The rate at which our end-customers purchase additional products, subscriptions, and support depends on a number of factors, including the perceived need for additional security products, including subscription and support offerings, as well as general economic conditions. Further, existing end-customers have no contractual obligation to and may not renew their subscription and support contracts after the completion of their initial contract period. Our end-customers’ renewal rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction with our
- 18 -
subscriptions and our support offerings, the frequency and severity of subscription outages, our product uptime or latency, and the pricing of our, or competing, subscriptions. Additionally, our end-customers may renew their subscription and support agreements for shorter contract lengths or on other terms that are less economically beneficial to us. We also cannot be certain that our end-customers will renew their subscription and support agreements. If our efforts to sell additional products and subscriptions to our end-customers are not successful or our end-customers do not renew their subscription and support agreements or renew them on less favorable terms, our revenues may grow more slowly than expected or decline.
We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The industry for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. Our main competitors fall into five categories:
•large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”) or those that have acquired, or may acquire, large network and endpoint security vendors and have the technical and financial resources to bring competitive solutions to the market;
•independent security vendors such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), and Zscaler, Inc. (“Zscaler”) that offer a mix of network and endpoint security products;
•startups and single-vertical vendors that offer independent or emerging solutions across various areas of security;
•public cloud vendors and startups that offer solutions for cloud security (private, public and hybrid cloud); and
•large and small companies, such as Crowdstrike, Inc (“Crowdstrike”) that offer solutions for security operations and endpoint security.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
•greater name recognition and longer operating histories;
•larger sales and marketing budgets and resources;
•broader distribution and established relationships with distribution partners and end-customers;
•greater customer support resources;
•greater resources to make strategic acquisitions or enter into strategic partnerships;
•lower labor and development costs;
•newer or disruptive products or technologies;
•larger and more mature intellectual property portfolios; and
•substantially greater financial, technical, and other resources.
In addition, some of our larger competitors have substantially broader and more diverse product and services offerings, which may make them less susceptible to downturns in a particular market and allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products and subscriptions, including through selling at zero or negative margins, offering concessions, product bundling, or a closed technology offering. Many of our smaller competitors that specialize in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can.
Organizations that use legacy products and services may believe that these products and services are sufficient to meet their security needs or that our offerings only serve the needs of a portion of the enterprise security industry. Accordingly, these organizations may continue allocating their information technology budgets for legacy products and services and may not adopt our security offerings. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us, regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.
Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products and subscriptions. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered and adapt more quickly
- 19 -
to new technologies and end-customer needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.
These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.
A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability and adversely impact our financial results.
Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing attempts, employee theft or misuse, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions) and add to the risks to our internal networks, cloud-deployed enterprise and customer-facing environments and the information they store and process. The incidence of cybersecurity breaches have increased. Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks. We and our third-party service providers may face security threats and attacks from a variety of sources. Our data, corporate systems, third-party systems and security measures may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and, as a result, an unauthorized party may obtain access to our data. Furthermore, as a well-known provider of security solutions, we may be a more attractive target for such attacks. A breach in our data security or an attack against our service availability, or that of our third-party service providers, could impact our networks or networks secured by our products and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our products, and the information stored on our networks or those of our third-party service providers could be accessed, publicly disclosed, altered, lost, or stolen, which could subject us to liability and cause us financial harm. Although we have not yet experienced significant damages from unauthorized access by a third party of our internal network, any actual or perceived breach of network security in our systems or networks, or any other actual or perceived data security incident we or our third-party service providers suffer, could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. While we maintain cybersecurity insurance, our insurance may be insufficient to cover all liabilities incurred by these incidents, and any incidents may result in loss of, or increased costs of, our cybersecurity insurance. Any of these negative outcomes could adversely impact the market perception of our products and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results.
Reliance on shipments at the end of the quarter could cause our revenue for the applicable period to fall below expected levels.
As a result of end-customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks of each fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize (particularly for large enterprise end-customers with lengthy sales cycles), our logistics partners’ inability to ship products prior to fiscal quarter-end to fulfill purchase orders received near the end of a fiscal quarter (including due to the effects of COVID-19), our failure to manage inventory to meet demand, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements (including new compliance requirements imposed by new or renegotiated trade agreements), revenue could fall below our expectations and the estimates of analysts for that quarter, which could adversely impact our business and operating results and cause a decline in the market price of our common stock.
Seasonality may cause fluctuations in our revenue.
We believe there are significant seasonal factors that may cause our second and fourth fiscal quarters to record greater revenue sequentially than our first and third fiscal quarters. We believe that this seasonality results from a number of factors, including:
•end-customers with a December 31 fiscal year-end choosing to spend remaining unused portions of their discretionary budgets before their fiscal year-end, which potentially results in a positive impact on our revenue in our second fiscal quarter;
•our sales compensation plans, which are typically structured around annual quotas and commission rate accelerators, which potentially results in a positive impact on our revenue in our fourth fiscal quarter;
•seasonal reductions in business activity during August in the United States, Europe and certain other regions, which potentially results in a negative impact on our first fiscal quarter revenue; and
- 20 -
•the timing of end-customer budget planning at the beginning of the calendar year, which can result in a delay in spending at the beginning of the calendar year potentially resulting in a negative impact on our revenue in our third fiscal quarter.
As we continue to grow, seasonal or cyclical variations in our operations may become more pronounced, and our business, operating results and financial position may be adversely affected.
If we are unable to hire, integrate, train, retain, and motivate qualified personnel and senior management, our business could suffer.
Our future success depends, in part, on our ability to continue to hire, integrate, train, and retain qualified and highly skilled personnel. We are substantially dependent on the continued service of our existing engineering personnel because of the complexity of our offerings. Additionally, any failure to hire, integrate, train, and adequately incentivize our sales personnel or the inability of our recently hired sales personnel to effectively ramp to target productivity levels could negatively impact our growth and operating margins. Competition for highly skilled personnel, particularly in engineering, is often intense, especially in the San Francisco Bay Area, where we have a substantial presence and need for such personnel. Additionally, potential changes in U.S. immigration and work authorization laws and regulations, including in reaction to COVID-19, may make it difficult to renew or obtain visas for any highly skilled personnel that we have hired or are actively recruiting.
In addition, the industry in which we operate generally experiences high employee attrition. Although we have entered into employment offer letters with our key personnel, these agreements have no specific duration and constitute at-will employment. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our key employees, and any failure to have in place and execute an effective succession plan for key executives, could seriously harm our business. If we are unable to hire, integrate, train, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, and operating results could be harmed.
Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of senior management, the decrease in the effectiveness of such services due to working remotely from home, or the ineffective management of any leadership transitions, especially within our sales organization, could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and operating results.
Further, we believe that a critical contributor to our success and our ability to retain highly skilled personnel has been our corporate culture, which we believe fosters innovation, inclusion, teamwork, passion for end-customers, focus on execution, and the facilitation of critical knowledge transfer and knowledge sharing. As we grow and change, we may find it difficult to maintain these important aspects of our corporate culture. While we are taking steps to develop a more inclusive and diverse workforce, there is no guarantee that we will be able to do so. Any failure to preserve our culture as we grow could limit our ability to innovate and could negatively affect our ability to retain and recruit personnel, continue to perform at current levels or execute on our business strategy.
If we are not successful in executing our strategy to increase sales of our products, subscriptions and support offerings to new and existing medium and large enterprise end-customers, our operating results may suffer.
Our growth strategy is dependent, in part, upon increasing sales of our products, services, subscriptions and offerings to new and existing medium and large enterprise end-customers. Sales to these end-customers involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:
•competition from competitors, such as Cisco and Check Point, that traditionally target larger enterprises, service providers, and government entities and that may have pre-existing relationships or purchase commitments from those end-customers;
•increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements with us;
•more stringent requirements in our worldwide support contracts, including stricter support response times and penalties for any failure to meet support requirements; and
•longer sales cycles, particularly during the current economic slowdown and in some cases over 12 months, and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and subscriptions.
In addition, product purchases by large enterprises are frequently subject to budget constraints, multiple approvals, and unplanned administrative, processing, and other delays. Finally, large enterprises typically have longer implementation cycles, require greater product functionality and scalability and a broader range of services, demand that vendors take on a larger share of risks, sometimes require acceptance provisions that can lead to a delay in revenue recognition, and expect greater payment flexibility from vendors. All of these factors can add further risk to business conducted with these end-customers. If we fail to realize an expected sale from a large end-customer in a particular quarter or at all, our business, operating results, and financial condition could be materially and adversely affected.
- 21 -
We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales of these subscription and support offerings are not immediately reflected in full in our operating results.
Subscription and support revenue accounts for a significant portion of our revenue, comprising 73.7% of total revenue in fiscal 2021, 68.8% of total revenue in fiscal 2020, and 62.2% of total revenue in fiscal 2019. Sales of new or renewal subscription and support contracts may decline and fluctuate as a result of a number of factors, including end-customers’ level of satisfaction with our products and subscriptions (including newly integrated products and services), the prices of our products and subscriptions, the prices of products and services offered by our competitors, and reductions in our end-customers’ spending levels. If our sales of new or renewal subscription and support contracts decline, our total revenue and revenue growth rate may decline, and our business will suffer. In addition, we recognize subscription and support revenue over the term of the relevant service period, which is typically one to five years. As a result, much of the subscription and support revenue we report each fiscal quarter is the recognition of deferred revenue from subscription and support contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscription or support contracts in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter but will negatively affect our revenue in future fiscal quarters. Also, it is difficult for us to rapidly increase our subscription and support revenue through additional subscription and support sales in any period, as revenue from new and renewal subscription and support contracts must be recognized over the applicable service period.
Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.
Because our products and subscriptions are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end-customers. For example, from time to time, certain of our end-customers have reported defects in our products related to performance, scalability, and compatibility. Additionally, defects may cause our products or subscriptions to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end-customers’ networks. Furthermore, as a well-known provider of security solutions, our networks, products, including cloud-based technology, and subscriptions could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, defects or errors in our subscription updates or our products could result in a failure of our subscriptions to effectively update end-customers’ hardware and cloud-based products. Our data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats. Moreover, our products must interoperate with our end-customers’ existing infrastructure, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems.
The occurrence of any such problem in our products and subscriptions, whether real or perceived, could result in:
•expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors or defects or to address and eliminate vulnerabilities;
•loss of existing or potential end-customers or channel partners;
•delayed or lost revenue;
•delay or failure to attain market acceptance;
•an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and
•litigation, regulatory inquiries, or investigations, each of which may be costly and harm our reputation.
Further, our products and subscriptions may be misused by end-customers or third parties that obtain access to our products and subscriptions. For example, our products and subscriptions could be used to censor private access to certain information on the Internet. Such use of our products and subscriptions for censorship could result in negative press coverage and negatively affect our reputation.
The limitation of liability provisions in our standard terms and conditions of sale may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our products and subscriptions also entails the risk of product liability claims. Although we may be indemnified by our third-party manufacturers for product liability claims arising out of manufacturing defects, because we control the design of our products and subscriptions, we may not be indemnified for product liability claims arising out of design defects. We
- 22 -
maintain insurance to protect against certain claims associated with the use of our products and subscriptions, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation.
False detection of applications, viruses, spyware, vulnerability exploits, data patterns, or URL categories could adversely affect our business.
Our classifications of application type, virus, spyware, vulnerability exploits, data, or URL categories may falsely detect, report and act on applications, content, or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products and subscriptions, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These false positives may impair the perceived reliability of our products and subscriptions and may therefore adversely impact market acceptance of our products and subscriptions. If our products and subscriptions restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, increased costs to remedy any problem, and costly litigation.
We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited, and our operating results will be harmed.
Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers. We provide our channel partners with specific training and programs to assist them in selling our products, including subscriptions and support offerings, but there can be no assurance that these steps will be utilized or effective. In addition, our channel partners may be unsuccessful in marketing, selling, and supporting our products and subscriptions. We may not be able to incentivize these channel partners to sell our products and subscriptions to end-customers and, in particular, to large enterprises. These channel partners may also have incentives to promote our competitors’ products and may devote more resources to the marketing, sales, and support of competitive products. Our channel partners operations may also be negatively impacted by other effects COVID-19 is having on the global economy, such as increased credit risk of end-customers and the uncertain credit markets. Our agreements with our channel partners may generally be terminated for any reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. In addition, any new channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies. If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed.
If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.
The enterprise security industry has grown quickly and is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. We must continually change our products and expand our business strategy in response to changes in network infrastructure requirements, including the expanding use of cloud computing. For example, organizations are moving portions of their data to be managed by third parties, primarily infrastructure, platform and application service providers, and may rely on such providers’ internal security measures. In 2019, we announced our new cloud security offerings for securing access to the cloud (Prisma), and our security offerings for securing the future of security operations (Cortex). While we have historically been successful in developing, acquiring, and marketing new products and product enhancements that respond to technological change and evolving industry standards, we may not be able to continue to do so, and there can be no assurance that our new or future offerings will be successful or will achieve widespread market acceptance. If we fail to accurately predict end-customers’ changing needs and emerging technological trends in the enterprise security industry, including in the areas of mobility, virtualization, cloud computing, and software defined networks (“SDN”), our business could be harmed. In addition, COVID-19 and the resulting increase in customer demand for work-from-home technologies and other technologies have caused us to reprioritize our engineering and R&D efforts and there can be no assurance that any product enhancements or new features will be successful or address our end-customer needs.
The technology in our portfolio is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new features and related enhancements may require us to develop new hardware architectures that involve complex, expensive, and time-consuming research and development processes. The development of our portfolio is difficult and the timetable for commercial release and availability is uncertain as there can be long time periods between releases and availability of new features. If we experience
- 23 -
unanticipated delays in the availability of new products, features and subscriptions, and fail to meet customer expectations for such availability, our competitive position and business prospects will be harmed.
Additionally, we must commit significant resources to developing new features and new cloud security, AI/analytics and other offerings before knowing whether our investments will result in products, subscriptions, and features the market will accept. The success of new features depends on several factors, including appropriate new product definition, differentiation of new products, subscriptions, and features from those of our competitors, and market acceptance of these products, services and features. Moreover, successful new product introduction and transition depends on a number of factors, including our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, the effective management of purchase commitments and inventory, the availability of products in appropriate quantities and costs to meet anticipated demand, and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction. There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner, or achieve market acceptance of our products and subscriptions, including our product enhancement efforts in connection with COVID-19, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, or technologies obsolete or noncompetitive.
Our current research and development efforts may not produce successful products, subscriptions, or features that result in significant revenue, cost savings or other benefits in the near future, if at all.
Developing our products, subscriptions, features, and related enhancements is expensive. Our investments in research and development may not result in significant design improvements, marketable products, subscriptions, or features, or may result in products, subscriptions, or features that are more expensive than anticipated. Additionally, we may not achieve the cost savings or the anticipated performance improvements we expect, and we may take longer to generate revenue, or generate less revenue, than we anticipate. Our future plans include significant investments in research and development and related product and subscription opportunities. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we may not receive significant revenue from these investments in the near future, if at all, or these investments may not yield the expected benefits, either of which could adversely affect our business and operating results.
We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions and may dilute stockholder value.
As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. In addition, we may be subject to claims or liabilities assumed from an acquired company, product, or technology; acquisitions we complete could be viewed negatively by our end-customers, investors, and securities analysts; and we may incur costs and expenses necessary to address an acquired company’s failure to comply with laws and governmental rules and regulations. Additionally, we may be subject to litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders, or other third parties, which may differ from or be more significant than the risks our business faces.
If we are unsuccessful at integrating past or future acquisitions in a timely manner, or the technologies and operations associated with such acquisitions, into our company, our revenue and operating results could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully or in a timely manner. We may not successfully evaluate or utilize the acquired technology or personnel, realize anticipated synergies from the acquisition, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges and any potential impairment of goodwill and intangible assets recognized in connection with such acquisitions.
Our completed or future acquisitions may not ultimately strengthen our competitive position or achieve our goals and business strategy. We may find that the acquired businesses, products, or technologies do not further our business strategy as we expected. Our acquisitions may be viewed negatively by our customers, financial markets, or investors. We may experience difficulty integrating the operations and personnel of the acquired business, and we may have difficulty retaining the key personnel of the acquired business. We may have difficulty integrating the acquired technologies or products with our existing product lines and we may have difficulty maintaining uniform standards, controls, procedures, and policies across diverse or expanding geographic locations.
We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, each of which could adversely affect our financial condition or the market price of our common stock. Furthermore, the sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our stockholders. See the risk factors entitled “Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.” and “The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the
- 24 -
related Warrants, or otherwise will dilute all other stockholders.” The occurrence of any of these risks could harm our business, operating results, and financial condition.
Risks Related to our Supply Chain
Because we depend on manufacturing partners to build and ship our products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.
We depend on manufacturing partners, primarily our EMS provider, Flex, as our sole source manufacturers for our product lines. Our reliance on these manufacturing partners reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing and transportation risk. Our products are manufactured by our manufacturing partners at facilities located in the United States. Some of the components in our products are sourced either through Flex or directly by us from component suppliers outside the United States. The portion of our products that are sourced outside the United States may subject us to additional logistical risks (which may increase due to the global impact of COVID-19) or risks associated with complying with local rules and regulations in foreign countries. Significant changes to existing international trade agreements could lead to sourcing or logistics disruption resulting from import delays or the imposition of increased tariffs on our sourcing partners. For example, the United States and Chinese governments have each enacted, and discussed additional, import tariffs. These tariffs, depending on their ultimate scope and how they are implemented, could negatively impact our business by increasing our costs. For example, some components that we import for final manufacturing in the United States have been impacted by these recent tariffs. As a result, our costs have increased and we have raised, and may be required to further raise, prices on our hardware products. Each of these factors could severely impair our ability to fulfill orders.
In addition, we are subject to requirements under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”) to diligence, disclose, and report whether or not our products contain minerals originating from the Democratic Republic of the Congo and adjoining countries, or conflict minerals. Although the SEC has provided guidance with respect to a portion of the conflict minerals filing requirements that may somewhat reduce our reporting practices, we have incurred and expect to incur additional costs to comply with these disclosure requirements, including costs related to determining the source of any of the relevant minerals and metals used in our products. These requirements could adversely affect the sourcing, availability, and pricing of minerals used in the manufacture of semiconductor devices or other components used in our products. We may also encounter end-customers who require that all of the components of our products be certified as conflict free. If we are not able to meet this requirement, such end-customers may choose not to purchase our products.
Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders. We do not have long-term contracts with these manufacturers that guarantee capacity, the continuation of particular pricing terms, or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements and the prices we pay for manufacturing services could be increased on short notice. Our contract with Flex permits them to terminate the agreement for their convenience, subject to prior notice requirements. If we are required to change manufacturing partners, our ability to meet our scheduled product deliveries to our end-customers could be adversely affected, which could cause the loss of sales to existing or potential end-customers, delayed revenue or an increase in our costs which could adversely affect our gross margins. COVID-19 and the global semiconductor shortage have in certain cases caused delays and challenges in obtaining components and inventory, as well as increases to freight and shipping costs, and may result in a material adverse effect on our results of operations. Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic such as COVID-19, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results.
Managing the supply of our products and product components is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Our manufacturing partners procure components and build our products based on our forecasts, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and product management organizations, adjusted for overall market conditions. COVID-19 has made forecasting more difficult and we may experience increased challenges to our supply chain due to the unpredictability of the impacts of COVID-19. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and non-returnable.
Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our products and product components. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. If our actual component usage and product demand are lower than the forecast we provide to our manufacturing partners, we accrue for losses on manufacturing commitments in excess of forecasted demand. Alternatively, insufficient supply levels, including due to the recent global shortage of semiconductors, may lead to shortages that result in delayed product revenue or loss of sales opportunities
- 25 -
altogether as potential end-customers turn to competitors’ products that are readily available. If we are unable to effectively manage our supply and inventory, our operating results could be adversely affected.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to our end-customers and may result in the loss of sales and end-customers.
Our products rely on key components, including integrated circuit components, which our manufacturing partners purchase on our behalf from a limited number of component suppliers, including sole source providers. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, a power outage, or health risks, such as epidemics and pandemics like COVID-19, and as a result have impaired, and could impair in the future, the volume of components that we are able to obtain. Lead times for components have also been adversely impacted by factors outside of our control, including COVID-19 and the recent global shortage of semiconductors. For example, we have experienced, and could continue to experience, increased difficulties in obtaining a sufficient amount of materials in the semiconductor market, which could reduce our flexibility to react to product mix changes and unforecasted orders.
Further, we do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our products could be delayed or halted, or we could be forced to expedite shipment of such components or our products at dramatically increased costs. Our component suppliers also change their selling prices frequently in response to market trends, including industry-wide increases in demand, and because we do not have volume purchase contracts with these component suppliers, we are susceptible to price fluctuations related to raw materials and components and may not be able to adjust our prices accordingly. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or sales opportunities.
If we are unable to obtain a sufficient volume of the necessary components for our products on commercially reasonable terms or the quality of the components do not meet our requirements, we could also be forced to redesign our products and qualify new components from alternate component suppliers. The resulting stoppage or delay in selling our products and the expense of redesigning our products could result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results.
Risks Related to Sales of our Products, Subscriptions and Support Offerings
The sales prices of our products, subscriptions and support offerings may decrease, which may reduce our gross profits and adversely impact our financial results.
The sales prices for our products, subscriptions and support offerings may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products, subscriptions and support offerings, anticipation of the introduction of new products, subscriptions or support offerings, or promotional programs or pricing pressures as a result of the economic downturn resulting from COVID-19. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions. Additionally, although we price our products, subscriptions and support offerings worldwide in U.S. dollars, currency fluctuations in certain countries and regions may negatively impact actual prices that channel partners and end-customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products could decrease over product life cycles. We cannot guarantee that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our products, subscriptions and support offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability.
We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
We have a limited history of marketing, selling, and supporting our products, subscriptions and support offerings internationally. We may experience difficulties in recruiting, training, managing, and retaining an international staff, and specifically staff related to sales management and sales personnel. We also may not be able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships. Business practices in the international markets that we serve may differ from those in the United States and may require us in the future to include terms other than our standard terms related to payment, warranties, or performance obligations in end-customer contracts.
Additionally, our international sales and operations are subject to a number of risks, including the following:
•political, economic and social uncertainty around the world, health risks such as epidemics and pandemics like COVID-19, macroeconomic challenges in Europe, terrorist activities, and continued hostilities in the Middle East;
•greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;
- 26 -
•the uncertainty of protection for intellectual property rights in some countries;
•greater risk of unexpected changes in foreign and domestic regulatory practices, tariffs, and tax laws and treaties, including regulatory and trade policy changes adopted by the current administration or foreign countries in response to regulatory changes adopted by the current administration;
•risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;
•greater risk of a failure of foreign employees, channel partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices, which non-compliance could include increased costs;
•heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements;
•increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
•management communication and integration problems resulting from cultural and geographic dispersion; and
•fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business and related impact on sales cycles.
These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks effectively could limit the future growth of our business.
Further, we are subject to risks associated with changes in economic and political conditions in countries in which we operate or sell our products and subscriptions. For instance, Brexit creates an uncertain political and economic environment in the United Kingdom (“U.K.”) and across European Union (“E.U.”) member states for the foreseeable future. On January 31, 2020 the U.K. left the E.U. The rules governing the new relationship between the E.U. and the U.K. were set out in the E.U.-U.K. Trade and Cooperation Agreement (i.e., the Brexit deal) and came into force on January 1, 2021. At this time, we cannot predict the impact that the Brexit deal and any future agreements will have on our business. Our financial condition and operating results may be impacted by such uncertainty with potential disruptions to our relationships with existing and future customers, suppliers and employees all possibly having a material adverse impact on our business, prospects, financial condition and/or operating results.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and operating results.
Our sales contracts are primarily denominated in U.S. dollars, and therefore, substantially all of our revenue is not subject to foreign currency risk. However, there has been, and may continue to be, significant volatility in global stock markets and foreign currency exchange rates that result in the strengthening of the U.S. dollar against foreign currencies in which we conduct business. The strengthening of the U.S. dollar increases the real cost of our products to our end-customers outside of the United States and may lead to delays in the purchase of our products, subscriptions, and support, and the lengthening of our sales cycle. If the U.S. dollar continues to strengthen, this could adversely affect our financial condition and operating results. In addition, increased international sales in the future, including through our channel partners and other partnerships, may result in greater foreign currency denominated sales, increasing our foreign currency risk.
Our operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected. We have entered into forward contracts in an effort to reduce our foreign currency exchange exposure related to our foreign currency denominated expenditures. As of July 31, 2021, the total notional amount of our outstanding foreign currency forward contracts was $531.9 million. For more information on our hedging transactions, refer to Note 6. Derivative Instruments in Part II, Item 8 of this Annual Report on Form 10-K. The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results.
We are exposed to the credit and liquidity risk of some of our channel partners and end-customers, and to credit exposure in weakened markets, which could result in material losses.
Most of our sales are made on an open credit basis. Beyond our open credit arrangements, we have also experienced demands for customer financing due to COVID-19 and our competitors’ offerings. The majority of these demands are currently facilitated by leasing and other financing arrangements provided by our distributors and resellers. To respond to this demand, our customer
- 27 -
financing activities may increase in the future. We also provide financings to certain end-customers. We monitor customer payment capability in granting such financing arrangements, seek to limit such open credit to amounts we believe the end-customers can pay and maintain reserves we believe are adequate to cover exposure for doubtful accounts to mitigate credit risks of these end-customers. However, there can be no assurance that these programs will be effective in reducing our credit risks.
We believe customer financing is a competitive factor in obtaining business. The loan financing arrangements provided by our distributors and resellers may include not only financing the acquisition of our products and services but also providing additional funds for other costs associated with network installation and integration of our products and services.
Our exposure to the credit risks relating to the financing activities described above may increase if our customers are adversely affected by a global economic downturn or periods of economic uncertainty. Although we have programs in place with our distributors and resellers that are designed to monitor and mitigate these risks, we cannot guarantee these programs will be effective in reducing the credit risks, especially as we expand our business internationally. If we are unable to adequately control these risks, our business, operating results, and financial condition could be harmed.
In the past, we have experienced non-material losses due to bankruptcies among customers. If these losses increase due to COVID-19 or global economic conditions, they could harm our business and financial condition. A material portion of our sales is derived through our distributors.
For fiscal 2021, three distributors individually represented 10% or more of our total revenue, and in the aggregate represented 56.0% of our total revenue. As of July 31, 2021, four distributors individually represented 10% or more of our gross accounts receivable, and in the aggregate represented 56.6% of our gross accounts receivable.
Additionally, to the degree that turmoil in the credit markets makes it more difficult for some customers to obtain financing, those customers’ ability to pay could be adversely impacted, which in turn could have a material adverse impact on our business, operating results, and financial condition.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. The substantial majority of our sales to date to government entities have been made indirectly through our channel partners. Government certification requirements for products and subscriptions like ours may change, thereby restricting our ability to sell into the federal government sector until we have attained the revised certification. If our products and subscriptions are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products, subscriptions and support offerings to such governmental entity, or be at a competitive disadvantage, which would harm our business, operating results, and financial condition. Government demand and payment for our products, subscriptions and support offerings may be impacted by government shutdowns, public sector budgetary cycles, contracting requirements, and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products, subscriptions and support offerings. Government entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future operating results. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products, subscriptions and support offerings, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our operating results in a material way. Additionally, the U.S. government may require certain of the products that it purchases to be manufactured in the United States and other relatively high cost manufacturing locations, and we may not manufacture all products in locations that meet such requirements, affecting our ability to sell these products, subscriptions and support offerings to the U.S. government.
Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.
After our products and subscriptions are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners, to resolve any issues relating to our products. Our channel partners often provide similar technical support for third parties’ products and may therefore have fewer resources to dedicate to the support of our products and subscriptions. If we or our channel partners do not effectively assist our end-customers in deploying our products and subscriptions, succeed in helping our end-customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products and subscriptions to existing end-customers would be adversely affected and our reputation with potential end-customers could be damaged. While we have been able to meet increased demand for support services in fiscal 2021, failure to do so in the future could have a material adverse effect on our business.
Many larger enterprise, service provider, and government entity end-customers have more complex networks and require higher levels of support than smaller end-customers. If we or our channel partners fail to meet the requirements of these larger end-customers,
- 28 -
it may be more difficult to execute on our strategy to increase our coverage with larger end-customers. Additionally, if our channel partners do not effectively provide support to the satisfaction of our end-customers, we may be required to provide direct support to such end-customers, which would require us to hire additional personnel and to invest in additional resources. It can take several months to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with unexpected demand, particularly if the sales of our products exceed our internal forecasts. As a result, our ability, and the ability of our channel partners to provide adequate and timely support to our end-customers will be negatively impacted, and our end-customers’ satisfaction with our products and subscriptions will be adversely affected. Additionally, to the extent that we may need to rely on our sales engineers to provide post-sales support while we are ramping our support resources, our sales productivity will be negatively impacted, which would harm our revenues. Our failure or our channel partners’ failure to provide and maintain high-quality support services could have a material adverse effect on our business, financial condition, and operating results.
Risks Related to Intellectual Property and Technology Licensing
Claims by others that we infringe their proprietary technology or other rights could harm our business.
Companies in the enterprise security industry own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. Third parties are currently asserting, have asserted and may in the future assert claims of infringement of intellectual property rights against us. For example, in December 2011, Juniper, one of our competitors, filed a lawsuit against us alleging patent infringement. In September 2013, we filed a lawsuit against Juniper alleging patent infringement. In May 2014, we entered into a Settlement, Release and Cross-License Agreement with Juniper to resolve all pending disputes between Juniper and us, including dismissal of all pending litigation.
Third parties may also assert such claims against our end-customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products and subscriptions infringe the intellectual property rights of third parties. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product. Furthermore, we may be unaware of the intellectual property rights of others that may cover some or all of our technology or products and subscriptions. As the number of products and competitors in our market increases and overlaps occur, infringement claims may increase. While we intend to increase the size of our patent portfolio, our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, litigation has involved and will likely continue to involve patent holding companies or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection. In addition, we have not registered our trademarks in all of our geographic markets and failure to secure those registrations could adversely affect our ability to enforce and defend our trademark rights. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim, could distract our management from our business, and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. A successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages, royalties, or other fees. Any of these events could seriously harm our business, financial condition, and operating results.
Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.
We rely and expect to continue to rely on a combination of confidentiality and license agreements with our employees, consultants, and third parties with whom we have relationships, as well as trademark, copyright, patent, and trade secret protection laws, to protect our proprietary rights. We have filed various applications for certain aspects of our intellectual property. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products and subscriptions. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection, which could prevent our patent applications from issuing as patents or invalidate our patents following issuance. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Additional uncertainty may result from changes to patent-related laws and court rulings in the United States and other jurisdictions. As a result, we may not be able to obtain adequate patent protection or effectively enforce any issued patents.
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or subscriptions or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors, and end-customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had
- 29 -
access to our confidential information or that the agreements we have entered into will not be breached. We cannot guarantee that any of the measures we have taken will prevent misappropriation of our technology. Because we may be an attractive target for computer hackers, we may have a greater risk of unauthorized access to, and misappropriation of, our proprietary information. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, we may need to take legal action to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results, and financial condition. Attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort required to create the innovative products that have enabled us to be successful to date. Any of these events would have a material adverse effect on our business, financial condition, and operating results.
Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.
Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. Some open source licenses contain requirements that we make available applicable source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products or subscriptions with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions. From time to time, there have been claims against companies that distribute or use open source software in their products and subscriptions, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results, and financial condition.
In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our products and subscriptions will be effective.
We license technology from third parties, and our inability to maintain those licenses could harm our business.
We incorporate technology that we license from third parties, including software, into our products and subscriptions. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products and subscriptions. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them. We may also be subject to additional fees or be required to obtain new licenses if any of our licensors allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, and such licenses may not be available on terms acceptable to us or at all. If we are unable to continue to license any of this technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or claims against us by our licensors, or if we are unable to continue our license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell products and subscriptions containing such technology would be severely limited, and our business could be harmed. Additionally, if we are unable to license necessary technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and subscriptions and increase our costs of production. As a result, our margins, market share, and operating results could be significantly harmed.
- 30 -
Risks Related to Privacy and Data Protection
Our failure to adequately protect personal information could have a material adverse effect on our business.
A wide variety of provincial, state, national, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and being tested in courts and may result in ever-increasing regulatory and public scrutiny, as well as escalating levels of enforcement and sanctions. Further, the interpretation and application of foreign laws and regulations in many cases is uncertain, and our legal and regulatory obligations in foreign jurisdictions are subject to frequent and unexpected changes, including the potential for various regulatory or other governmental bodies to enact new or additional laws or regulations, to issue rulings that invalidate prior laws or regulations, or to increase penalties significantly.
For example, the E.U. General Data Protection Regulation (“E.U. GDPR”), which became effective in May 2018, imposes more stringent data protection requirements, provides for greater penalties for noncompliance than E.U. laws that previously applied (up to the greater of €20 million or 4% of the total worldwide annual turnover), and confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies and obtain compensation for damages resulting from violations of the E.U. GDPR. The E.U. GDPR requires, among other things, that personal data only be transferred outside of the E.U. to the United States and other jurisdictions that the European Commission has not yet recognized as having “adequate” data protection laws (a “third country”), unless a data transfer mechanism under the E.U. GDPR has been put in place. Historically, we have relied on the E.U.-U.S. and Swiss-U.S. Privacy Shield programs, and the use of model contractual clauses approved by the E.U. Commission, to legitimize these transfers (also referred to as standard contractual clauses or SCCs). In July 2020, the Court of Justice of the European Union in its “Schrems II” decision invalidated the E.U.-U.S. Privacy Shield for purposes of transfers to the U.S. and imposed a requirement for companies to carry out an assessment of the laws and practices governing access to personal data in the third country to ensure an essentially equivalent level of data protection to that afforded in the E.U. We are dealing with the recent “Schrems II” decision by the Court of Justice of the European Union and its impact on our data transfer mechanisms. The effects of this decision are highly uncertain and difficult to predict. Among other effects, we may experience additional costs associated with increased compliance burdens, putting in place any additional data transfer mechanisms to ensure compliance with the E.U. GDPR and the “Schrems II” decision and new contract negotiations with third parties that aid in processing data on our behalf. We may experience reluctance or refusal by current or prospective European customers to use our products, and we may find it necessary or desirable to make further changes to our handling of personal data of residents of the European Economic Area (“EEA”). The regulatory environment applicable to the handling of EEA residents’ personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results and financial condition being harmed. Additionally, we and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, operating results, and financial condition.
Following the withdrawal of the U.K. from the E.U. (i.e., Brexit), and the expiry of the Brexit transition period, which ended on December 31, 2020, the E.U. GDPR has been implemented in the U.K. (as the “U.K. GDPR”). The U.K. GDPR sits alongside the U.K. Data Protection Act 2018, which implements certain derogations in the E.U. GDPR into English law. The requirements of the U.K. GDPR, which are (at this time) largely aligned with those under the E.U. GDPR, may lead to similar compliance and operational costs with potential fines of up to £17.5 million or 4% of total worldwide annual turnover.
In the United States, companies that do business in California are subject to the California Consumer Privacy Act (“CCPA”), which requires, among other things, covered companies to provide new disclosures to California consumers, afford such consumers certain rights regarding their personal information, and also affords a private right of action to individuals affected by a data breach, if the breach was caused by a lack of reasonable security. The enforcement of the CCPA by the California Attorney General commenced on July 1, 2020. The CCPA has been amended on multiple occasions and the California Attorney General has issued initial and revised regulations that also govern the CCPA, which could be subject to additional modifications. It remains unclear what, if any, additional modifications will be made to this legislation or how it will be interpreted and enforced. The effects of the CCPA potentially are significant, however, and may require us to modify our data processing practices and policies and to incur substantial costs and expenses for compliance. Moreover, additional state-based privacy laws have been passed and will require potentially substantial efforts to obtain compliance. This includes the California Privacy Rights Act (“CPRA”) which was approved by California voters, and significantly modifies the CCPA.
We may also from time to time be subject to, or face assertions that we are subject to, additional obligations relating to personal data by contract or due to assertions that self-regulatory obligations or industry standards apply to our practices. Additionally, the Federal Trade Commission and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Further, we may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored within that country. Each of these privacy, security, and data protection laws and regulations, and any other such changes or new laws or regulations, could impose significant limitations,
- 31 -
or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct.
Our actual or perceived failure to comply with applicable laws and regulations or other obligations to which we are now or which we may be subject relating to personal data, or to protect personal data from unauthorized acquisition, use or other processing, could result in consequences such as enforcement actions and regulatory investigations against us, fines, public censure, claims for damages by end-customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing end-customers and prospective end-customers), any of which could have a material adverse effect on our operations, financial performance, and business. Evolving and changing definitions of personal data and personal information, within the E.U., the United States, and elsewhere, especially relating to classification of Internet Protocol (“IP”) addresses, machine identification, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of data, and may require significant expenditures and efforts in order to comply. Even the perception of privacy, data protection or information security concerns, whether or not valid, may harm our reputation and inhibit adoption of our products and subscriptions by current and future end-customers.
Risks Related to Operations Outside the United States
We face risks associated with having operations and employees located in Israel.
As a result of various of our acquisitions, including Secdo, PureSec and Twistlock, we have offices and employees located in Israel. Accordingly, political, economic, and military conditions in Israel directly affect our operations. The future of peace efforts between Israel and its Arab neighbors remains uncertain. There has been a significant increase in hostilities and political unrest between Hamas and Israel recently. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.
In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception. If we were to fail to comply with U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.
In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and operating results.
Tax, Accounting, Compliance and Regulatory Risks
We have a corporate structure aligned with the international nature of our business activities, and if we do not achieve increased tax benefits as a result of our corporate structure, our financial condition and operating results could be adversely affected.
We have reorganized our corporate structure and intercompany relationships to more closely align with the international nature of our business activities. This corporate structure may allow us to reduce our overall effective tax rate through changes in how we use
- 32 -
our intellectual property, international procurement, and sales operations. This corporate structure may also allow us to obtain financial and operational efficiencies. These efforts require us to incur expenses in the near term for which we may not realize related benefits. If the structure is not accepted by the applicable tax authorities, if there are any changes in, or interpretations of, domestic and international tax laws that negatively impact the structure, or if we do not operate our business consistent with the structure and applicable tax provisions, we may fail to achieve the reduction in our overall effective tax rate and the other financial and operational efficiencies that we anticipate as a result of the structure and our future financial condition and operating results may be negatively impacted. In addition, we continue to evaluate our corporate structure in light of current and pending tax legislation, and any changes to our corporate structure may require us to incur additional expenses and may impact our overall effective tax rate.
We may have exposure to greater than anticipated tax liabilities.
Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and operating results. It is possible that tax authorities may disagree with certain positions we have taken, and any adverse outcome of such a review or audit could have a negative effect on our financial position and operating results. Further, the determination of our worldwide provision for or benefit from income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.
In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws in the United States or in other jurisdictions in which we operate.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. For more information, refer to the section entitled “Critical Accounting Estimates” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this Annual Report on Form 10-K. In general, if our estimates, judgments or assumptions relating to our critical accounting policies change or if actual circumstances differ from our estimates, judgments or assumptions, including uncertainty in the current economic environment due to COVID-19, our operating results may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.
Failure to comply with governmental laws and regulations could harm our business.
Our business is subject to regulation by various federal, state, local, and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, privacy and data-protection laws, anti-bribery laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act), import/export controls, federal securities laws, and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation resulting from any alleged noncompliance, our business, operating results, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions, litigation, and sanctions could harm our business, operating results, and financial condition.
If we fail to comply with environmental requirements, our business, financial condition, operating results, and reputation could be adversely affected.
We are subject to various environmental laws and regulations including laws governing the hazardous material content of our products and laws relating to the collection of and recycling of electrical and electronic equipment. Examples of these laws and regulations include the E.U. Restriction on the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Directive (“RoHS”) and the E.U. Waste Electrical and Electronic Equipment Directive (“WEEE Directive”), as well as the implementing
- 33 -
legislation of the E.U. member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway, and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
The E.U. RoHS and the similar laws of other jurisdictions limit the content of certain hazardous materials such as lead, mercury, and cadmium in the manufacture of electrical equipment, including our products. Our current products comply with the E.U. RoHS requirements. However, if there are changes to this or other laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products to use components compatible with these regulations. This reengineering and component substitution could result in additional costs to us or disrupt our operations or logistics.
The WEEE Directive requires electronic goods producers to be responsible for the collection, recycling, and treatment of such products. Changes in interpretation of the directive may cause us to incur costs or have additional regulatory requirements to meet in the future in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
We are also subject to environmental laws and regulations governing the management of hazardous materials, which we use in small quantities in our engineering labs. Our failure to comply with past, present, and future similar laws could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business and financial condition. We also expect that our products will be affected by new environmental laws and regulations on an ongoing basis. To date, our expenditures for environmental compliance have not had a material impact on our operating results or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, operating results, and financial condition.
Risks Related to Our Notes
We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.
In July 2018 we issued our 2023 Notes (the “2023 Notes”) and in June 2020 we issued our 2025 Notes (the “2025 Notes,” together with the “2023 Notes,” the “Notes”). We will need to make cash payments (1) if holders of our Notes require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change (e.g., a change of control of Palo Alto Networks, Inc.) before the maturity date, (2) upon conversion of our Notes, (3) to repay our Notes in cash at their maturity, unless earlier converted or repurchased. However, we may not have enough available cash or be able to obtain financing at the time we are required to make payments.
In addition, our ability to repurchase or to pay cash upon conversion of our Notes may be limited by law, regulatory authority or agreements governing our future indebtedness. Our failure to repurchase our Notes at a time when the repurchase is required by the applicable indenture governing such Notes or to pay cash upon conversion of such Notes as required by the applicable indenture would constitute a default under the indenture. A default under the applicable indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our Notes or to pay cash upon conversion of our Notes.
We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.
We and our subsidiaries may be able to incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, some of which may be secured debt. We are not restricted under the terms of the indenture governing our Notes from incurring additional debt, securing existing or future debt, recapitalizing our debt or taking a number of other actions that are not limited by the terms of such indenture governing our Notes that could have the effect of diminishing our ability to make payments on our Notes when due. While the terms of any future indebtedness we may incur could restrict our ability to incur additional indebtedness, any such restrictions will indirectly benefit holders of our Notes only to the extent any such indebtedness or credit facility is not repaid or does not mature while our Notes are outstanding.
Risks Related to Our Common Stock
Our actual operating results may differ significantly from our guidance.
From time to time, we have released, and may continue to release, guidance in our quarterly earnings releases, quarterly earnings conference calls, or otherwise, regarding our future performance that represents our management’s estimates as of the date of release. This guidance, which includes forward-looking statements, has been and will be based on projections prepared by our management. These projections are not prepared with a view toward compliance with published guidelines of the American Institute of Certified Public Accountants, and neither our registered public accountants nor any other independent expert or outside party
- 34 -
compiles or examines the projections. Accordingly, no such person expresses any opinion or any other form of assurance with respect to the projections.
Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic, and competitive uncertainties and contingencies, many of which are beyond our control, such as COVID-19, and are based upon specific assumptions with respect to future business decisions, some of which will change. The rapidly evolving market in which we operate may make it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We intend to state possible outcomes as high and low ranges which are intended to provide a sensitivity analysis as variables are changed. However, actual results will vary from our guidance and the variations may be material. The principal reason that we release guidance is to provide a basis for our management to discuss our business outlook as of the date of release with analysts and investors. We do not accept any responsibility for any projections or reports published by any such persons. Investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.
Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this Annual Report on Form 10-K could result in our actual operating results being different from our guidance, and the differences may be adverse and material.
The market price of our common stock historically has been volatile and the value of your investment could decline.
The market price of our common stock has been volatile since our initial public offering (“IPO”) in July 2012. The reported high and low sales prices of our common stock during the last 12 months have ranged from $406.92 to $219.34 per share, as measured through August 23, 2021. The market price of our common stock may fluctuate widely in response to various factors, some of which are beyond our control. These factors include:
•announcements of new products, subscriptions or technologies, commercial relationships, strategic partnerships, acquisitions, or other events by us or our competitors;
•price and volume fluctuations in the overall stock market from time to time;
•news announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks;
•significant volatility in the market price and trading volume of technology companies in general and of companies in our industry;
•fluctuations in the trading volume of our shares or the size of our public float;
•actual or anticipated changes in our operating results or fluctuations in our operating results;
•whether our operating results meet the expectations of securities analysts or investors;
•actual or anticipated changes in the expectations of securities analysts or investors, whether as a result of our forward- looking statements, our failure to meet such expectations or otherwise;
•inaccurate or unfavorable research reports about our business and industry published by securities analysts or reduced coverage of our company by securities analysts;
•litigation involving us, our industry, or both;
•actions instituted by activist shareholders or others;
•regulatory developments in the United States, foreign countries or both;
•major catastrophic events, such as COVID-19;
•sales or repurchases of large blocks of our common stock or substantial future sales by our directors, executive officers, employees and significant stockholders;
•sales of our common stock by investors who view our Notes as a more attractive means of equity participation in us;
•hedging or arbitrage trading activity involving our common stock as a result of the existence of our Notes;
•departures of key personnel; or
•economic uncertainty around the world.
The market price of our common stock could decline for reasons unrelated to our business, operating results, or financial condition and as a result of events that do not directly affect us. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Securities litigation could result in
- 35 -
substantial costs and divert our management’s attention and resources from our business. This could have a material adverse effect on our business, operating results, and financial condition.
The convertible note hedge and warrant transactions may affect the value of our common stock.
In connection with the sale of our 2023 Notes and 2025 Notes, we entered into convertible note hedge transactions (the “Note Hedges”) with certain counterparties. In connection with each such sale of the Notes, we also entered into warrant transactions with the counterparties pursuant to which we sold warrants (the “Warrants”) for the purchase of our common stock. The Note Hedges for our 2023 Notes and 2025 Notes are expected generally to reduce the potential dilution to our common stock upon any conversion of our Notes and/or offset any cash payments we are required to make in excess of the principal amount of any such converted Notes. The Warrants could separately have a dilutive effect to the extent that the market price per share of our common stock exceeds the applicable strike price of the Warrants unless, subject to certain conditions, we elect to cash settle such Warrants.
The applicable counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the outstanding Notes (and are likely to do so during any applicable observation period related to a conversion of our Notes). This activity could also cause or avoid an increase or a decrease in the market price of our common stock or our Notes, which could affect a note holder’s ability to convert its Notes and, to the extent the activity occurs during any observation period related to a conversion of our Notes, it could affect the amount and value of the consideration that the note holder will receive upon conversion of our Notes.
We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of our Notes or our common stock. In addition, we do not make any representation that the counterparties or their respective affiliates will engage in these transactions or that these transactions, once commenced, will not be discontinued without notice.
The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute all other stockholders.
Our amended and restated certificate of incorporation authorizes us to issue up to 1.0 billion shares of common stock and up to 100.0 million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our Notes, the settlement of our Warrants related to each such series of the Notes, or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
We cannot guarantee that our share repurchase program will be fully consummated, or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.
As of July 31, 2021, we had $323.9 million available under our share repurchase program. On August 17, 2021, our board of directors authorized another $676.1 million increase to this share repurchase program, bringing the total authorization to $2.4 billion, with $1.0 billion remaining, and extended the expiration date to December 31, 2022. Such share repurchase program may be suspended or discontinued by the Company at any time without prior notice. Although our board of directors has authorized a share repurchase program, we are not obligated to repurchase any specific dollar amount or to acquire any specific number of shares under the program. The share repurchase program could affect the price of our common stock, increase volatility and diminish our cash reserves. In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock.
We are subject to risks associated with our strategic investments. Impairments in the value of our investments could negatively impact our financial results.
In July 2017, we formed the $20.0 million Palo Alto Networks Venture Fund. The fund is aimed at seed-, early-, and growth-stage security companies with a cloud-based application approach. We may not realize a return on our capital investments. Many such private companies generate net losses and the market for their products, services or technologies may be slow to develop, and, therefore, are dependent on the availability of later rounds of financing from banks or investors on favorable terms to continue their operations. The financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation in the cost of our initial investment. The capital markets for public offerings and acquisitions are dynamic and the likelihood of liquidity events for the companies we have invested in, and intend to invest in, could significantly change. Further, valuations of privately-held companies are inherently complex due to the lack of readily available market data and as such, the basis for these valuations is subject to the timing and accuracy of the data received from these companies. If we determine that any of our investments in such companies have experienced a decline in value, we may be required to record an impairment, which could be material and negatively impact our financial results. All of our investments are subject to a risk of a partial or total loss of investment capital.
- 36 -
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases.
Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change in control of our company or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•establish that our board of directors is divided into three classes, Class I, Class II and Class III, with three-year staggered terms;
•authorize our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval;
•provide our board of directors with the exclusive right to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director;
•prohibit our stockholders from taking action by written consent;
•specify that special meetings of our stockholders may be called only by the chairman of our board of directors, our president, our secretary, or a majority vote of our board of directors;
•require the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws;
•authorize our board of directors to amend our bylaws by majority vote; and
•establish advance notice procedures with which our stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for our stockholders to replace members of our board of directors, which is responsible for appointing the members of management. In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. Additionally, certain provisions contained in the indenture governing our Notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions contained in the indenture governing our Notes also could have the effect of delaying or preventing a change in control of us. Any of these provisions could, under certain circumstances, depress the market price of our common stock.
General Risk Factors
Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks and other catastrophic events, and to interruption by man-made problems such as terrorism.
Both our corporate headquarters and the location where our products are manufactured are located in the San Francisco Bay Area, a region known for seismic activity. In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geo-political unrest could affect our supply chain, manufacturers, logistics providers, channel partners, or end-customers or the economy as a whole and such disruption could impact our shipments and sales. These risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, the loss of customers, or the delay in the manufacture, deployment, or shipment of our products, our business, financial condition, and operating results would be adversely affected.
Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.
We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our portfolio, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure
- 37 -
additional funds. If we raise additional equity or equity-linked financing, our stockholders may experience significant dilution of their ownership interests and the market price of our common stock could decline. Any conversion of the outstanding Notes into common stock will dilute the ownership interests of existing stockholders to the extent we deliver shares upon conversion of such Notes. See the risk factor entitled “The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute all other stockholders.” The holders of our Notes have priority over holders of our common stock, and if we engage in future debt financings, the holders of such additional debt would also have priority over the holders of our common stock. Current and future indebtedness may also contain terms that, among other things, restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and would require us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
The requirements of being a public company may strain our resources, divert management’s attention, and affect our ability to attract and retain qualified board members.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, the listing requirements of the New York Stock Exchange (“NYSE”), and other applicable securities rules and regulations. Compliance with these rules and regulations have increased our legal and financial compliance costs, made some activities more difficult, time-consuming or costly, and increased demand on our systems and resources. Among other things, the Exchange Act requires that we file annual, quarterly, and current reports with respect to our business and operating results. In addition, the Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to meet the requirements of this standard, significant resources and management oversight may be required. As a result, management’s attention may be diverted from other business concerns, which could harm our business and operating results. Although we have already hired additional employees to comply with these requirements, we may need to hire even more employees in the future, which will increase our costs and expenses.
In addition, changing laws, regulations, and standards related to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time-consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies, regulatory authorities may initiate legal proceedings against us and our business may be harmed.
We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or this internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.
While we were able to determine in our management’s report for fiscal 2021 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion, may be unable to assert that our internal controls are effective, or our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting in the future. In the event that our chief executive officer, chief financial officer, or independent registered public accounting firm determines in the future that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits or other adverse actions requiring us to incur defense costs, pay fines, settlements or judgments and causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.
ITEM 1B. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 2. PROPERTIES
Our corporate headquarters is located in Santa Clara, California, where we lease approximately 941,000 square feet of space under three lease agreements that expire in July 2028, with options to extend the lease terms through July 2046. We also lease space for personnel in Israel. In addition, we provide our cloud-based subscription offerings through data centers operated under co-location arrangements in the United States, Europe, and Asia. Refer to Note 11. Leases in Part II, Item 8 of this Annual Report on Form 10-K
- 38 -
for more information on our operating leases. Additionally, we own 5.8 acres of land adjacent to our headquarters in Santa Clara, California, which we intend to develop to accommodate future expansion, the speed of which development has been slowed due to the current environment.
We believe that our current facilities are adequate to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional expenses in connection with such new or expanded facilities.
ITEM 3. LEGAL PROCEEDINGS
The information set forth under the “Litigation” subheading in Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
- 39 -
PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Our common stock, $0.0001 par value per share, began trading on the NYSE on July 20, 2012, where its prices are quoted under the symbol “PANW.”
Holders of Record
As of August 23, 2021, there were 229 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Dividend Policy
We have never declared or paid, and do not anticipate declaring or paying in the foreseeable future, any cash dividends on our capital stock. Any future determination as to the declaration and payment of dividends, if any, will be at the discretion of our board of directors, subject to applicable laws and will depend on then existing conditions, including our financial condition, operating results, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant.
Securities Authorized for Issuance under Equity Compensation Plans
See Part III, Item 12 “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” of this Annual Report on Form 10-K for more information regarding securities authorized for issuance.
Recent Sales of Unregistered Equity Securities
In June 2021, we issued a total of 11,114 shares of our unregistered common stock pursuant to post-closing obligations in connection with our previous acquisition of Aporeto, Inc. (the “Aporeto Transaction”).
The Aporeto Transaction did not involve any underwriters, any underwriting discounts or commissions, or any public offering. The issuances of the securities pursuant to the Aporeto Transaction were exempt from registration under the Securities Act of 1933, as amended (the “Act”) by virtue of Section 4(a)(2) of the Act and Rule 506 of Regulation D promulgated thereunder.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
The following table summarizes stock repurchases during the three months ended July 31, 2021 (in millions, except per share amounts):
| Period | Total Number of Shares Purchased | Average Price Paid per Share | Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs(1) | Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs(1) | ||||||||||||||||||||||
May 1, 2021 to May 31, 2021(1)(2) | 0.0 | $ | 353.17 | 0.0 | $ | 651.9 | ||||||||||||||||||||
June 1, 2021 to June 30, 2021(1)(2) | 0.0 | $ | 361.83 | 0.0 | $ | 651.9 | ||||||||||||||||||||
July 1, 2021 to July 31, 2021(1)(2) | 0.9 | $ | 387.98 | 0.9 | $ | 323.9 | ||||||||||||||||||||
| Total | 0.9 | $ | 387.63 | 0.9 | ||||||||||||||||||||||
______________
(1) On February 26, 2019, we announced that our board of directors authorized a $1.0 billion share repurchase program, which is funded from available working capital. On December 8, 2020, we announced that our board of directors authorized a $700.0 million increase to our share repurchase program, bringing the total authorization to $1.7 billion. On August 17, 2021, our board of directors authorized another $676.1 million increase to this share repurchase program, bringing the total authorization to $2.4 billion, with $1.0 billion remaining. The expiration date of this repurchase authorization was extended to December 31, 2022, and our repurchase program may be suspended or discontinued at any time. Repurchases under our program are to be made at management’s discretion on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing.
(2) Includes shares of restricted common stock delivered by certain employees upon vesting of equity awards to satisfy tax withholding requirements. The number of shares delivered by these employees to satisfy tax withholding requirements during the period was not significant.
- 40 -
Stock Price Performance Graph
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or incorporated by reference into any filing of Palo Alto Networks, Inc. under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
This performance graph compares the cumulative total return on our common stock with that of the NYSE Composite Index and the NYSE Arca Tech 100 Index for the five years ended July 31, 2021. This performance graph assumes $100 was invested on July 31, 2016, in each of the common stock of Palo Alto Networks, Inc., the NYSE Composite Index, and the NYSE Arca Tech 100 Index, and assumes the reinvestment of any dividends. The stock price performance on this performance graph is not necessarily indicative of future stock price performance.
| Company/Index | 7/31/2016 | 7/31/2017 | 7/31/2018 | 7/31/2019 | 7/31/2020 | 7/31/2021 | ||||||||||||||||||||||||||||||||
| Palo Alto Networks, Inc. | $ | 100.00 | $ | 100.68 | $ | 151.47 | $ | 173.08 | $ | 195.52 | $ | 304.87 | ||||||||||||||||||||||||||
| NYSE Composite Index | $ | 100.00 | $ | 110.96 | $ | 120.19 | $ | 121.15 | $ | 115.57 | $ | 153.93 | ||||||||||||||||||||||||||
| NYSE Arca Tech 100 Index | $ | 100.00 | $ | 123.34 | $ | 154.01 | $ | 165.71 | $ | 191.39 | $ | 265.46 | ||||||||||||||||||||||||||
- 41 -
ITEM 6. [RESERVED]
- 42 -
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. The following discussion and analysis contains forward-looking statements based on current expectations and assumptions that are subject to risks and uncertainties, which could cause our actual results to differ materially from those anticipated or implied by any forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Annual Report on Form 10-K, and in particular, the risks discussed under the caption “Risk Factors” in Part I, Item 1A of this report.
Our Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) is organized as follows:
•Overview. A discussion of our business and overall analysis of financial and other highlights in order to provide context for the remainder of MD&A.
•Key Financial Metrics. A summary of our GAAP and non-GAAP key financial metrics, which management monitors to evaluate our performance.
•Results of Operations. A discussion of the nature and trends in our financial results and an analysis of our financial results comparing fiscal 2021 to fiscal 2020. For discussion and analysis related to our financial results comparing fiscal 2020 to 2019, refer to Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for fiscal 2020, which was filed with the Securities and Exchange Commission on September 4, 2020.
•Liquidity and Capital Resources. An analysis of changes in our balance sheets and cash flows, and a discussion of our financial condition and our ability to meet cash needs.
•Contractual Obligations and Commitments. An overview of our contractual obligations, contingent liabilities, commitments, and off-balance sheet arrangements outstanding as of July 31, 2021, including expected payment schedules.
•Critical Accounting Estimates. A discussion of our accounting policies that require critical estimates, assumptions, and judgments.
•Recent Accounting Pronouncements. A discussion of expected impacts of impending accounting changes on financial information to be reported in the future.
Overview
We empower enterprises, service providers, and government entities to secure all users, applications, data, networks, clouds and devices with comprehensive visibility and context continuously across all locations. We deliver cybersecurity products covering a broad range of use cases, enabling our end-customers to secure their networks, remote and hybrid workforces, branch locations, and public and private clouds, and to advance their Security Operations Centers (“SOC”). We believe our portfolio offers advanced prevention and security, while reducing the total cost of ownership for organizations by improving operational efficiency and eliminating the need for siloed point products. We do this with solutions focused on delivering value in five fundamental areas:
Zero Trust Network Security:
•Enabling zero trust network security through our ML-Powered Next-Generation Firewalls, available in a number of form factors, including physical, virtual, and containerized appliances, as well as a cloud-delivered service. This also includes our add-on Cloud-Delivered Security Services, such as Threat Prevention, WildFire, URL Filtering, Advanced URL Filtering, DNS Security, IoT Security, GlobalProtect, SD-WAN, Enterprise Data Loss Prevention (“Enterprise DLP”), SaaS Security API and SaaS Security Inline that secure content, applications, users, and devices across our ML-Powered Next-Generation Firewalls, Prisma, and Cortex product lines, to enable best-in-class security across a broad range of applications. Panorama, our network security management solution, available as hardware or virtual machine, can centrally manage all of our firewalls irrespective of their form factor, location, or scale.
Cloud Security:
•Enabling cloud security through our Prisma security offerings. Prisma Cloud, the industry’s most comprehensive Cloud Native Security Platform (“CNSP”), secures multi- and hybrid-cloud environments and cloud native applications, integrating security across the full deployment lifecycle. VM-Series and CN-Series enforce in-line network security in multi- and hybrid-cloud environments.
- 43 -
Secure Access Service Edge:
•Prisma Access, the industry’s most complete cloud-delivered security platform, together with Prisma SD-WAN, SaaS Security API and SaaS Security Inline, provide a comprehensive Secure Access Service Edge (“SASE”) offering that is used to secure remote workforces and enable the cloud-delivered branch.
Security Analytics and Automation:
•Delivering the next generation of endpoint security, security analytics and security automation solutions through our Cortex portfolio. These include our industry-leading extended detection and response platform Cortex XDR to prevent, detect, and respond to complex cybersecurity attacks, Cortex XSOAR for security orchestration, automation, and response (“SOAR”), Cortex Xpanse for attack surface management (“ASM”) and Cortex Data Lake allowing our customers to collect and analyze large amounts of context-rich data across endpoints, networks, and clouds. These products are delivered as software or SaaS subscriptions.
Threat Intelligence and Security Consulting (Unit 42):
•Enabling security teams with up-to-date threat intelligence and deep cybersecurity expertise before, during and after attacks through our Unit 42 threat research and security consulting team. Unit 42 offers incident response, risk management, board advisory and proactive cybersecurity assessment services.
For fiscal 2021 and 2020, total revenue was $4.3 billion and $3.4 billion, respectively, representing year-over-year growth of 24.9%. Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support. We believe our portfolio will enable us to benefit from recurring revenues as we continue to grow our installed end-customer base. As of July 31, 2021, we had end-customers in over 170 countries. Our end-customers represent a broad range of industries including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include some of the largest Fortune 100 and Global 2000 companies in the world. We maintain a field sales force that works closely with our channel partners in developing sales opportunities. We primarily use a two-tiered, indirect fulfillment model whereby we sell our products, subscriptions, and support to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers.
Our product revenue was $1.1 billion or 26.3% of total revenue for fiscal 2021, representing year-over-year growth of 5.3%. Product revenue is generated from sales of our appliances, primarily our ML-Powered Next-Generation Firewall, which is available in a number of form factors, including as physical, virtual, and containerized appliances. Our ML-Powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire network security product line. Our products are designed for different performance requirements throughout an organization, ranging from our PA-410, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use. The same firewall functionality that is delivered in our physical appliances is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments, and in our CN-Series container firewalls, which secure container environments and traffic.
Our subscription and support revenue grew to $3.1 billion or 73.7% of total revenue for fiscal 2021, representing year-over-year growth of 33.8%. Our subscriptions provide our end-customers with near real-time access to the latest antivirus, intrusion prevention, web filtering, modern malware prevention, data loss prevention, and cloud access security broker capabilities across the network, endpoints, and the cloud. When end-customers purchase our physical, virtual, or container firewall appliances, or certain cloud offerings, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these appliances, end-customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis. We also offer professional services, including incident response, risk management, and digital forensic services.
We continue to invest in innovation and acquire businesses as we evolve and further extend the capabilities of our portfolio, as we believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2021, we introduced several new offerings, including: Cortex XDR 2.5, Next Generation SD-WAN, Prisma Cloud 2.0, Enterprise DLP, 5G Security, IoT Healthcare Security, Prisma Access 2.0 and Complete Zero Trust Network Security. Additionally, we acquired productive investments that we believe fit well within our long-term strategy. For example, in September 2020, we acquired Crypsis, which we expect will expand our incident response capabilities and strengthen our Cortex strategy; in November 2020, we acquired Sinefa, which we expect will extend our Prisma Access offering; in December 2020, we acquired Expanse, which we expect will enrich our Cortex offerings and provide organizations an integrated view of the enterprise to combine external, internal, and threat data; and in March 2021, we acquired Bridgecrew, which we expect will expand our Prisma Cloud offering to deliver security across the full application lifecycle.
We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, and focus on end-customer satisfaction. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative
- 44 -
systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results. For additional information regarding the challenges and risks we face, see the “Risk Factors” section in Part I, Item 1A of this Annual Report on Form 10-K.
Impact of COVID-19 on Our Business
We are actively monitoring, evaluating, and responding to developments relating to COVID-19, which has resulted in and is expected to continue to result in continued significant global, social, and business disruption. As described in “Impacts of COVID-19 on our Business” included in Part I, Item 1 Business in this Annual Report, we have made some changes to our business including instituting a global work-from-home policy beginning in March 2020 and adopting our FLEXWORK initiative in fiscal 2021, which did not incur significant disruptions in our work operations during fiscal 2020 and fiscal 2021. We will continue to actively monitor the situation, including progress made through vaccinations, and we will make further changes to our business operations as may be required by federal, state, or local authorities or that we determine are in the best interests of our employees, end-customers, partners, suppliers, and stockholders. Our focus remains on the safety of our employees, and we strive to protect the health and well-being of the communities in which we operate, in part, by providing technology to our employees, end-customers, and partners to help them do their best work while remote.
Although some end-customers adopted Prisma Access as their secure work-from-home solution for the longer term, there continues to be uncertainty regarding the business outlook due to COVID-19, which may curtail our end-customers’ spending and could lead them to delay or defer purchasing decisions, and lengthen sales cycles and payment terms, which could materially adversely impact our business, results of operations, and overall financial performance. Also, certain of our end-customers or partners may be or may become credit or cash constrained, making it difficult for them to fulfill their payment obligations to us. The extent of the impact of COVID-19 on our operational and financial performance will depend on developments, including the duration and spread of the virus (including variants), impact on our end-customers’ spending, volume of sales and length of our sales cycles, impact on our partners, suppliers, and employees, actions that may be taken by governmental authorities, and other factors identified in Part I, Item 1A “Risk Factors” in this Form 10-K. Given the dynamic nature of these circumstances, the full impact of COVID-19 on our ongoing business, results of operations, and overall financial performance cannot be reasonably estimated at this time.
Key Financial Metrics
We monitor the key financial metrics set forth in the tables below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. We discuss revenue, gross margin, and the components of operating loss and margin below under “Results of Operations.”
| July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| (in millions) | |||||||||||
| Total deferred revenue | $ | 5,024.0 | $ | 3,810.2 | |||||||
| Cash, cash equivalents, and investments | $ | 3,789.4 | $ | 4,302.2 | |||||||
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Total revenue | $ | 4,256.1 | $ | 3,408.4 | $ | 2,899.6 | |||||||||||
| Total revenue year-over-year percentage increase | 24.9 | % | 17.5 | % | 27.5 | % | |||||||||||
| Gross margin | 70.0 | % | 70.7 | % | 72.1 | % | |||||||||||
| Operating loss | $ | (304.1) | $ | (179.0) | $ | (54.1) | |||||||||||
| Operating margin | (7.1) | % | (5.3) | % | (1.9) | % | |||||||||||
| Billings | $ | 5,452.2 | $ | 4,301.7 | $ | 3,489.8 | |||||||||||
| Billings year-over-year percentage increase | 26.7 | % | 23.3 | % | 22.2 | % | |||||||||||
| Cash flow provided by operating activities | $ | 1,503.0 | $ | 1,035.7 | $ | 1,055.6 | |||||||||||
| Free cash flow (non-GAAP) | $ | 1,387.0 | $ | 821.3 | $ | 924.4 | |||||||||||
•Deferred Revenue. Our deferred revenue primarily consists of amounts that have been invoiced but have not been recognized as revenue as of the period end. The majority of our deferred revenue balance consists of subscription and support revenue that is recognized ratably over the contractual service period. We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods.
- 45 -
•Billings. We define billings as total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period. We consider billings to be a key metric used by management to manage our business. We believe billings provides investors with an important indicator of the health and visibility of our business because it includes subscription and support revenue, which is recognized ratably over the contractual service period, and product revenue, which is recognized at the time of shipment, provided that all other conditions for revenue recognition have been met. We consider billings to be a useful metric for management and investors, particularly if we continue to experience increased sales of subscriptions and strong renewal rates for subscription and support offerings, and as we monitor our near-term cash flows. While we believe that billings provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management, it is important to note that other companies, including companies in our industry, may not use billings, may calculate billings differently, may have different billing frequencies, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of billings as a comparative measure. We calculate billings in the following manner:
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| (in millions) | |||||||||||||||||
Billings: | |||||||||||||||||
| Total revenue | $ | 4,256.1 | $ | 3,408.4 | $ | 2,899.6 | |||||||||||
| Add: change in total deferred revenue, net of acquired deferred revenue | 1,196.1 | 893.3 | 590.2 | ||||||||||||||
| Billings | $ | 5,452.2 | $ | 4,301.7 | $ | 3,489.8 | |||||||||||
• Cash Flow Provided by Operating Activities. We monitor cash flow provided by operating activities as a measure of our overall business performance. Our cash flow provided by operating activities is driven in large part by sales of our products and from up-front payments for subscription and support offerings. Monitoring cash flow provided by operating activities enables us to analyze our financial performance without the non-cash effects of certain items such as depreciation, amortization, and share-based compensation costs, thereby allowing us to better understand and manage the cash needs of our business.
• Free Cash Flow (non-GAAP). We define free cash flow, a non-GAAP financial measure, as cash provided by operating activities less purchases of property, equipment, and other assets. We consider free cash flow to be a profitability and liquidity measure that provides useful information to management and investors about the amount of cash generated by the business after necessary capital expenditures. A limitation of the utility of free cash flow as a measure of our financial performance and liquidity is that it does not represent the total increase or decrease in our cash balance for the period. In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of free cash flow to cash flow provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| (in millions) | |||||||||||||||||
Free cash flow (non-GAAP): | |||||||||||||||||
| Net cash provided by operating activities | $ | 1,503.0 | $ | 1,035.7 | $ | 1,055.6 | |||||||||||
| Less: purchases of property, equipment, and other assets | 116.0 | 214.4 | 131.2 | ||||||||||||||
| Free cash flow (non-GAAP) | $ | 1,387.0 | $ | 821.3 | $ | 924.4 | |||||||||||
| Net cash provided by (used in) investing activities | $ | (1,480.6) | $ | 288.0 | $ | (1,825.9) | |||||||||||
| Net cash provided by (used in) financing activities | $ | (1,104.0) | $ | 673.0 | $ | (773.9) | |||||||||||
- 46 -
Results of Operations
The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our consolidated statements of operations data. The period to period comparison of results is not necessarily indicative of results for future periods.
| Year Ended July 31, | |||||||||||||||||||||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||||||||||||||||||||
| Amount | % of Revenue | Amount | % of Revenue | Amount | % of Revenue | ||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||
| Revenue: | |||||||||||||||||||||||||||||||||||
| Product | $ | 1,120.3 | 26.3 | % | $ | 1,064.2 | 31.2 | % | $ | 1,096.2 | 37.8 | % | |||||||||||||||||||||||
| Subscription and support | 3,135.8 | 73.7 | % | 2,344.2 | 68.8 | % | 1,803.4 | 62.2 | % | ||||||||||||||||||||||||||
| Total revenue | 4,256.1 | 100.0 | % | 3,408.4 | 100.0 | % | 2,899.6 | 100.0 | % | ||||||||||||||||||||||||||
| Cost of revenue: | |||||||||||||||||||||||||||||||||||
| Product | 308.5 | 7.2 | % | 294.4 | 8.6 | % | 315.9 | 10.9 | % | ||||||||||||||||||||||||||
| Subscription and support | 966.4 | 22.8 | % | 705.1 | 20.7 | % | 492.5 | 17.0 | % | ||||||||||||||||||||||||||
Total cost of revenue(1) | 1,274.9 | 30.0 | % | 999.5 | 29.3 | % | 808.4 | 27.9 | % | ||||||||||||||||||||||||||
| Total gross profit | 2,981.2 | 70.0 | % | 2,408.9 | 70.7 | % | 2,091.2 | 72.1 | % | ||||||||||||||||||||||||||
| Operating expenses: | |||||||||||||||||||||||||||||||||||
| Research and development | 1,140.4 | 26.8 | % | 768.1 | 22.5 | % | 539.5 | 18.6 | % | ||||||||||||||||||||||||||
| Sales and marketing | 1,753.8 | 41.1 | % | 1,520.2 | 44.7 | % | 1,344.0 | 46.4 | % | ||||||||||||||||||||||||||
| General and administrative | 391.1 | 9.2 | % | 299.6 | 8.8 | % | 261.8 | 9.0 | % | ||||||||||||||||||||||||||
Total operating expenses(1) | 3,285.3 | 77.1 | % | 2,587.9 | 76.0 | % | 2,145.3 | 74.0 | % | ||||||||||||||||||||||||||
| Operating loss | (304.1) | (7.1) | % | (179.0) | (5.3) | % | (54.1) | (1.9) | % | ||||||||||||||||||||||||||
| Interest expense | (163.3) | (3.8) | % | (88.7) | (2.6) | % | (83.9) | (2.9) | % | ||||||||||||||||||||||||||
| Other income, net | 2.4 | 0.0 | % | 35.9 | 1.1 | % | 63.4 | 2.2 | % | ||||||||||||||||||||||||||
| Loss before income taxes | (465.0) | (10.9) | % | (231.8) | (6.8) | % | (74.6) | (2.6) | % | ||||||||||||||||||||||||||
| Provision for income taxes | 33.9 | 0.8 | % | 35.2 | 1.0 | % | 7.3 | 0.2 | % | ||||||||||||||||||||||||||
| Net loss | $ | (498.9) | (11.7) | % | $ | (267.0) | (7.8) | % | $ | (81.9) | (2.8) | % | |||||||||||||||||||||||
______________
(1)Includes share-based compensation as follows:
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| (in millions) | |||||||||||||||||
Cost of product revenue | $ | 6.2 | $ | 5.7 | $ | 5.6 | |||||||||||
Cost of subscription and support revenue | 93.0 | 77.7 | 71.3 | ||||||||||||||
Research and development | 428.9 | 274.6 | 186.8 | ||||||||||||||
Sales and marketing | 269.9 | 214.5 | 221.9 | ||||||||||||||
General and administrative | 128.9 | 92.0 | 102.1 | ||||||||||||||
| Total share-based compensation | $ | 926.9 | $ | 664.5 | $ | 587.7 | |||||||||||
- 47 -
Revenue
Our revenue consists of product revenue and subscription and support revenue. Revenue is recognized upon transfer of control of the corresponding promised products and subscriptions and support to our customers in an amount that reflects the consideration we expect to be entitled in exchange for those products and subscriptions and support. We expect our revenue to vary from quarter to quarter based on seasonal and cyclical factors.
Product Revenue
Product revenue is derived primarily from sales of our appliances. Product revenue also includes revenue derived from software licenses of Panorama and the VM-Series. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. We recognize product revenue at the time of hardware shipment or delivery of software license.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Product | $ | 1,120.3 | $ | 1,064.2 | $ | 56.1 | 5.3 | % | $ | 1,064.2 | $ | 1,096.2 | $ | (32.0) | (2.9) | % | |||||||||||||||||||||||||||||||
Product revenue increased for fiscal 2021 compared to fiscal 2020, largely driven by increases in software sales, reflecting increased demand for our products.
Subscription and Support Revenue
Subscription and support revenue is derived primarily from sales of our subscription and support offerings. Our contractual subscription and support contracts are typically one to five years. We recognize revenue from subscriptions and support over time as the services are performed. As a percentage of total revenue, we expect our subscription and support revenue to vary from quarter to quarter and increase over the long term as we introduce new subscriptions, renew existing subscription and support contracts, and expand our installed end-customer base.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Subscription | $ | 1,898.8 | $ | 1,405.3 | $ | 493.5 | 35.1 | % | $ | 1,405.3 | $ | 1,032.7 | $ | 372.6 | 36.1 | % | |||||||||||||||||||||||||||||||
| Support | 1,237.0 | 938.9 | 298.1 | 31.7 | % | 938.9 | 770.7 | 168.2 | 21.8 | % | |||||||||||||||||||||||||||||||||||||
| Total subscription and support | $ | 3,135.8 | $ | 2,344.2 | $ | 791.6 | 33.8 | % | $ | 2,344.2 | $ | 1,803.4 | $ | 540.8 | 30.0 | % | |||||||||||||||||||||||||||||||
Subscription and support revenue increased year-over-year for fiscal 2021 due to increased demand for our subscription and support offerings from both new and existing end-customers. The mix between subscription revenue and support revenue will vary over time, depending on the introduction of new subscription offerings, renewals of support services, and our ability to increase sales to new and existing end-customers.
Revenue by Geographic Theater
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Americas | $ | 2,937.5 | $ | 2,318.0 | $ | 619.5 | 26.7 | % | $ | 2,318.0 | $ | 1,977.0 | $ | 341.0 | 17.2 | % | |||||||||||||||||||||||||||||||
| EMEA | 817.3 | 671.9 | 145.4 | 21.6 | % | 671.9 | 568.6 | 103.3 | 18.2 | % | |||||||||||||||||||||||||||||||||||||
| APAC | 501.3 | 418.5 | 82.8 | 19.8 | % | 418.5 | 354.0 | 64.5 | 18.2 | % | |||||||||||||||||||||||||||||||||||||
Total revenue | $ | 4,256.1 | $ | 3,408.4 | $ | 847.7 | 24.9 | % | $ | 3,408.4 | $ | 2,899.6 | $ | 508.8 | 17.5 | % | |||||||||||||||||||||||||||||||
With respect to geographic theaters, the Americas contributed the largest portion of the year-over-year increases in revenue for fiscal 2021 due to its larger and more established sales force compared to our other theaters. Revenue from both Europe, the Middle East, and Africa (“EMEA”) and Asia Pacific and Japan (“APAC”) increased year-over-year for fiscal 2021 due to our increasing investment in global sales force in order to support our growth and innovation.
- 48 -
Cost of Revenue
Our cost of revenue consists of cost of product revenue and cost of subscription and support revenue.
Cost of Product Revenue
Cost of product revenue primarily includes costs paid to our manufacturing partners. Our cost of product revenue also includes personnel costs, which consist of salaries, benefits, bonuses, share-based compensation, and travel and entertainment associated with our operations organization, amortization of intellectual property licenses, product testing costs, shipping and tariff costs, and allocated costs. Allocated costs consist of certain facilities, depreciation, benefits, recruiting, and information technology costs that we allocate based on headcount. We expect our cost of product revenue to fluctuate with our product revenue.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Cost of product revenue | $ | 308.5 | $ | 294.4 | $ | 14.1 | 4.8 | % | $ | 294.4 | $ | 315.9 | $ | (21.5) | (6.8) | % | |||||||||||||||||||||||||||||||
| Number of employees at period end | 127 | 117 | 10 | 8.5 | % | 117 | 102 | 15 | 14.7 | % | |||||||||||||||||||||||||||||||||||||
Cost of product revenue increased for fiscal 2021 compared to fiscal 2020 primarily due to an increase in the volume of product sold, partially offset by product mix. The remaining increase was largely due to increased overhead costs to support the growth of our product revenue.
Cost of Subscription and Support Revenue
Cost of subscription and support revenue includes personnel costs for our global customer support and technical operations organizations, customer support and repair costs, third-party professional services costs, data center and cloud hosting service costs, amortization of acquired intangible assets and capitalized software development costs, and allocated costs. We expect our cost of subscription and support revenue to increase as our installed end-customer base grows and adoption of our cloud-based subscription offerings increases.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Cost of subscription and support revenue | $ | 966.4 | $ | 705.1 | $ | 261.3 | 37.1 | % | $ | 705.1 | $ | 492.5 | $ | 212.6 | 43.2 | % | |||||||||||||||||||||||||||||||
| Number of employees at period end | 2,108 | 1,402 | 706 | 50.4 | % | 1,402 | 1,219 | 183 | 15.0 | % | |||||||||||||||||||||||||||||||||||||
Cost of subscription and support revenue increased for fiscal 2021 compared to fiscal 2020 primarily due to increased costs to support the growth of our subscription and support offerings. Personnel costs grew $97.1 million to $412.4 million for fiscal 2021 compared to fiscal 2020 primarily due to headcount growth. Cloud hosting service costs, which support the adoption of our cloud-based subscription offerings increased $45.6 million for fiscal 2021 compared to fiscal 2020. The remaining increase was primarily due to increased outside service costs for global customer support resulting from the expansions of our customer base and product portfolio, as well as the amortization of intangible assets from our recent acquisitions.
Gross Margin
Gross margin, or gross profit as a percentage of revenue, has been and will continue to be affected by a variety of factors, including the introduction of new products, manufacturing costs, tariff costs, the average sales price of our products, cloud hosting service costs, personnel costs, the mix of products sold, and the mix of revenue between product and subscription and support offerings. For sales of our products, our higher-end firewall products generally have higher gross margins than our lower-end firewall products within each product series. We expect our gross margins to vary over time depending on the factors described above.
| Year Ended July 31, | |||||||||||||||||||||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||||||||||||||||||||
| Amount | Gross Margin | Amount | Gross Margin | Amount | Gross Margin | ||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||
| Product | $ | 811.8 | 72.5 | % | $ | 769.8 | 72.3 | % | $ | 780.3 | 71.2 | % | |||||||||||||||||||||||
| Subscription and support | 2,169.4 | 69.2 | % | 1,639.1 | 69.9 | % | 1,310.9 | 72.7 | % | ||||||||||||||||||||||||||
Total gross profit | $ | 2,981.2 | 70.0 | % | $ | 2,408.9 | 70.7 | % | $ | 2,091.2 | 72.1 | % | |||||||||||||||||||||||
- 49 -
Product gross margin was relatively flat for fiscal 2021 compared to fiscal 2020.
Subscription and support gross margin decreased for fiscal 2021 compared to fiscal 2020, primarily due to increased costs to fulfill professional services arrangements.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, share-based compensation, travel and entertainment, and with regard to sales and marketing expense, sales commissions. Our operating expenses also include allocated costs, which consist of certain facilities, depreciation, benefits, recruiting, and information technology costs that we allocate based on headcount. We expect operating expenses generally to increase in absolute dollars and decrease over the long term as a percentage of revenue as we continue to scale our business. In response to COVID-19, we instituted a global work-from-home policy, which has been modified to provide employees with the choice to work in certain of our offices when and as they feel comfortable, and limited employee travel beginning in March 2020. Further, we have canceled in-person events and either replaced them with virtual events or postponed them to future periods. As of July 31, 2021, we expect to recognize approximately $2.0 billion of share-based compensation expense over a weighted-average period of approximately 2.6 years, excluding additional share-based compensation expense related to any future grants of share-based awards. Share-based compensation expense is generally recognized on a straight-line basis over the requisite service periods of the awards.
Research and Development
Research and development expense consists primarily of personnel costs. Research and development expense also includes prototype related expenses and allocated costs. We expect research and development expense to increase in absolute dollars as we continue to invest in our future products and services, although our research and development expense may fluctuate as a percentage of total revenue.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Research and development | $ | 1,140.4 | $ | 768.1 | $ | 372.3 | 48.5 | % | $ | 768.1 | $ | 539.5 | $ | 228.6 | 42.4 | % | |||||||||||||||||||||||||||||||
| Number of employees at period end | 2,595 | 1,821 | 774 | 42.5 | % | 1,821 | 1,507 | 314 | 20.8 | % | |||||||||||||||||||||||||||||||||||||
Research and development expense increased for fiscal 2021 compared to fiscal 2020 due to an increase in personnel costs, which grew $321.2 million to $911.0 million for fiscal 2021 compared to fiscal 2020. The increase in personnel costs was primarily due to headcount growth.
Sales and Marketing
Sales and marketing expense consists primarily of personnel costs, including commission expense. Sales and marketing expense also includes costs for market development programs, promotional and other marketing costs, professional services, and allocated costs. We continue to thoughtfully invest in headcount and have substantially grown our international sales presence. We expect sales and marketing expense to continue to increase in absolute dollars as we increase the size of our sales and marketing organizations to increase touch points with end-customers and to expand our global presence, although our sales and marketing expense may fluctuate as a percentage of total revenue.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Sales and marketing | $ | 1,753.8 | $ | 1,520.2 | $ | 233.6 | 15.4 | % | $ | 1,520.2 | $ | 1,344.0 | $ | 176.2 | 13.1 | % | |||||||||||||||||||||||||||||||
| Number of employees at period end | 4,493 | 3,800 | 693 | 18.2 | % | 3,800 | 3,382 | 418 | 12.4 | % | |||||||||||||||||||||||||||||||||||||
Sales and marketing expense increased for fiscal 2021 compared to fiscal 2020 primarily due to an increase in personnel costs, which grew $186.9 million to $1.3 billion for fiscal 2021 compared to fiscal 2020. The increase in personnel costs was largely due to headcount growth, partially offset by decreased travel expenses due to COVID-19. In addition, expenses increased as a result of go-to-market initiatives, including advertising, which were partially offset by a decrease in trade shows and convention expenses as in-person events were replaced with virtual events due to COVID-19.
General and Administrative
General and administrative expense consists primarily of personnel costs for our executive, finance, human resources, legal, and information technology organizations, and professional services costs, which consist primarily of legal, auditing, accounting, and other
- 50 -
consulting costs. General and administrative expense also includes certain non-recurring general expenses and impairment losses. Certain facilities, depreciation, benefits, recruiting, and information technology costs are allocated to other organizations based on headcount. We expect general and administrative expense to increase in absolute dollars due to additional costs associated with accounting, compliance, and insurance, although our general and administrative expense may fluctuate as a percentage of total revenue.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| General and administrative | $ | 391.1 | $ | 299.6 | $ | 91.5 | 30.5 | % | $ | 299.6 | $ | 261.8 | $ | 37.8 | 14.4 | % | |||||||||||||||||||||||||||||||
| Number of employees at period end | 1,150 | 874 | 276 | 31.6 | % | 874 | 804 | 70 | 8.7 | % | |||||||||||||||||||||||||||||||||||||
General and administrative expenses increased for fiscal 2021 compared to fiscal 2020 primarily due to personnel costs, which grew $48.9 million to $244.0 million for fiscal 2021 compared to fiscal 2020, due primarily to an increase in share-based compensation expense related to accelerated vesting of certain equity awards in connection with our acquisitions and headcount growth. Other increases included increased professional services expense to support our business growth.
Interest Expense
Interest expense primarily consists of non-cash interest expense from the amortization of the debt discount and debt issuance costs related to our 0.0% Convertible Senior Notes due 2019 (the “2019 Notes”), the 0.75% Convertible Senior Notes due 2023 (the “2023 Notes”) and the 0.375% Convertible Senior Notes due 2025 (the “2025 Notes”, and together with “2023 Notes”, the “Notes”), and also includes the contractual interest expense related to our Notes.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Interest expense | $ | 163.3 | $ | 88.7 | $ | 74.6 | 84.1 | % | $ | 88.7 | $ | 83.9 | $ | 4.8 | 5.7 | % | |||||||||||||||||||||||||||||||
Interest expense increased for fiscal 2021 compared to fiscal 2020 due to the issuance of our 2025 Notes in the fourth quarter of fiscal 2020. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on our series of convertible senior notes.
Other Income, Net
Other income, net includes interest income earned on our cash, cash equivalents, and investments, foreign currency remeasurement gains and losses, and foreign currency transaction gains and losses.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Other income, net | $ | 2.4 | $ | 35.9 | $ | (33.5) | (93.3) | % | $ | 35.9 | $ | 63.4 | $ | (27.5) | (43.4) | % | |||||||||||||||||||||||||||||||
Other income, net decreased for fiscal 2021 compared to fiscal 2020 primarily due to lower interest income earned on our cash, cash equivalent, and investment balances as a result of lower interest rates for fiscal 2021 compared to fiscal 2020.
Provision for Income Taxes
Provision for income taxes consists primarily of income taxes in foreign jurisdictions in which we conduct business and withholding taxes. We maintain a full valuation allowance for domestic and certain foreign deferred tax assets, including net operating loss carryforwards and certain domestic tax credits. In recent years, we reorganized our corporate structure and intercompany relationships to more closely align with the international nature of our business activities. Our corporate structure has caused, and may continue to cause, disproportionate relationships between our overall effective tax rate and other jurisdictional measures. To the extent
- 51 -
we revisit our corporate structure, it may have an impact on our tax provision.
| Year Ended July 31, | Year Ended July 31, | ||||||||||||||||||||||||||||||||||||||||||||||
| 2021 | 2020 | Change | 2020 | 2019 | Change | ||||||||||||||||||||||||||||||||||||||||||
| Amount | Amount | Amount | % | Amount | Amount | Amount | % | ||||||||||||||||||||||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||||||||||||||||||||||||||
| Provision for income taxes | $ | 33.9 | $ | 35.2 | $ | (1.3) | (3.7) | % | $ | 35.2 | $ | 7.3 | $ | 27.9 | 382.2 | % | |||||||||||||||||||||||||||||||
| Effective tax rate | (7.3) | % | (15.2) | % | (15.2) | % | (9.8) | % | |||||||||||||||||||||||||||||||||||||||
We recorded an income tax provision for fiscal 2021. The provision for income taxes for fiscal 2021 was primarily due to income taxes in profitable foreign jurisdictions and withholding taxes. Our provision for income taxes slightly decreased for fiscal 2021 compared to fiscal 2020, primarily due to changes in our valuation allowances. Refer to Note 15. Income Taxes in Part II, Item 8 of this Annual Report on Form 10-K for more information.
- 52 -
Liquidity and Capital Resources
| July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| (in millions) | |||||||||||
| Working capital | $ | (469.4) | $ | 2,437.5 | |||||||
| Cash, cash equivalents, and investments: | |||||||||||
| Cash and cash equivalents | $ | 1,874.2 | $ | 2,958.0 | |||||||
| Investments | 1,915.2 | 1,344.2 | |||||||||
| Total cash, cash equivalents, and investments | $ | 3,789.4 | $ | 4,302.2 | |||||||
As of July 31, 2021, our total cash, cash equivalents, and investments of $3.8 billion were held for general corporate purposes, of which approximately $942.3 million was held outside of the United States. As of July 31, 2021, we had no unremitted earnings when evaluating our outside basis difference relating to our U.S. investment in foreign subsidiaries. However, there could be local withholding taxes payable due to various foreign countries if certain lower tier earnings are distributed. Withholding taxes that would be payable upon remittance of these lower tier earnings are not expected to be material.
In June 2014, we issued the 2019 Notes with an aggregate principal amount of $575.0 million. The 2019 Notes were converted prior to or settled on the maturity date of July 1, 2019. During fiscal 2019, we repaid in cash $575.0 million in aggregate principal amount of the 2019 Notes and issued 2.5 million shares of common stock to the holders for the conversion value in excess of the principal amount of the 2019 Notes converted, which were fully offset by shares received from our exercise of the associated note hedges. In July 2018, we issued the 2023 Notes with an aggregate principal amount of $1.7 billion. In June 2020, we issued the 2025 Notes with an aggregate principal amount of $2.0 billion. The 2023 Notes mature on July 1, 2023 and the 2025 Notes mature on June 1, 2025; however, under certain circumstances, holders may surrender their Notes of a series for conversion prior to the applicable maturity date. Upon conversion of the Notes of a series, we will pay cash equal to the aggregate principal amount of the Notes of such series to be converted, and, at our election, will pay or deliver cash and/or shares of our common stock for the amount of our conversion obligation in excess of the aggregate principal amount of the Notes of such series being converted. The sale price condition was met for the 2023 Notes during the fiscal quarter ended July 31, 2021, and as a result, holders may convert their 2023 Notes at any time during the fiscal quarter ending October 31, 2021. We believe that our cash provided by operating activities, together with our existing cash, cash equivalents and investments will be sufficient to meet our anticipated cash needs should the holders choose to convert their 2023 Notes during the fiscal quarter ending October 31, 2021. As of July 31, 2021, substantially all of our 2023 Notes and 2025 Notes remained outstanding. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Notes.
In September 2018, we entered into a credit agreement (the “Credit Agreement”) that provides for a $400.0 million unsecured revolving credit facility (the “Credit Facility”), with an option to increase the amount of the credit facility by up to an additional $350.0 million, subject to certain conditions. As of July 31, 2021, there were no amounts outstanding, and we were in compliance with all covenants under the Credit Agreement. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Credit Agreement.
In February 2019, our board of directors authorized a $1.0 billion share repurchase program, and, in December 2020, our board of directors authorized a $700.0 million increase to our share repurchase program, bringing the total authorization to $1.7 billion (our “current authorization”). As of July 31, 2021, $323.9 million remained available for future share repurchases under this current authorization. On August 17, 2021, our board of directors authorized another $676.1 million increase to our current authorization, bringing the total remaining authorization for future share repurchases to $1.0 billion. Repurchases will be funded from available working capital and may be made at management’s discretion from time to time. The expiration date of our current authorization was extended to December 31, 2022, and this program may be suspended or discontinued at any time. In February 2020, our board of directors approved the repurchase of $1.0 billion of our common stock through an accelerated share repurchase (“ASR”) transaction, which was in addition to our current authorization. During fiscal 2020, we completed the ASR transaction with an aggregate of 5.2 million shares of our common stock repurchased and retired. Refer to Note 13. Stockholders’ Equity in Part II, Item 8 of this Annual Report on Form 10-K for information on these repurchase programs.
- 53 -
The following table summarizes our cash flows for the years ended July 31, 2021, 2020, and 2019:
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| (in millions) | |||||||||||||||||
| Net cash provided by operating activities | $ | 1,503.0 | $ | 1,035.7 | $ | 1,055.6 | |||||||||||
| Net cash provided by (used in) investing activities | (1,480.6) | 288.0 | (1,825.9) | ||||||||||||||
| Net cash provided by (used in) financing activities | (1,104.0) | 673.0 | (773.9) | ||||||||||||||
| Net increase (decrease) in cash, cash equivalents, and restricted cash | $ | (1,081.6) | $ | 1,996.7 | $ | (1,544.2) | |||||||||||
Cash from operations could be affected by various risks and uncertainties, including, but not limited to, the effects of COVID-19 and other risks detailed in Part I, Item 1A “Risk Factors” in this Form 10-K. We believe that our cash flow from operations with existing cash and cash equivalents will be sufficient to meet our anticipated cash needs for at least the next 12 months and thereafter for the foreseeable future. Our future capital requirements will depend on many factors including our growth rate, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and subscription and support offerings, the costs to acquire or invest in complementary businesses and technologies, the costs to ensure access to adequate manufacturing capacity, the investments in our infrastructure to support the adoption of our cloud-based subscription offerings, the investments in our new corporate headquarters, the continuing market acceptance of our products and subscription and support offerings and macroeconomic events such as COVID-19. In addition, from time to time we may incur additional tax liability in connection with certain corporate structuring decisions.
We may also choose to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, operating results, and financial condition may be adversely affected.
Operating Activities
Our operating activities have consisted of net losses adjusted for certain non-cash items and changes in assets and liabilities.
Cash provided by operating activities during fiscal 2021 was $1.5 billion, an increase of $467.3 million compared to fiscal 2020. The increase was primarily due to growth of our business as reflected by an increase in billings, and an increase in collections during fiscal 2021, partially offset by higher cash expenditure to support our business growth.
Investing Activities
Our investing activities have consisted of capital expenditures, net investment purchases, sales, and maturities, and business acquisitions. We expect to continue such activities as our business grows.
Cash used in investing activities during fiscal 2021 was $1.5 billion, a net change of $1.8 billion compared to cash provided by investing activities of $288.0 million in fiscal 2020. The change was primarily due to a decrease in proceeds from maturities and sales of investments and higher purchases of investments during fiscal 2021.
Financing Activities
Our financing activities have consisted of proceeds from sales of shares through employee equity incentive plans, cash used to repurchase shares of our common stock, and payments for tax withholding obligations of certain employees related to the net share settlement of equity awards.
Cash used in financing activities during fiscal 2021 was $1.1 billion, a net change of $1.8 billion compared to cash provided by financing activities of 673.0 million in fiscal 2020. The change was primarily due to net proceeds of $1.8 billion from the issuance of our 2025 Notes, issuance of warrants, and purchase of note hedges during fiscal 2020.
- 54 -
Contractual Obligations and Commitments
The following summarizes our contractual obligations and commitments as of July 31, 2021:
Payments Due by Period | |||||||||||||||||||||||||||||
| Total | Less Than 1 Year | 1-3 Years | 3-5 Years | More Than 5 Years | |||||||||||||||||||||||||
| (in millions) | |||||||||||||||||||||||||||||
0.75% Convertible Senior Notes due 2023 | $ | 1,692.0 | $ | — | $ | 1,692.0 | $ | — | $ | — | |||||||||||||||||||
0.375% Convertible Senior Notes due 2025 | 2,000.0 | — | — | 2,000.0 | — | ||||||||||||||||||||||||
Operating lease obligations | 426.6 | 78.8 | 134.2 | 116.1 | 97.5 | ||||||||||||||||||||||||
Purchase obligations(1) | 1,831.7 | 251.3 | 609.0 | 971.4 | — | ||||||||||||||||||||||||
Total(2) | $ | 5,950.3 | $ | 330.1 | $ | 2,435.2 | $ | 3,087.5 | $ | 97.5 | |||||||||||||||||||
______________
(1) Consists of minimum purchase commitments of products and components with our manufacturing partners and component suppliers, as well as minimum or fixed purchase commitments for our use of certain cloud and other services with third-party providers. Obligations under contracts that we can cancel without a significant penalty are not included in the table above.
(2) No amounts related to income taxes are included. As of July 31, 2021, we had approximately $80.6 million of tax liabilities recorded related to uncertainty in income tax positions.
Off-Balance Sheet Arrangements
As of July 31, 2021, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
Critical Accounting Estimates
Our consolidated financial statements have been prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results could differ materially from those estimates due to risks and uncertainties, including uncertainty in the current economic environment due to the global impact of COVID-19. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.
We believe that of our significant accounting policies described in Note 1. Description of Business and Summary of Significant Accounting Policies in Part II, Item 8 of this Annual Report on Form 10-K, the critical accounting policies requiring estimates, assumptions, and judgments that have the most significant impact on our consolidated financial statements are described below.
Revenue Recognition
The majority of our contracts with our customers include various combinations of our products and subscriptions and support. Our appliances and software licenses have significant standalone functionalities and capabilities and, accordingly, are distinct from our subscriptions and support services, as the customer can benefit from the product without these services and such services are separately identifiable within the contract. We account for multiple agreements with a single customer as a single contract if the contractual terms and/or substance of those agreements indicate that they may be so closely related that they are, in effect, parts of a single contract. The amount we are due in exchange for delivering on the contract is allocated to each performance obligation based on its relative standalone selling price.
We establish standalone selling price using the prices charged for a deliverable when sold separately. If not observable through past transactions, we estimate the standalone selling price based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (reseller, distributor, or end-customer), the geographies in which our offerings were sold (domestic or international) and offering type (products, subscriptions, or support). As our business offerings evolve over time, we may be required to modify our estimated standalone selling prices, and as a result the timing and classification of our revenue could be affected.
Deferred Contract Costs
We defer contract costs that are recoverable and incremental to obtaining customer sales contracts. Contract costs, which primarily consist of sales commissions, are amortized on a systematic basis that is consistent with the transfer to the customer of the goods or services to which the asset relates. Sales commissions for initial contracts that are not commensurate with renewal
- 55 -
commissions are amortized over a benefit period of five years, consistent with the revenue recognition pattern of the performance obligations in the related contracts including expected renewals. The benefit period is determined by taking into consideration contract length, technology life, and other quantitative and qualitative factors. The expected renewals are estimated based on historical renewal trends. Sales commissions for initial contracts that are commensurate and sales commissions for renewal contracts are amortized over the related contractual period in proportion to the revenue recognized.
Income Taxes
We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates of future taxable income, and the feasibility of tax planning strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.
We apply the authoritative accounting guidance prescribing a threshold and measurement attribute for the financial recognition and measurement of a tax position taken or expected to be taken in a tax return. We recognize liabilities for uncertain tax positions based on a two-step process. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step requires us to estimate and measure the tax benefit as the largest amount that is more likely than not to be realized upon ultimate settlement.
Significant judgment is also required in evaluating our uncertain tax positions and determining our provision for income taxes. Although we believe our reserves are reasonable, no assurance can be given that the final tax outcome of these matters will not be different from that which is reflected in our historical income tax provisions and accruals. We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate. To the extent that the final tax outcome of these matters is different than the amounts recorded, such differences may impact the provision for income taxes in the period in which such determination is made.
Manufacturing Partner and Supplier Liabilities
We outsource most of our manufacturing, repair, and supply chain management operations to our EMS provider, which procures components and assembles our products based on our demand forecasts. These forecasts of future demand are based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions. We accrue for costs for manufacturing purchase commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our manufacturing partners and component suppliers. Actual component usage and product demand may be materially different from our forecast and could be caused by factors outside of our control, which could have an adverse impact on our results of operations. To date, we have not accrued significant costs associated with this exposure.
Loss Contingencies
We are subject to the possibility of various loss contingencies arising in the ordinary course of business. We accrue for loss contingencies when it is probable that an asset has been impaired or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted, or a range of possible loss should be disclosed.
From time to time, we are involved in disputes, litigation, and other legal actions. However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations. The actual liability in any such matters may be materially different from our estimates, which could result in the need to adjust our liability and record additional expenses.
Goodwill, Intangibles, and Other Long-Lived Assets
We make significant estimates, assumptions, and judgments when valuing goodwill and other purchased intangible assets in connection with the initial purchase price allocation of an acquired entity, as well as when evaluating impairment of goodwill and other purchased intangible assets on an ongoing basis. These estimates are based upon a number of factors, including historical experience, market conditions, and information obtained from the management of the acquired company. Critical estimates in valuing certain intangible assets include, but are not limited to, cash flows that an asset is expected to generate in the future, discount rates, the time and expense that would be necessary to recreate the assets, and the profit margin a market participant would receive. The amounts and useful lives assigned to identified intangible assets impacts the amount and timing of future amortization expense.
- 56 -
We evaluate goodwill for impairment on an annual basis in our fourth fiscal quarter or more frequently if we believe impairment indicators exist. We have elected to first assess qualitative factors to determine whether it is more likely than not that the fair value of our reporting unit is less than its carrying amount, including goodwill. The qualitative assessment includes our evaluation of relevant events and circumstances affecting our single reporting unit, including macroeconomic, industry, and market conditions, our overall financial performance, and trends in the market price of our common stock. If qualitative factors indicate that it is more likely than not that our reporting unit’s fair value is less than its carrying amount, then we will perform the quantitative impairment test by comparing our reporting unit’s carrying amount, including goodwill, to its fair value. If the carrying amount of our reporting unit exceeds its fair value, an impairment loss will be recognized in an amount equal to that excess. To date, the results of our qualitative assessment have indicated that the quantitative goodwill impairment test is not necessary.
We evaluate long-lived assets, such as property, equipment, and purchased intangible assets for impairment whenever events or changes in circumstances indicate that the carrying amount of the assets may not be recoverable. Such events or changes in circumstances include, but are not limited to, a significant decrease in the fair value of the underlying asset or asset group, a significant decrease in the benefits realized from the acquired assets, difficulty and delays in integrating the business, or a significant change in the operations of the acquired assets or use of an asset or asset group. A long-lived asset is considered impaired if its carrying amount exceeds the estimated future undiscounted cash flows the asset or asset group is expected to generate. Critical estimates in determining whether a long-lived asset is considered impaired include the amount and timing of future cash flows that the asset or asset group is expected to generate. If a long-lived asset is considered to be impaired, the impairment to be recognized is the amount by which the carrying amount of the asset exceeds the fair value of the asset or asset group, which is estimated using a present value technique. Critical estimates in determining the fair value of an asset or asset group and the amount of impairment to recognize include, but are not limited to, the amount and timing of future cash flows that the asset or asset group is expected to generate and the discount rate. Determining the fair value of an asset or asset group is highly judgmental in nature and involves the use of significant estimates and assumptions for market participants. We base our fair value estimates on assumptions we believe to be reasonable but that are unpredictable and inherently uncertain. Actual future results may differ from those estimates.
Convertible Senior Notes
In accounting for the issuance of our convertible senior notes, we separate the notes into liability and equity components. The carrying amount of the liability component is calculated by measuring the fair value of a similar liability that does not have an associated convertible feature, using a discounted cash flow model with a risk adjusted yield. The carrying amount of the equity component representing the conversion option is determined by deducting the fair value of the liability component from the par value of the notes as a whole. This difference represents a debt discount that is amortized to interest expense using the effective interest method over the term of the notes. The equity component is not remeasured as long as it continues to meet the conditions for equity classification. In accounting for the transaction costs related to the issuance of the notes, we allocate the total amount incurred to the liability and equity components using the same proportions as the proceeds from the notes. Transaction costs attributable to the liability component are netted with the liability component and amortized to interest expense using the effective interest method over the term of the notes. Transaction costs attributable to the equity component are netted with the equity component of the notes in additional paid-in capital in the consolidated balance sheets.
Recent Accounting Pronouncements
Refer to “Recently Issued Accounting Pronouncements” in Note 1. Description of Business and Summary of Significant Accounting Policies in Part II, Item 8 of this Annual Report on Form 10-K for a description of recent accounting pronouncements and our expectation of their impact, if any, on our results of operations and financial condition.
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
Foreign Currency Exchange Risk
Our sales contracts are primarily denominated in U.S. dollars. A portion of our operating expenses are incurred outside of the United States and are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the euro, Israeli shekel, British pound, Singapore dollar, Australian dollar, and Japanese yen. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our statement of operations. The effect of an immediate 10% adverse change in foreign exchange rates on monetary assets and liabilities at July 31, 2021 would not be material to our financial condition or results of operations. As of July 31, 2021, foreign currency transaction gains and losses and exchange rate fluctuations have not been material to our financial statements. We enter into foreign currency derivative contracts with maturities of 16 months or less which we designate as cash flow hedges to manage the foreign currency exchange rate risk associated with our foreign currency denominated expenditures. The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited, and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results. Refer to Note 6. Derivative Instruments in Part II, Item 8 of this Annual Report on Form 10-K for more information.
As our international operations grow, our risks associated with fluctuation in currency rates will become greater, and we will continue to reassess our approach to managing this risk. In addition, a weakening U.S. dollar can increase the costs of our international
- 57 -
expansion and a strengthening U.S. dollar can increase the real cost of our products to our end-customers outside of the United States, leading to delays in the purchase of our products and services. For additional information, see the risk factor entitled “We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and operating results” in Part 1, Item 1A of this Annual Report on Form 10-K.
Interest Rate Risk
The primary objectives of our investment activities are to preserve principal, provide liquidity, and maximize income without significantly increasing risk. Some of the securities we invest in are subject to interest risk. To minimize this risk, we maintain our portfolio of cash, cash equivalents, and short-term investments in a variety of securities, including commercial paper, money market funds, U.S. government and agency securities, and corporate debt securities. Due to the short duration and conservative nature of our investment portfolio, a movement of 10% in market interest rates would not have a material impact on our operating results and the total value of the portfolio. The effect of an immediate 10% change in interest rates at July 31, 2021 would not have been material to our operating results and the total value of the portfolio assuming consistent investment levels.
Market Risk and Market Interest Risk
In July 2018, we issued $1.7 billion aggregate principal amount of 0.75% Convertible Senior Notes due 2023 (the “2023 Notes”) and in June 2020, we issued $2.0 billion aggregate principal amount of 0.375% Convertible Senior Notes due 2025 (the “2025 Notes”). We carry these instruments at face value less unamortized discount and unamortized issuance costs on our consolidated balance sheets. As these instruments have a fixed annual interest rate, we have no financial and economic interest exposure associated with changes in interest rates. However, the fair value of fixed rate instruments fluctuates when interest rates change, and additionally, in the case of either series of Notes, when the market price of our common stock fluctuates.
- 58 -
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
- 59 -
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors of Palo Alto Networks, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Palo Alto Networks, Inc. (the Company) as of July 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders’ equity and cash flows for each of the three years in the period ended July 31, 2021, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at July 31, 2021 and 2020, and the results of its operations and its cash flows for each of the three years in the period ended July 31, 2021, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of July 31, 2021, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated September 3, 2021 expressed an unqualified opinion thereon.
Basis for Opinion
These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matters
The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate.
- 60 -
Revenue Recognition | ||||||||
Description of the Matter | As described in Note 1 to the consolidated financial statements, the Company’s contracts with customers sometimes contain multiple performance obligations, which are accounted for separately if they are distinct. In such cases, the transaction price is then allocated to the distinct performance obligations on a relative standalone selling price basis, and revenue is recognized when control of the distinct performance obligation is transferred. For example, product revenue is recognized at the time of hardware shipment or delivery of software license, and subscription and support revenue is recognized over time as the services are performed. Auditing the Company’s revenue recognition was complex, including the identification and determination of distinct performance obligations and the timing of revenue recognition. For example, there were nonstandard terms and conditions that required judgment to determine the distinct performance obligations and the impact on the timing of revenue recognition. | |||||||
How We Addressed the Matter in Our Audit | We obtained an understanding, evaluated the design and tested the operating effectiveness of the Company’s process and controls to identify and determine the distinct performance obligations and the timing of revenue recognition. To test the identification and determination of the distinct performance obligations and the timing of revenue recognition, our audit procedures included, among others, reading the executed contract and purchase order to understand the contract, identifying the performance obligation(s), determining the distinct performance obligations, and evaluating the timing of revenue recognition for a sample of individual sales transactions. We evaluated the accuracy of the Company’s contract summary documentation, specifically related to the identification and determination of distinct performance obligations and the timing of revenue recognition. | |||||||
Business Combinations | ||||||||
Description of the Matter | As described in Note 7 to the consolidated financial statements, the Company completed an acquisition of Expanse Inc. for net consideration of $797.2 million in the year ended July 31, 2021. The Company accounted for this acquisition as a business combination. Auditing the accounting for the acquisition was complex due to the significant estimation uncertainty in determining the fair values of identified intangible assets, which consisted of developed technology of $123.4 million and customer relationships of $36.9 million. The significant estimation uncertainty was primarily due to the sensitivity of the respective fair values to underlying assumptions about future performance of the acquired business and due to the limited historical data on which to base these assumptions. The significant assumptions used to form the basis of the forecasted results included revenue growth rates and technology migration curves. These significant assumptions were forward-looking and could be affected by future economic and market conditions. | |||||||
How We Addressed the Matter in Our Audit | We obtained an understanding, evaluated the design and tested the operating effectiveness of the Company’s controls over its accounting for the acquisition. This included testing controls over the estimation process supporting the recognition and measurement of identified intangible assets, and management’s judgment and evaluation of underlying assumptions and estimates with regards to the fair values of the identified intangible assets. To test the estimated fair values of the identified intangible assets, our audit procedures included, among others, reading the underlying agreements, testing management’s application of the relevant accounting guidance, and involving a specialist to assist us in the evaluation of the Company’s valuation methodology and testing of the significant assumptions. For example, we compared the revenue growth rates and technology migration curves to current industry, market and economic trends. Additionally, we tested the completeness and accuracy of the underlying data supporting the significant assumptions and estimates. | |||||||
/s/ Ernst & Young LLP
We have served as the Company’s auditor since 2009.
San Jose, California
September 3, 2021
- 61 -
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors of Palo Alto Networks, Inc.
Opinion on Internal Control Over Financial Reporting
We have audited Palo Alto Networks, Inc.’s internal control over financial reporting as of July 31, 2021, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Palo Alto Networks, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of July 31, 2021, based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of July 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders’ equity and cash flows for each of the three years in the period ended July 31, 2021, and the related notes and our report dated September 3, 2021 expressed an unqualified opinion thereon.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.
Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ Ernst & Young LLP
San Jose, California
September 3, 2021
- 62 -
Management’s Report on Internal Control Over Financial Reporting
Management’s Report on Internal Control Over Financial Reporting
The management of Palo Alto Networks, Inc. (the “Company”) is responsible for establishing and maintaining adequate internal control over financial reporting as defined in Rules 13a-15(f) and 15d-15(f) under the Securities Exchange Act of 1934 for the Company. The Company’s internal control over financial reporting is a process designed under the supervision of the Company’s principal executive and principal financial officers to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the Company’s financial statements for external purposes in accordance with U.S. generally accepted accounting principles.
The Company’s internal control over financial reporting includes those policies and procedures that: (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the Company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with U.S. generally accepted accounting principles, and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the Company’s assets that could have a material effect on the Consolidated Financial Statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Management assessed the effectiveness of the Company’s internal control over financial reporting as of July 31, 2021, based on the framework set forth by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) in Internal Control - Integrated Framework (2013 framework). Based on that assessment, management concluded that, as of July 31, 2021, the Company’s internal control over financial reporting was effective.
The effectiveness of the Company’s internal control over financial reporting as of July 31, 2021, has been audited by Ernst & Young LLP, the independent registered public accounting firm that audits the Company’s Consolidated Financial Statements, as stated in their report preceding this report, which expresses an unqualified opinion on the effectiveness of the Company’s internal control over financial reporting as of July 31, 2021.
- 63 -
PALO ALTO NETWORKS, INC.
CONSOLIDATED BALANCE SHEETS
(In millions, except per share data)
| July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| Assets | |||||||||||
| Current assets: | |||||||||||
| Cash and cash equivalents | $ | $ | |||||||||
| Short-term investments | |||||||||||
Accounts receivable, net of allowance for credit losses of $ | |||||||||||
| Short-term deferred contract costs | |||||||||||
| Prepaid expenses and other current assets | |||||||||||
| Total current assets | |||||||||||
| Property and equipment, net | |||||||||||
| Operating lease right-of-use assets | |||||||||||
| Long-term investments | |||||||||||
| Long-term deferred contract costs | |||||||||||
| Goodwill | |||||||||||
| Intangible assets, net | |||||||||||
| Other assets | |||||||||||
| Total assets | $ | $ | |||||||||
| Liabilities, temporary equity and stockholders’ equity | |||||||||||
| Current liabilities: | |||||||||||
| Accounts payable | $ | $ | |||||||||
| Accrued compensation | |||||||||||
| Accrued and other liabilities | |||||||||||
| Deferred revenue | |||||||||||
| Convertible senior notes, net | |||||||||||
| Total current liabilities | |||||||||||
| Convertible senior notes, net | |||||||||||
| Long-term deferred revenue | |||||||||||
| Long-term operating lease liabilities | |||||||||||
| Other long-term liabilities | |||||||||||
Commitments and contingencies (Note 12) | |||||||||||
| Temporary equity | |||||||||||
| Stockholders’ equity: | |||||||||||
Preferred stock; $ | |||||||||||
Common stock and additional paid-in capital; $ | |||||||||||
| Accumulated other comprehensive income (loss) | ( | ||||||||||
| Accumulated deficit | ( | ( | |||||||||
| Total stockholders’ equity | |||||||||||
| Total liabilities, temporary equity and stockholders’ equity | $ | $ | |||||||||
See notes to consolidated financial statements.
- 64 -
PALO ALTO NETWORKS, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(In millions, except per share data)
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Revenue: | |||||||||||||||||
| Product | $ | $ | $ | ||||||||||||||
| Subscription and support | |||||||||||||||||
| Total revenue | |||||||||||||||||
| Cost of revenue: | |||||||||||||||||
| Product | |||||||||||||||||
| Subscription and support | |||||||||||||||||
| Total cost of revenue | |||||||||||||||||
| Total gross profit | |||||||||||||||||
| Operating expenses: | |||||||||||||||||
| Research and development | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| General and administrative | |||||||||||||||||
| Total operating expenses | |||||||||||||||||
Operating loss | ( | ( | ( | ||||||||||||||
| Interest expense | ( | ( | ( | ||||||||||||||
| Other income, net | |||||||||||||||||
Loss before income taxes | ( | ( | ( | ||||||||||||||
| Provision for income taxes | |||||||||||||||||
Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Net loss per share, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
| Weighted-average shares used to compute net loss per share, basic and diluted | |||||||||||||||||
See notes to consolidated financial statements.
- 65 -
PALO ALTO NETWORKS, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(In millions)
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
Other comprehensive income (loss), net of tax: | |||||||||||||||||
Change in unrealized gains (losses) on investments | ( | ||||||||||||||||
Change in unrealized gains (losses) on cash flow hedges | ( | ||||||||||||||||
Other comprehensive income (loss) | ( | ||||||||||||||||
Comprehensive loss | $ | ( | $ | ( | $ | ( | |||||||||||
See notes to consolidated financial statements.
- 66 -
PALO ALTO NETWORKS, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(In millions)
| Common Stock and Additional Paid-In Capital | Accumulated Other Comprehensive Income (Loss) | Accumulated Deficit | Total Stockholders’ Equity | ||||||||||||||||||||||||||
| Shares | Amount | ||||||||||||||||||||||||||||
| Balance as of July 31, 2018 | $ | $ | ( | $ | ( | $ | |||||||||||||||||||||||
| Cumulative-effect adjustment from adoption of new accounting pronouncement | — | — | — | ( | ( | ||||||||||||||||||||||||
| Net loss | — | — | — | ( | ( | ||||||||||||||||||||||||
| Other comprehensive income | — | — | — | ||||||||||||||||||||||||||
| Issuance of common stock in connection with employee equity incentive plans | — | — | |||||||||||||||||||||||||||
| Taxes paid related to net share settlement of equity awards | — | ( | — | — | ( | ||||||||||||||||||||||||
| Share-based compensation for equity-based awards | — | — | — | ||||||||||||||||||||||||||
| Repurchase and retirement of common stock | ( | ( | — | — | ( | ||||||||||||||||||||||||
| Temporary equity reclassification | — | — | — | ||||||||||||||||||||||||||
| Settlement of convertible notes | ( | — | — | ( | |||||||||||||||||||||||||
| Common stock received from exercise of note hedges | ( | — | — | — | — | ||||||||||||||||||||||||
| Issuance of common and restricted common stock in connection with acquisitions | — | — | |||||||||||||||||||||||||||
| Balance as of July 31, 2019 | ( | ( | |||||||||||||||||||||||||||
| Net loss | — | — | — | ( | ( | ||||||||||||||||||||||||
| Other comprehensive income | — | — | — | ||||||||||||||||||||||||||
| Issuance of common stock in connection with employee equity incentive plans | — | — | |||||||||||||||||||||||||||
| Taxes paid related to net share settlement of equity awards | — | ( | — | — | ( | ||||||||||||||||||||||||
| Share-based compensation for equity-based awards | — | — | — | ||||||||||||||||||||||||||
| Repurchase and retirement of common stock | ( | ( | — | — | ( | ||||||||||||||||||||||||
| Settlement of warrants | — | — | — | — | |||||||||||||||||||||||||
| Equity component of convertible senior notes, net | — | — | — | ||||||||||||||||||||||||||
| Issuance of warrants | — | — | — | ||||||||||||||||||||||||||
| Purchase of note hedges | — | ( | — | — | ( | ||||||||||||||||||||||||
| Balance as of July 31, 2020 | ( | ||||||||||||||||||||||||||||
| Net loss | — | — | — | ( | ( | ||||||||||||||||||||||||
| Other comprehensive loss | — | — | ( | — | ( | ||||||||||||||||||||||||
| Issuance of common stock in connection with employee equity incentive plans | — | — | |||||||||||||||||||||||||||
| Taxes paid related to net share settlement of equity awards | — | ( | — | — | ( | ||||||||||||||||||||||||
| Share-based compensation for equity-based awards | — | — | — | ||||||||||||||||||||||||||
| Repurchase and retirement of common stock | ( | ( | — | — | ( | ||||||||||||||||||||||||
| Issuance of common and restricted common stock in connection with acquisitions | — | — | |||||||||||||||||||||||||||
| Temporary equity reclassification | — | ( | — | — | ( | ||||||||||||||||||||||||
| Balance as of July 31, 2021 | $ | $ | ( | $ | ( | $ | |||||||||||||||||||||||
See notes to consolidated financial statements.
- 67 -
PALO ALTO NETWORKS, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(In millions)
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Cash flows from operating activities | |||||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Adjustments to reconcile net loss to net cash provided by operating activities: | |||||||||||||||||
| Share-based compensation for equity-based awards | |||||||||||||||||
| Depreciation and amortization | |||||||||||||||||
| (Gain) loss related to facility exit | ( | ||||||||||||||||
| Amortization of deferred contract costs | |||||||||||||||||
| Amortization of debt discount and debt issuance costs | |||||||||||||||||
| Amortization of operating lease right-of-use assets | |||||||||||||||||
| Amortization of investment premiums, net of accretion of purchase discounts | ( | ( | |||||||||||||||
| Loss on conversions of convertible senior notes | |||||||||||||||||
| Repayments of convertible senior notes attributable to debt discount | ( | ( | |||||||||||||||
| Changes in operating assets and liabilities, net of effects of acquisitions: | |||||||||||||||||
| Accounts receivable, net | ( | ( | ( | ||||||||||||||
| Deferred contract costs | ( | ( | ( | ||||||||||||||
| Prepaid expenses and other assets | ( | ( | |||||||||||||||
| Accounts payable | ( | ( | |||||||||||||||
| Accrued compensation | |||||||||||||||||
| Accrued and other liabilities | ( | ( | ( | ||||||||||||||
| Deferred revenue | |||||||||||||||||
| Net cash provided by operating activities | |||||||||||||||||
| Cash flows from investing activities | |||||||||||||||||
| Purchases of investments | ( | ( | ( | ||||||||||||||
| Proceeds from sales of investments | |||||||||||||||||
| Proceeds from maturities of investments | |||||||||||||||||
| Business acquisitions, net of cash acquired | ( | ( | ( | ||||||||||||||
| Purchases of property, equipment, and other assets | ( | ( | ( | ||||||||||||||
| Net cash provided by (used in) investing activities | ( | ( | |||||||||||||||
| Cash flows from financing activities | |||||||||||||||||
| Repayments of convertible senior notes attributable to principal and equity component | ( | ( | |||||||||||||||
| Payments for debt issuance costs | ( | ( | |||||||||||||||
| Proceeds from borrowings on convertible senior notes, net | |||||||||||||||||
| Proceeds from issuance of warrants | |||||||||||||||||
| Purchase of note hedges | ( | ||||||||||||||||
| Repurchases of common stock | ( | ( | ( | ||||||||||||||
| Proceeds from sales of shares through employee equity incentive plans | |||||||||||||||||
| Payments for taxes related to net share settlement of equity awards | ( | ( | ( | ||||||||||||||
| Payment of deferred consideration related to prior year business acquisition | ( | ( | |||||||||||||||
| Net cash provided by (used in) financing activities | ( | ( | |||||||||||||||
Net increase (decrease) in cash, cash equivalents, and restricted cash | ( | ( | |||||||||||||||
| Cash, cash equivalents, and restricted cash—beginning of period | |||||||||||||||||
| Cash, cash equivalents, and restricted cash—end of period | $ | $ | $ | ||||||||||||||
| Reconciliation of cash, cash equivalents, and restricted cash to the consolidated balance sheets | |||||||||||||||||
| Cash and cash equivalents | $ | $ | $ | ||||||||||||||
| Restricted cash included in prepaid expenses and other current assets | |||||||||||||||||
| Restricted cash included in other assets | |||||||||||||||||
| Total cash, cash equivalents, and restricted cash | $ | $ | $ | ||||||||||||||
| Non-cash investing and financing activities | |||||||||||||||||
| Equity consideration for business acquisitions | $ | ( | $ | ( | $ | ( | |||||||||||
| Supplemental disclosures of cash flow information | |||||||||||||||||
| Cash paid for income taxes | $ | $ | $ | ||||||||||||||
| Cash paid for contractual interest | $ | $ | $ | ||||||||||||||
See notes to consolidated financial statements.
- 68 -
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
1. Description of Business and Summary of Significant Accounting Policies
Description of Business
Palo Alto Networks, Inc. (the “Company,” “we,” “us,” or “our”), headquartered in Santa Clara, California, was incorporated in March 2005 under the laws of the State of Delaware and commenced operations in April 2005. We empower enterprises, service providers, and government entities to secure all users, applications, data, networks, clouds and devices with comprehensive visibility and context, continuously, across all locations.
Principles of Consolidation
The consolidated financial statements include our accounts and our wholly owned subsidiaries. All significant intercompany balances and transactions have been eliminated in consolidation.
Use of Estimates
The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenues and expenses during the reporting period. Such management estimates include, but are not limited to, the standalone selling price for our products and services, share-based compensation, fair value of assets acquired and liabilities assumed in business combinations, identified intangibles and goodwill, valuation allowance against deferred tax assets, manufacturing partner and supplier liabilities, fair value of debt component of convertible notes, interest rate for operating lease liabilities, deferred contract cost benefit period, and loss contingencies. We base our estimates on historical experience and also on assumptions that we believe are reasonable. Actual results could differ materially from those estimates due to risks and uncertainties, including uncertainty in the current economic environment due to the global impact of COVID-19.
Concentrations
Financial instruments that subject us to concentrations of credit risk consist primarily of cash and cash equivalents, investments, derivative contracts, accounts receivable and financing receivables.
We invest only in high-quality credit instruments and maintain our cash and cash equivalents and available-for-sale investments in fixed income securities. Management believes that the financial institutions that hold our investments are financially sound and, accordingly, are subject to minimal credit risk. Deposits held with banks may exceed the amount of insurance provided on such deposits.
Our derivative contracts expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the arrangement. We mitigate this credit risk by transacting with major financial institutions with high credit ratings and also enter into master netting arrangements, which permit net settlement of transactions with the same counterparty. We are not required to pledge, and are not entitled to receive, cash collateral related to these derivative instruments. We do not enter into derivative contracts for trading or speculative purposes.
Our accounts receivable are primarily derived from our distributors in various geographical locations. Our financing receivables are with certain qualified end-customers. We perform ongoing credit evaluations and generally do not require collateral on accounts receivable or financing receivables.
As of July 31, 2021, four distributors individually represented 10% or more of our gross accounts receivable, and in the aggregate represented 56.6 % of our gross accounts receivable. As of July 31, 2021, four end-customers represented 10% or more of our gross financing receivables, and in aggregate represented 67.0 % of our gross financing receivables.
For fiscal 2021, three distributors represented 10% or more of our total revenue, representing 33.2 %, 12.2 %, and 10.6 %, respectively. No
We rely on an electronics manufacturing services provider (“EMS provider”) to assemble most of our products and sole source component suppliers for a certain number of our components.
- 69 -
Foreign Currency Transactions
The functional currency of our foreign subsidiaries is the U.S. dollar. Monetary assets and liabilities denominated in foreign currencies have been remeasured into U.S. dollars using the exchange rates in effect at the balance sheet dates. Foreign currency remeasurement gains and losses and foreign currency transaction gains and losses are not significant to the financial statements.
Fair Value
We define fair value as the price that would be received from selling an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. When determining the fair value measurements for assets and liabilities which are required to be recorded at fair value, we consider the principal or most advantageous market in which to transact and the market-based risk. We apply fair value accounting for all financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. Goodwill, intangible assets, and other long-lived assets are measured at fair value on a nonrecurring basis, only if impairment is indicated. The carrying amounts reported in the consolidated financial statements approximate the fair value for cash and cash equivalents, accounts receivable, accounts payable, and accrued liabilities, due to their short-term nature.
Cash, Cash Equivalents, and Investments
We consider all highly liquid investments with original maturities of three months or less at the date of purchase to be cash equivalents. Investments not considered cash equivalents, and with maturities of one year or less from the consolidated balance sheet date, are classified as short-term investments. Investments with maturities greater than one year from the consolidated balance sheet date are classified as long-term investments.
We classify our investments in marketable debt securities as available-for-sale at the time of purchase. When the fair value of a security is below its amortized cost, the amortized cost will be reduced to its fair value if it is more likely than not that we are required to sell the impaired security before recovery of its amortized cost basis, or we have the intention to sell the security. If neither of these conditions are met, we determine whether the impairment is due to credit losses by comparing the present value of the expected cash flows of the security with its amortized cost basis. The amount of impairment recognized is limited to the excess of the amortized cost over the fair value of the security. An allowance for credit losses for the excess of amortized cost over the expected cash flows is recorded in other income, net in our consolidated statements of operations. Impairment losses that are not credit-related are included in accumulated other comprehensive income (loss) (“AOCI”) in stockholders’ equity.
Financing Receivables
We provide financing arrangements, primarily loans, for certain qualified end-user customers to purchase our products and services. Payment terms on these financing arrangements are up to five years . We evaluate our allowance for credit losses by assessing the risks and losses inherent in our financing receivables on either an individual or a collective basis. Our assessment considers various factors, including lifetime expected losses determined using customer risk profile, current economic conditions that may affect a customer’s ability to pay, and forward-looking economic considerations. Financing receivables are written off when they are considered uncollectible, and related outstanding balances are reversed and charged against the allowance for credit losses. Short-term financing receivables are included in prepaid expenses and other current assets, and long-term financing receivables are included in other assets on our consolidated balance sheets. For the years ended July 31, 2021 and 2020, the allowance for credit losses activity was not significant. Refer to Note 5. Financing Receivables for additional information.
Derivatives
As a global business, we are exposed to currency exchange rate risk. Substantially all of our revenue is transacted in U.S. dollars, however, a portion of our operating expenditures are incurred outside of the United States and are denominated in foreign currencies, making them subject to fluctuations in foreign currency exchange rates. We enter into foreign currency derivative contracts with maturities of 16 months or less, which we designate as cash flow hedges, to manage the foreign currency exchange rate risk associated with these expenditures.
Our derivative financial instruments are recorded at fair value, on a gross basis, as either assets or liabilities in our consolidated balance sheets. Gains or losses related to our cash flow hedges are recorded as a component of AOCI in our consolidated balance sheets and are reclassified into the financial statement line item associated with the underlying hedged transaction in our consolidated
- 70 -
Property and Equipment
Property and equipment are stated at cost, less accumulated depreciation. Depreciation is computed using the straight-line method over the estimated useful lives of the assets, generally to ten years . Leasehold improvements are depreciated over the shorter of the estimated useful lives of the improvements or the remaining lease term. Land is not depreciated.
Business Combinations
We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate the fair value of the purchase price of our acquisitions to the tangible assets acquired, liabilities assumed, and intangible assets acquired, based on their estimated fair values. The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. Additional information existing as of the acquisition date but unknown to us may become known during the remainder of the measurement period, not to exceed 12 months from the acquisition date, which may result in changes to the amounts and allocations recorded.
Intangible Assets
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated useful lives of the respective assets.
Impairment of Goodwill, Intangible Assets, and Other Long-Lived Assets
Goodwill is evaluated for impairment on an annual basis in the fourth quarter of our fiscal year, and whenever events or changes in circumstances indicate the carrying amount of goodwill may not be recoverable. We have elected to first assess qualitative factors to determine whether it is more likely than not that the fair value of our single reporting unit is less than its carrying amount, including goodwill. If we determine that it is more likely than not that the fair value of our single reporting unit is less than its carrying amount, then the quantitative impairment test will be performed. Under the quantitative impairment test, if the carrying amount of our single reporting unit exceeds its fair value, we will recognize an impairment loss in an amount equal to that excess but limited to the total amount of goodwill.
We evaluate events and changes in circumstances that could indicate carrying amounts of purchased intangible assets and other long-lived assets may not be recoverable. When such events or changes in circumstances occur, we assess the recoverability of these assets by determining whether or not the carrying amount will be recovered through undiscounted expected future cash flows. If the total of the future undiscounted cash flows is less than the carrying amount of an asset, we record an impairment loss for the amount by which the carrying amount of the asset exceeds the fair value of the asset.
We did no
Convertible Senior Notes
In accounting for the issuance of our convertible senior notes, we separate the notes into liability and equity components. The carrying amount of the liability component is calculated by measuring the fair value of a similar liability that does not have an associated convertible feature, using a discounted cash flow model with a risk adjusted yield. The carrying amount of the equity component representing the conversion option is determined by deducting the fair value of the liability component from the par value of the notes as a whole. This difference represents a debt discount that is amortized to interest expense using the effective interest
- 71 -
Revenue Recognition
Our revenue consists of product revenue and subscription and support revenue. Revenue is recognized when control of promised products, subscriptions and support services are transferred to customers, in an amount that reflects the expected consideration in exchange for those products and services.
We determine revenue recognition through the following steps:
•Identification of the contract, or contracts, with a customer.
•Identification of the performance obligations in the contract.
•Determination of the transaction price.
•Allocation of the transaction price to the performance obligations in the contract.
•Recognition of revenue when, or as, we satisfy a performance obligation.
Revenues are reported net of sales taxes. Shipping charges billed to channel partners are included in revenues and related costs are included in cost of revenue.
Product Revenue
Product revenue is derived primarily from sales of our appliances. Product revenue also includes revenue derived from software licenses of Panorama and the VM-Series. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. We recognize product revenue at the time of hardware shipment or delivery of software license.
Subscription and Support Revenue
Subscription and support revenue is derived primarily from sales of our subscription and support offerings. We recognize subscription and support revenue over time as the services are performed. Our contractual subscription and support contracts are typically to five years .
Contracts with Multiple Performance Obligations
The majority of our contracts with our customers include various combinations of our products and subscriptions and support. Our appliances and software licenses have significant standalone functionalities and capabilities. Accordingly, these appliances and software licenses are distinct from our subscriptions and support services as the customer can benefit from the product without these services and such services are separately identifiable within the contract. We account for multiple agreements with a single customer as a single contract if the contractual terms and/or substance of those agreements indicate that they may be so closely related that they are, in effect, parts of a single contract. The amount of consideration we expect to receive in exchange for delivering on the contract is allocated to each performance obligation based on its relative standalone selling price. If a contract contains a single performance obligation, no allocation is required.
We establish standalone selling price using the prices charged for a deliverable when sold separately. If the standalone selling price is not observable through past transactions, we estimate the standalone selling price based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (reseller, distributor, or end-customer), the geographies in which our offerings were sold (domestic or international), and offering type (products, subscriptions, or support).
Deferred Revenue
Deferred Contract Costs
We defer contract costs that are recoverable and incremental to obtaining customer sales contracts. Contract costs, which primarily consist of sales commissions, are amortized on a systematic basis that is consistent with the transfer to the customer of the goods or services to which the asset relates. Sales commissions paid for initial contracts are generally not commensurate with the
- 72 -
Software Development Costs
Internally developed software includes security software developed to meet our internal needs to provide cloud-based subscription offerings to our end-customers and business software that we customize to meet our specific operational needs. These capitalized costs consist of internal compensation related costs and external direct costs incurred during the application development stage and will be amortized over a useful life of to five years . As of July 31, 2021 and 2020, we capitalized as other assets on our consolidated balance sheets $114.8 million and $90.1 million in costs, respectively, net of accumulated amortization, for security software developed to meet our internal needs to provide our cloud-based subscription offerings. We recognized amortization expense of $47.8 million, $31.3 million, and $12.9 million related to these capitalized costs as cost of subscription and support revenue in our consolidated statements of operations during the years ended July 31, 2021, 2020, and 2019, respectively.
The costs to develop software that is marketed externally have not been capitalized as we believe our current software development process is essentially completed concurrent with the establishment of technological feasibility. As such, all related software development costs are expensed as incurred and included in research and development expense in our consolidated statements of operations.
Share-Based Compensation
Compensation expense related to share-based transactions, including employee and non-employee director awards, is measured and recognized in the financial statements based on fair value on the grant date. We recognize share-based compensation expense for awards with only service conditions on a straight-line basis over the requisite service period of the related award. We recognize share-based compensation expense for awards with market conditions and awards with performance conditions on a straight-line basis over the requisite service period for each separately vesting portion of the award and, for awards with performance conditions, when it is probable that the performance condition will be achieved. We account for forfeitures of all share-based payment awards when they occur.
Leases
We determine if an arrangement is a lease at inception. We evaluate the classification of leases at commencement and, as necessary, at modification. Operating leases are included in operating lease right-of-use assets, accrued and other liabilities, and long-term operating lease liabilities on our consolidated balance sheets. We did not have any material finance leases in any of the periods presented.
Operating lease right-of-use assets represent our right to use an underlying asset for the lease term. Operating lease liabilities represent our obligation to make payments arising from the lease. Operating lease right-of-use assets and liabilities are recognized at the present value of the future lease payments at the lease commencement date. The interest rate used to determine the present value of the future lease payments is our incremental borrowing rate, because the interest rates implicit in most of our leases are not readily determinable. Our incremental borrowing rate is estimated to approximate the interest rate on a collateralized basis with similar terms and payments, and in economic environments where the leased asset is located. Operating lease right-of-use assets also include adjustments related to lease incentives, prepaid or accrued rent and initial direct lease costs. Operating lease right-of-use assets are subject to evaluation for impairment or disposal on a basis consistent with other long-lived assets.
Our lease terms may include periods under options to extend or terminate the lease when it is reasonably certain that we will exercise that option. We generally use the base, non-cancelable lease term when determining the lease assets and liabilities. Operating lease cost is recognized on a straight-line basis over the lease term.
We account for lease and non-lease components as a single lease component and do not recognize right-of-use assets and lease liabilities for leases with a term of 12 months or less. Payments under our lease arrangements are primarily fixed, however, certain lease agreements contain variable payments, which are expensed as incurred and not included in the operating lease right-of-use assets and liabilities. Variable lease payments are primarily comprised of real estate taxes, common area maintenance, and insurance.
- 73 -
Income Taxes
We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates of future taxable income, and the feasibility of tax planning strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.
We apply the authoritative accounting guidance prescribing a threshold and measurement attribute for the financial recognition and measurement of a tax position taken or expected to be taken in a tax return. We recognize liabilities for uncertain tax positions based on a two-step process. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step requires us to estimate and measure the tax benefit as the largest amount that is more likely than not to be realized upon ultimate settlement.
Loss Contingencies
We are subject to the possibility of various loss contingencies arising in the ordinary course of business. In determining loss contingencies, we consider the likelihood of loss or impairment of an asset, or the incurrence of a liability, as well as our ability to reasonably estimate the amount of loss. An estimated loss contingency is accrued when it is probable that an asset has been impaired, or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted, or a range of possible loss should be disclosed.
Recently Adopted Accounting Pronouncements
Credit Losses
In June 2016, the Financial Accounting Standards Board (“FASB”) issued new authoritative guidance on the accounting for credit losses on most financial assets and certain financial instruments. The standard replaces the incurred loss model with an expected credit loss model for off-balance sheet credit exposures and financial assets measured at amortized cost, including trade accounts receivables and financing receivables. Credit losses on available-for-sale debt securities are required to be recorded through an allowance rather than as a write-down.
We adopted this standard in our first quarter of fiscal 2021 using the modified-retrospective approach. The adoption of this standard did not have a material impact on our consolidated financial statements.
Recently Issued Accounting Pronouncements
Debt with Conversion Options
In August 2020, the FASB issued new authoritative guidance to simplify the accounting for certain financial instruments with characteristics of liabilities and equity, including convertible instruments and contracts on an entity’s own equity. The standard reduces the number of models used to account for convertible instruments and simplifies both the classification of debt on the balance sheet and the earnings per share calculation.
We intend to early adopt this standard in our first quarter of fiscal 2022 using the modified-retrospective approach, under which, financial results reported in periods prior to fiscal 2022 will not be adjusted. We expect the adoption of this standard to result in a decrease to accumulated deficit of $266.6 million, a decrease to additional paid-in capital of $711.0 million, and an increase to convertible senior notes, net of $444.4 million. Interest expense recognized in future periods will be reduced as a result of accounting for our convertible debt instrument as a single liability measured at its amortized cost.
- 74 -
2. Revenue
Disaggregation of Revenue
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Revenue: | |||||||||||||||||
| Americas | |||||||||||||||||
| United States | $ | $ | $ | ||||||||||||||
| Other Americas | |||||||||||||||||
| Total Americas | |||||||||||||||||
| Europe, the Middle East, and Africa (“EMEA”) | |||||||||||||||||
| Asia Pacific and Japan (“APAC”) | |||||||||||||||||
| Total revenue | $ | $ | $ | ||||||||||||||
The following table presents revenue for groups of similar products and services (in millions):
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Revenue: | |||||||||||||||||
| Product | $ | $ | $ | ||||||||||||||
| Subscription and support | |||||||||||||||||
| Subscription | |||||||||||||||||
| Support | |||||||||||||||||
| Total subscription and support | |||||||||||||||||
| Total revenue | $ | $ | $ | ||||||||||||||
Deferred Revenue
During the years ended July 31, 2021 and July 31, 2020, we recognized approximately $2.0 billion and $1.5 billion of revenue pertaining to amounts that were deferred as of July 31, 2020 and July 31, 2019, respectively.
Remaining Performance Obligations
Revenue expected to be recognized from remaining performance obligations was $5.9 billion as of July 31, 2021, of which we expect to recognize approximately $3.1 billion over the next 12 months and the remainder thereafter.
3. Fair Value Measurements
We categorize assets and liabilities recorded or disclosed at fair value on our consolidated balance sheets based upon the level of judgment associated with inputs used to measure their fair value. The categories are as follows:
•Level 1—Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.
•Level 2—Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.
•Level 3—Inputs are unobservable inputs based on our own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.
- 75 -
| July 31, 2021 | July 31, 2020 | |||||||||||||||||||||||||||||||||||||||||||||||||
| Level 1 | Level 2 | Level 3 | Total | Level 1 | Level 2 | Level 3 | Total | |||||||||||||||||||||||||||||||||||||||||||
| Cash equivalents: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Money market funds | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||
| Certificates of deposit | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Corporate debt securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| U.S. government and agency securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total cash equivalents | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Short-term investments: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Certificates of deposit | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Corporate debt securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| U.S. government and agency securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Non-U.S. government and agency securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total short-term investments | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Long-term investments: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Certificates of deposit | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Corporate debt securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| U.S. government and agency securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Non-U.S. government and agency securities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total long-term investments | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Prepaid expenses and other current assets: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency forward contracts | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total prepaid expenses and other current assets | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Other assets: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency forward contracts | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total other assets | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total assets measured at fair value | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||
| Accrued and other liabilities: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency forward contracts | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||
| Total accrued and other liabilities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Other long-term liabilities: | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency forward contracts | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total other long-term liabilities | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Total liabilities measured at fair value | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||
Refer to Note 10. Debt, for the carrying amount and estimated fair value of our convertible senior notes as of July 31, 2021 and July 31, 2020.
- 76 -
4. Cash Equivalents and Investments
Available-for-sale Debt Securities
The following tables summarize the amortized cost, unrealized gains and losses, and fair value of our available-for-sale debt securities as of July 31, 2021 and July 31, 2020 (in millions):
| July 31, 2021 | |||||||||||||||||||||||
| Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | ||||||||||||||||||||
| Cash equivalents: | |||||||||||||||||||||||
| Certificates of deposit | $ | $ | $ | $ | |||||||||||||||||||
| Corporate debt securities | |||||||||||||||||||||||
| U.S. government and agency securities | |||||||||||||||||||||||
| Total available-for-sale cash equivalents | $ | $ | $ | $ | |||||||||||||||||||
| Investments: | |||||||||||||||||||||||
| Certificates of deposit | $ | $ | $ | $ | |||||||||||||||||||
| Corporate debt securities | ( | ||||||||||||||||||||||
| U.S. government and agency securities | |||||||||||||||||||||||
| Non-U.S. government and agency securities | |||||||||||||||||||||||
| Total available-for-sale investments | $ | $ | $ | ( | $ | ||||||||||||||||||
| July 31, 2020 | |||||||||||||||||||||||
| Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | ||||||||||||||||||||
| Cash equivalents: | |||||||||||||||||||||||
| U.S. government and agency securities | $ | $ | $ | $ | |||||||||||||||||||
| Total available-for-sale cash equivalents | $ | $ | $ | $ | |||||||||||||||||||
| Investments: | |||||||||||||||||||||||
| Certificates of deposit | $ | $ | $ | $ | |||||||||||||||||||
| Corporate debt securities | |||||||||||||||||||||||
| U.S. government and agency securities | ( | ||||||||||||||||||||||
| Non-U.S. government and agent securities | |||||||||||||||||||||||
| Total available-for-sale investments | $ | $ | $ | ( | $ | ||||||||||||||||||
We do not intend to sell any of the securities in an unrealized loss position and it is not likely that we would be required to sell these securities before recovery of their amortized cost basis, which may be at maturity. We did not recognize any credit losses related to our available-for-sale debt securities during the year ended July 31, 2021, and there were no other-than-temporary impairments for these securities during the year ended July 31, 2020.
| Amortized Cost | Fair Value | ||||||||||
| Due within one year | $ | $ | |||||||||
| Due between one and three years | |||||||||||
| Total | $ | $ | |||||||||
Marketable Equity Securities
Marketable equity securities consist of money market funds and are included in cash and cash equivalents in our consolidated balance sheets. As of July 31, 2021 and 2020, the carrying value of our marketable equity securities were $124.2 million and $1.6 billion, respectively. There were no
- 77 -
5. Financing Receivables
The following table summarizes our short-term and long-term financing receivables as of July 31, 2021 (in millions):
| Amount | ||||||||
Short-term financing receivables, gross | $ | |||||||
| Allowance for credit losses | ( | |||||||
Short-term financing receivables, net | $ | |||||||
Long-term financing receivables, gross | $ | |||||||
| Allowance for credit losses | ( | |||||||
Long-term financing receivables, net | $ | |||||||
6. Derivative Instruments
As of July 31, 2021 and 2020, the total notional amount of our outstanding foreign currency forward contracts was $531.9 million and $443.6 million, respectively. Refer to Note 3. Fair Value Measurements for the fair value of our derivative instruments as reported on our consolidated balance sheets as of July 31, 2021.
During the years ended July 31, 2021, 2020, and 2019, both unrealized gains and losses recognized in AOCI related to our cash flow hedges and amounts reclassified into earnings were not material. Unrealized gains and losses in AOCI related to our cash flow hedges as of July 31, 2021 and July 31, 2020 were not material.
7. Acquisitions
Fiscal 2021
Bridgecrew Inc.
On March 2, 2021, we completed our acquisition of Bridgecrew Inc. (“Bridgecrew”), a privately-held cloud security company. We expect the acquisition will expand our Prisma Cloud offering to deliver security across the full application lifecycle. The total purchase consideration for the acquisition of Bridgecrew was $156.9 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued $42.5 million of replacement awards, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Bridgecrew technology into our platforms. The goodwill is not deductible for income tax purposes.
- 78 -
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
Expanse Inc.
On December 15, 2020, we completed our acquisition of Expanse Inc. (“Expanse”), a privately-held company specializing in attack surface management. We expect the acquisition will enrich our Cortex offerings and provide organizations an integrated view of the enterprise to combine external, internal, and threat data. The total purchase consideration for the acquisition of Expanse was $797.2 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
Common stock ( | |||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued replacement equity awards, which included 0.2 million shares of our restricted common stock. The total fair value of the replacement equity awards was $160.0 million, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Expanse technology into our platforms. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
Sinefa Group, Inc.
On November 24, 2020, we completed our acquisition of Sinefa Group, Inc. and its wholly owned subsidiaries (“Sinefa”), a privately-held digital experience monitoring company. We expect the acquisition will extend our Prisma Access offering. The total purchase consideration for the acquisition of Sinefa was $27.0 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued $11.5 million of replacement equity awards, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
- 79 -
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Sinefa technology into our platforms. The goodwill is deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
The Crypsis Group
On September 17, 2020, we completed our acquisition of The Crypsis Group (“Crypsis”), an incident response, risk management, and digital forensics consulting firm. We expect the acquisition will expand our capabilities and strengthen our Cortex strategy. The total purchase consideration for the acquisition of Crypsis was $227.7 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued $27.1 million of replacement awards, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Net assets acquired | |||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Crypsis technology into our platforms. The goodwill is deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
- 80 -
Fiscal 2020
CloudGenix Inc.
On April 21, 2020, we completed our acquisition of CloudGenix, Inc. (“CloudGenix”), a privately-held company. We believe the acquisition will strengthen our secure access service edge (“SASE”) offering. The tota l purchase consideration for the acquisition of CloudGenix was $402.7 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued $30.3 million of replacement awards, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating CloudGenix technology into our portfolio. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
| Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
Aporeto, Inc.
On December 23, 2019, we completed our acquisition of Aporeto, Inc. (“Aporeto”), a privately-held machine identity-based microsegmentation company. We believe the acquisition will strengthen our cloud-native security platform capabilities delivered by Prisma Cloud. The total purchase consideration for the acquisition of Aporeto was $144.1 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement awards | |||||
| Total | $ | ||||
As part of the acquisition, we issued $16.4 million of replacement awards, of which the portion attributable to services performed prior to the acquisition date was allocated to purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
- 81 -
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Aporeto’s technology into our platform. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
| Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
Zingbox, Inc.
On September 20, 2019, we completed our acquisition of Zingbox, Inc. (“Zingbox”), a privately-held Internet of Things (“IoT”) security company. We believe the acquisition will accelerate our delivery of IoT security through our ML-Powered Next-Generation Firewall and Cortex offerings. The total purchase consideration for the acquisition of Zingbox was $66.4 million in cash.
As part of the acquisition, we issued replacement equity awards with a total fair value of $5.7 million, which will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Zingbox’s technology into our portfolio. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
| Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
Fiscal 2019
Twistlock Ltd.
On July 9, 2019, we completed our acquisition of Twistlock Ltd. (“Twistlock”), a privately-held company specializing in container security. The acquisition extends our cloud security strategy with the addition of Twistlock to our Prisma cloud security offerings. The total purchase consideration for the acquisition of Twistlock was $378.1 million, which consisted of the following (in
- 82 -
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement equity awards | |||||
| Total purchase consideration | $ | ||||
As part of the acquisition, we issued replacement equity awards, which included 0.1 million shares of our restricted common stock. The total fair value of the replacement equity awards was $51.8 million, of which the portion attributable to services performed prior to the acquisition date was allocated to the purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash and cash equivalents | |||||
| Net assets acquired | |||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Twistlock’s product into our platform. The goodwill is deductible for U.S. income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
PureSec Ltd.
On June 12, 2019, we completed our acquisition of PureSec Ltd. (“PureSec”), a privately-held company specializing in cybersecurity solutions for serverless architectures. The acquisition extends our cloud security strategy with the addition of PureSec to our Prisma cloud security offerings. The total purchase consideration for the acquisition of PureSec was $36.8 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
| Fair value of replacement equity awards | |||||
| Total purchase consideration | $ | ||||
As part of the acquisition, we issued replacement equity awards. The total fair value of the replacement equity awards was $9.1 million, of which the portion attributable to services performed prior to the acquisition date was allocated to the purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net assets acquired | |||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-
- 83 -
acquisition synergies from integrating PureSec’s product into our platform. The goodwill is deductible for U.S. income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
Demisto, Inc.
On March 28, 2019, we completed our acquisition of Demisto, Inc. (“Demisto”), a privately-held security company specializing in security orchestration, automation and response (“SOAR”). The acquisition expands the functionality of our portfolio with the addition of Demisto’s SOAR product. The total purchase consideration for the acquisition of Demisto was $474.2 million, which consisted of the following (in millions):
| Amount | |||||
| Cash | $ | ||||
Common stock ( | |||||
| Fair value of replacement equity awards | |||||
| Total purchase consideration | $ | ||||
As part of the acquisition, we issued replacement equity awards, which included 0.3 million shares of our restricted common stock. The total fair value of the replacement equity awards was $105.2 million, of which the portion attributable to services performed prior to the acquisition date was allocated to the purchase consideration. The remaining fair value was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Cash | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating Demisto’s product into our portfolio. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Total | $ | ||||||||||
RedLock Inc.
On October 12, 2018, we completed our acquisition of RedLock Inc. (“RedLock”), a privately-held cloud security company. The acquisition expands our security capabilities for the public cloud with the addition of RedLock’s cloud security analytics technology. The total purchase consideration for the acquisition of RedLock was $158.2 million, which consisted of $155.0 million in cash paid upon closing and $3.2 million in fair value of unvested equity awards attributable to services performed prior to the acquisition date.
As part of the acquisition, we assumed RedLock equity awards with a total fair value of $57.4 million. Of the total fair value, a portion was allocated to the purchase consideration and the remainder was allocated to future services and will be expensed over the remaining service periods as share-based compensation.
- 84 -
| Amount | |||||
| Goodwill | $ | ||||
| Identified intangible assets | |||||
| Net liabilities assumed | ( | ||||
| Total | $ | ||||
Goodwill generated from this business combination is primarily attributable to the assembled workforce and expected post-acquisition synergies from integrating RedLock’s technology into our platform. The goodwill is not deductible for income tax purposes.
| Fair Value | Estimated Useful Life | ||||||||||
Developed technology | $ | ||||||||||
| Customer relationships | |||||||||||
| Trade name and trademarks | |||||||||||
| Total | $ | ||||||||||
Additional Acquisition-Related Information
The operating results of the acquired companies are included in our consolidated statements of operations from the respective dates of acquisition. Pro forma results of operations have not been presented because the effects of the acquisitions were not material to our consolidated statements of operations.
Additional information related to our acquisitions completed in fiscal 2021, such as that related to income tax and other contingencies, existing as of the acquisition date but unknown to us may become known during the remainder of the measurement period, not to exceed 12 months from the respective acquisition date, which may result in changes to the amounts and allocations recorded.
- 85 -
8. Goodwill and Intangible Assets
Goodwill
| Amount | |||||
| Balance as of July 31, 2020 | $ | ||||
| Goodwill acquired | |||||
| Measurement period adjustment | ( | ||||
| Balance as of July 31, 2021 | $ | ||||
Purchased Intangible Assets
| July 31, | |||||||||||||||||||||||||||||||||||
| 2021 | 2020 | ||||||||||||||||||||||||||||||||||
| Gross Carrying Amount | Accumulated Amortization | Net Carrying Amount | Gross Carrying Amount | Accumulated Amortization | Net Carrying Amount | ||||||||||||||||||||||||||||||
| Intangible assets subject to amortization: | |||||||||||||||||||||||||||||||||||
| Developed technology | $ | $ | ( | $ | $ | $ | ( | $ | |||||||||||||||||||||||||||
| Customer relationships | ( | ( | |||||||||||||||||||||||||||||||||
| Acquired intellectual property | ( | ( | |||||||||||||||||||||||||||||||||
| Trade name and trademarks | ( | ( | |||||||||||||||||||||||||||||||||
| Other | ( | ( | |||||||||||||||||||||||||||||||||
| Total purchased intangible assets | $ | $ | ( | $ | $ | $ | ( | $ | |||||||||||||||||||||||||||
We recognized amortization expense of $117.8 million, $77.3 million, and $53.6 million for the years ended July 31, 2021, 2020, and 2019, respectively.
The following table summarizes estimated future amortization expense of our intangible assets as of July 31, 2021 (in millions):
| Fiscal years ending July 31, | |||||||||||||||||||||||||||||||||||||||||
| Total | 2022 | 2023 | 2024 | 2025 | 2026 | 2027 and Thereafter | |||||||||||||||||||||||||||||||||||
| Future amortization expense | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||
9. Property and Equipment
| July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| Computers, equipment, and software | $ | $ | |||||||||
| Leasehold improvements | |||||||||||
| Land | |||||||||||
| Demonstration units | |||||||||||
| Furniture and fixtures | |||||||||||
| Total property and equipment, gross | |||||||||||
| Less: accumulated depreciation | ( | ( | |||||||||
| Total property and equipment, net | $ | $ | |||||||||
We recognized depreciation expense of $94.2 million, $96.0 million, and $86.2 million related to property and equipment during the years ended July 31, 2021, 2020, and 2019, respectively.
- 86 -
10. Debt
Convertible Senior Notes
In June 2014, we issued $575.0 million aggregate principal amount of 0.0 % Convertible Senior Notes due 2019 (the “2019 Notes”), in July 2018, we issued $1.7 billion aggregate principal amount of 0.75 % Convertible Senior Notes due 2023 (the “2023 Notes”) and, in June 2020, we issued $2.0 billion aggregate principal amount of 0.375 % Convertible Senior Notes due 2025 (the “2025 Notes,” and together with the 2023 Notes, the “Notes”). The 2019 Notes were converted prior to or settled on the maturity date of July 1, 2019, in accordance with their terms. The 2023 Notes bear interest at a fixed rate of 0.75 % per year, payable semi-annually in arrears on January 1 and July 1 of each year, beginning on January 1, 2019. The 2025 Notes bear interest at a fixed rate of 0.375 % per year, payable semi-annually in arrears on June 1 and December 1 of each year, beginning on December 1, 2020. Each series of the convertible notes is governed by an indenture between us, as the issuer, and U.S. Bank National Association, as Trustee (individually, each an “Indenture,” and together, the “Indentures”). The Notes of each series are unsecured, unsubordinated obligations and the applicable Indenture governing each series of Notes does not contain any financial covenants or restrictions on the payments of dividends, the incurrence of indebtedness, or the issuance or repurchase of securities by us or any of our subsidiaries. The 2023 Notes and the 2025 Notes mature on July 1, 2023 and June 1, 2025, respectively. We cannot redeem the 2023 Notes prior to maturity. We may redeem for cash all or any portion of the 2025 Notes, at our option, on or after June 5, 2023, and prior to the 31st scheduled trading day immediately preceding the maturity date if the last reported sale price of our common stock has been at least 130 % of the conversion price then in effect for at least 20 trading days during any 30 consecutive trading day period ending on and including the trading day preceding the date on which we provide notice of redemption. The redemption will be at a price equal to 100 % of the principal amount of the 2025 Notes and adjusted for interest. If we call any or all of the 2025 Notes for redemption, holders may convert such 2025 Notes called for redemption at any time prior to the close of business on the second scheduled trading day immediately preceding the redemption date.
| Conversion Rate per $1,000 Principal | Initial Conversion Price | Convertible Date | Initial Number of Shares | ||||||||||||||||||||
| 2023 Notes | $ | April 1, 2023 | |||||||||||||||||||||
| 2025 Notes | $ | March 1, 2025 | |||||||||||||||||||||
Holders of the Notes may surrender their Notes for conversion at their option at any time prior to the close of business on the business day immediately preceding their respective convertible dates only under the following circumstances:
•during any fiscal quarter commencing after the fiscal quarters ending on October 31, 2018 and October 31, 2020 for the 2023 Notes and the 2025 Notes, respectively (and only during such fiscal quarter), if the last reported sale price of our common stock for at least 20 30 130
•during the five five 98
•upon the occurrence of specified corporate events.
On or after the respective convertible date, holders may surrender all or any portion of their Notes for conversion at any time prior to the close of business on the second scheduled trading day immediately preceding the applicable maturity date regardless of the foregoing conditions, and such conversions will be settled upon the applicable maturity date. Upon conversion, holders of the Notes of a series will receive cash equal to the aggregate principal amount of the Notes of such series to be converted, and, at our election, cash and/or shares of our common stock for any amounts in excess of the aggregate principal amount of the Notes of such series being converted.
The conversion price will be subject to adjustment in some events. Holders of the Notes of a series who convert their Notes of such series in connection with certain corporate events that constitute a “make-whole fundamental change” under the applicable Indenture are, under certain circumstances, entitled to an increase in the conversion rate for such series of Notes. Additionally, upon the occurrence of a corporate event that constitutes a “fundamental change” under the applicable Indenture, holders of the Notes of such series may require us to repurchase for cash all or a portion of the Notes of such series at a repurchase price equal to 100
The sale price condition was met for the 2023 Notes during the fiscal quarter ended July 31, 2021, and as a result, holders may convert their 2023 Notes at any time during the fiscal quarter ending October 31, 2021. Accordingly, the net carrying amount of the 2023 Notes was reclassified into current liabilities and the portion of the equity component representing the conversion option was reclassified into temporary equity in our consolidated balance sheet as of July 31, 2021.
- 87 -
The sale price condition was not met for the 2025 Notes during the fiscal quarters ended July 31, 2021 or July 31, 2020, and was not met for the 2023 Notes during the fiscal quarter ended July 31, 2020. Since the 2025 Notes for both periods and the 2023 Notes as of July 31, 2020 were not convertible, the associated net carrying amount was classified as a long-term liability and the equity component was included in additional paid-in capital in our consolidated balance sheets.
During the year ended July 31, 2019, we repaid $575.0 million in aggregate principal amount of the 2019 Notes and issued 2.5 million shares of common stock to the holders of the 2019 Notes for the conversion value in excess of the principal amount. These shares were fully offset by shares received from the corresponding exercise of the associated note hedges.
| July 31, 2021 | July 31, 2020 | ||||||||||||||||||||||||||||||||||
| 2023 Notes | 2025 Notes | Total | 2023 Notes | 2025 Notes | Total | ||||||||||||||||||||||||||||||
| Liability component: | |||||||||||||||||||||||||||||||||||
| Principal | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||||||||
| Less: debt discount and debt issuance costs, net of amortization | ( | ( | ( | ( | ( | ( | |||||||||||||||||||||||||||||
| Net carrying amount | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||||||||
| Equity component (including amounts classified as temporary equity) | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||||||||
The total estimated fair value of the Notes was $5.5 billion and $4.1 billion at July 31, 2021 and July 31, 2020, respectively. The fair value was determined based on the closing trading price per $100 of the Notes as of the last day of trading for the period. We consider the fair value of the Notes at July 31, 2021 and July 31, 2020 to be a Level 2 measurement. The fair value of the Notes is primarily affected by the trading price of our common stock and market interest rates. Based on the closing price of our common stock on July 31, 2021, the if-converted values of the 2023 Notes and 2025 Notes exceeded their principal amounts by $754.4 million and $587.8 million, respectively.
| Year Ended July 31, 2021 | Year Ended July 31, 2020 | Year Ended July 31, 2019 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| 2023 Notes | 2025 Notes | Total | 2023 Notes | 2025 Notes | Total | 2019 Notes | 2023 Notes | Total | |||||||||||||||||||||||||||||||||||||||||||||
| Contractual interest expense | $ | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Amortization of debt discount | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Amortization of debt issuance costs | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Total interest expense recognized | $ | $ | $ | $ | $ | $ | $ | $ | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Effective interest rate of the liability component | % | % | % | % | % | % | |||||||||||||||||||||||||||||||||||||||||||||||
Note Hedges
To minimize the impact of potential economic dilution upon conversion of our convertible senior notes, we entered into separate convertible note hedge transactions (the “2019 Note Hedges,” with respect to the 2019 Notes, the “2023 Note Hedges,” with respect to the 2023 Notes, the “2025 Note Hedges,” with respect to the 2025 Notes and the 2023 Notes Hedgers together with 2025 Note Hedges, the “Note Hedges”) with respect to our common stock concurrent with the issuance of each series of our convertible senior notes. Upon the settlement of the 2019 Notes, we exercised the corresponding portion of our 2019 Note Hedges during the year ended July 31, 2019 and received shares of our common stock that fully offset the shares issued in excess of the principal amount of the converted 2019 Notes. The 2019 Note Hedges expired upon maturity of the 2019 Notes.
| Initial Number of Shares | Aggregate Purchase | ||||||||||
| 2023 Note Hedges | $ | ||||||||||
| 2025 Note Hedges | $ | ||||||||||
The Note Hedges cover shares of our common stock at a strike price per share that corresponds to the initial applicable conversion price of the applicable series of Notes, which are also subject to adjustment, and are exercisable upon conversion of the applicable series of the Notes. The Note Hedges will expire upon maturity of the applicable series of Notes. The Note Hedges are separate transactions and are not part of the terms of the applicable series of the Notes. Holders of the Notes of either series will not have any rights with respect to the Note Hedges. Any shares of our common stock receivable by us under the Note Hedges are
- 88 -
excluded from the calculation of diluted earnings per share as they are antidilutive. The aggregate amounts paid for the Note Hedges are included in additional paid-in capital in our consolidated balance sheets.
Warrants
Separately, but concurrently with the issuance of each series of our convertible senior notes, we entered into transactions whereby we sold warrants (the “2019 Warrants,” with respect to the 2019 Notes, the “2023 Warrants,” with respect to the 2023 Notes, the “2025 Warrants,” with respect to the 2025 Notes, and the 2023 Warrants together with the 2025 Warrants, the “Warrants”) to acquire shares of our common stock, subject to anti-dilution adjustments. During the year ended July 31, 2020, we net settled all 2019 Warrants with 2.0 million shares or $462.0 million in fair value of our common stock. The 2023 Warrants and 2025 Warrants are exercisable beginning October 2023 and September 2025, respectively.
| Initial Number of Shares | Strike Price per Share | Aggregate Proceeds | |||||||||||||||
| 2023 Warrants | $ | $ | |||||||||||||||
| 2025 Warrants | $ | $ | |||||||||||||||
The shares issuable under the Warrants will be included in the calculation of diluted earnings per share when the average market value per share of our common stock for the reporting period exceeds the applicable strike price for such series of Warrants. The Warrants are separate transactions and are not part of either series of Notes or Note Hedges and are not remeasured through earnings each reporting period. Holders of the Notes of either series will not have any rights with respect to the Warrants. The aggregate proceeds received from the sale of the Warrants are included in additional paid-in capital in our consolidated balance sheets.
Revolving Credit Facility
On September 4, 2018, we entered into a credit agreement (the “Credit Agreement”) with certain institutional lenders that provides for a $400.0 million unsecured revolving credit facility (the “Credit Facility”), with an option to increase the amount of the Credit Facility by up to an additional $350.0 million, subject to certain conditions. The Credit Facility matures on the earlier of (i) September 4, 2023 and (ii) the date that is 91 days prior to the stated maturity of our 2023 Notes if (a) any of the 2023 Notes are still outstanding and (b) our unrestricted cash and cash equivalents are less than the then outstanding principal amount of our 2023 Notes plus $400.0 million.
The borrowings under the Credit Facility currently bear interest, at our option, at a base rate plus a spread of 0.00 % to 0.75 %, or an adjusted LIBO Rate plus a spread of 1.00 % to 1.75 %, in each case with such spread being determined based on our leverage ratio. We are obligated to pay an ongoing commitment fee on undrawn amounts at a rate of 0.125 % to 0.250 %, depending on our leverage ratio. Regulatory authorities that oversee financial markets have announced that after the end of 2021, they would no longer compel banks currently reporting information used to set the LIBO Rate to continue to make rate submissions. As a result, it is possible that beginning in 2022, the LIBO Rate will no longer be available as a reference rate. Under the terms of our Credit Facility, in the event of the discontinuance of the LIBO Rate, a mutually agreed-upon alternative benchmark rate will be established to replace the LIBO Rate, which may include the Secured Overnight Financing Rate (“SOFR”). We do not anticipate that the discontinuance of the LIBO Rate will materially impact our liquidity or financial position.
As of July 31, 2021, there were no amounts outstanding, and we were in compliance with all covenants under the Credit Agreement.
11. Leases
We have entered into various non-cancelable operating leases primarily for our facilities with original lease periods expiring through the year ending July 31, 2028, with the most significant leases relating to corporate headquarters in Santa Clara.
In May 2015 and October 2015, we entered into a total of three lease agreements for approximately 941,000 square feet of corporate office space in Santa Clara, California, which serves as our current corporate headquarters. The leases contain rent holiday periods, scheduled rent increases, lease incentives, and renewal options which allow the lease terms to be extended beyond their expiration dates of July 2028 through July 2046. Rental payments under the three lease agreements are approximately $412.0 million over the lease term.
In September 2012, we entered into two lease agreements for a total of approximately 300,000 square feet of space in Santa Clara, California, which served as our previous corporate headquarters through August 2017, when we relocated to our current corporate campus. The leases contain rent holiday periods and two separate -year options to extend the lease term beyond their expiration dates of July 2023. Rental payments under these lease agreements are approximately $94.3 million over the lease term. In August 2017, we exited our previous corporate headquarter facilities and relocated to our new corporate campus, which resulted in the recognition of a cease-use loss of $39.2 million during the year ended July 31, 2018. Due to changes in market conditions, and the resulting changes to the amount and timing of estimated cash flows from sublease rentals that could be reasonably obtained, we recognized an additional cease-use loss of $7.0 million as general and administrative expense in our consolidated statements of operations during the year ended July 31, 2019. In December 2019, we terminated these leases prior to their expiration date. The early
- 89 -
termination fee is $25.0 million, payable in equal quarterly installments from April 2020 through July 2023. Upon termination, we recorded a decrease of $13.6 million in operating lease liabilities based on the payment schedule of the early termination fee discounted by the incremental borrowing rate for the remaining payment term. We also decreased right-of-use assets by $8.7 million upon surrendering possession of the properties. As a result, during the year ended July 31, 2020, we recorded a gain of $3.1 million net of other related fees of $1.8 million in general and administrative expense in our consolidated statements of operations.
During the years ended July 31, 2021 and July 31, 2020, our net cost for operating leases was $75.2 million and $80.4 million, respectively, primarily consisting of operating lease costs of $59.3 million and $63.5 million, respectively. Our net cost for operating leases also included variable lease costs, short-term lease costs and sublease income in both periods. We recognized rent expense of $43.0 million for the year ended July 31, 2019, prior to our adoption of the new lease guidance.
| Year Ended July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| Operating cash flows used in payments of operating lease liabilities | $ | $ | |||||||||
| Right-of-use assets obtained in exchange for new operating lease liabilities | $ | $ | |||||||||
| July 31, 2021 | July 31, 2020 | ||||||||||
| Weighted-average remaining lease term | |||||||||||
| Weighted-average discount rate | % | % | |||||||||
The following table presents maturities of operating lease liabilities as of July 31, 2021 (in millions):
________________________
| Amount | |||||
| Fiscal years ending July 31: | |||||
| 2022 | $ | ||||
| 2023 | |||||
| 2024 | |||||
| 2025 | |||||
| 2026 | |||||
| 2027 and thereafter | |||||
| Total operating lease payments | |||||
| Less: imputed interest | ( | ||||
| Present value of operating lease liabilities | $ | ||||
| $ | |||||
| Long-term operating lease liabilities | $ | ||||
(1) Current portion of operating lease liabilities is included in accrued and other liabilities on our consolidated balance sheet.
12. Commitments and Contingencies
Manufacturing Purchase Commitments
In order to reduce manufacturing lead times and plan for adequate supply, we enter into agreements with manufacturing partners and component suppliers to procure inventory based on our demand forecasts. We are committed to minimum or fixed purchases through the year ending July 31, 2026. The following table presents details of the aggregate future purchase commitments under these arrangements excluding obligations under contracts that we can cancel without a significant penalty as of July 31, 2021 (in millions):
| Fiscal years ending July 31, | |||||||||||||||||||||||||||||||||||
| Total | 2022 | 2023 | 2024 | 2025 | 2026 | ||||||||||||||||||||||||||||||
Manufacturing purchase commitments | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||||||||
- 90 -
Other Purchase Commitments
We have entered into various non-cancelable agreements with certain service providers, under which we are committed to minimum or fixed purchases through the year ending July 31, 2026. The following table presents details of the aggregate future non-cancelable purchase commitments under these agreements as of July 31, 2021 (in millions):
| Fiscal years ending July 31, | |||||||||||||||||||||||||||||||||||
| Total | 2022 | 2023 | 2024 | 2025 | 2026 | ||||||||||||||||||||||||||||||
Other purchase commitments | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||||||||
Mutual Covenant Not to Sue and Release Agreement
In January 2020, we executed a Mutual Covenant Not to Sue and Release Agreement for $50.0 million to extend an existing covenant not to sue for seven years . As the primary benefit of the arrangement was attributable to future use, the amount was recorded in other assets on our consolidated balance sheets and is amortized to cost of product revenue in our consolidated statements of operations over the estimated period of benefit of seven years .
Litigation
We are subject to legal proceedings, claims, and litigation arising in the ordinary course of business, including intellectual property litigation. Such matters are subject to many uncertainties and outcomes are not predictable with assurance. We accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss.
To the extent there is a reasonable possibility that a loss exceeding amounts already recognized may be incurred and the amount of such additional loss would be material, we will either disclose the estimated additional loss or state that such an estimate cannot be made. As of July 31, 2021, we have not recorded any significant accruals for loss contingencies associated with such legal proceedings, determined that an unfavorable outcome is probable or reasonably possible, or determined that the amount or range of any possible loss is reasonably estimable.
Indemnification
Under the indemnification provisions of our standard sales related contracts, we agree to defend our end-customers against third-party claims asserting infringement of certain intellectual property rights, which may include patents, copyrights, trademarks, or trade secrets, and to pay judgments entered on such claims. Our exposure under these indemnification provisions is generally limited to payments made to us for the alleged infringing products over the preceding twelve months under the agreement. However, certain agreements include indemnification provisions that could potentially expose us to losses in excess of these payments. In addition, we indemnify our officers, directors, and certain key employees while they are serving in good faith in their company capacities. To date, we have not recorded any accruals for loss contingencies associated with indemnification claims or determined that an unfavorable outcome is probable or reasonably possible.
13. Stockholders’ Equity
Share Repurchase Program
In August 2016, our board of directors authorized a $500.0 million share repurchase program and in February 2017 authorized a $500.0 million increase to the repurchase program, bringing the total authorization to $1.0 billion (our “original authorization”). This repurchase program expired on December 31, 2018. In February 2019, our board of directors authorized a $1.0 billion share repurchase program and in December 2020 authorized a $700.0 million increase to this share repurchase program, bringing the total authorization to $1.7 billion (our “current authorization”). The expiration date of our current authorization was extended to December 31, 2021, and our repurchase program may be suspended or discontinued at any time. Repurchases may be made at management’s discretion from time to time on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing.
During the year ended July 31, 2019, we repurchased and retired 1.9 million shares of our common stock under our original authorization for an aggregate purchase price of $330.0 million and an average price per share of $177.64 , including transaction costs.
During the years ended July 31, 2021 and 2020, we repurchased and retired 4.0 million shares and 0.9 million shares of our common stock under our current authorization for an aggregate purchase price of $1.2 billion and $198.1 million, and an average price per share of $294.87 and $209.12 , respectively, including transaction costs. As of July 31, 2021, we have $323.9 million remaining for future share repurchases under our current repurchase authorization. The total price of the shares repurchased and related transaction costs are reflected as a reduction to common stock and additional paid-in capital on our consolidated balance sheets.
Accelerated Stock Repurchase
In February 2020, our board of directors approved the repurchase of $1.0 billion of our common stock through an accelerated share repurchase (“ASR”) transaction with a financial institution. This ASR transaction was in addition to our share repurchase program.
- 91 -
14. Equity Award Plans
Share-Based Compensation Plans
2012 Equity Incentive Plan
Our 2012 Equity Incentive Plan (our “2012 Plan”) was adopted by our board of directors and approved by the stockholders on June 5, 2012 and was effective one business day prior to the effectiveness of our registration statement for our initial public offering (“IPO”). Our 2012 Plan replaced our 2005 Equity Incentive Plan (our “2005 Plan”), which terminated upon the completion of our IPO, however, awards that were outstanding upon termination remained outstanding pursuant to their original terms. Our 2012 Plan provides for the granting of stock options, restricted stock award (“RSA”), restricted stock unit (“RSU”), stock appreciation rights, performance shares (“PSAs”), performance-based stock units (“PSUs”) and performance stock options (“PSOs”) to our employees, directors, and consultants.
Awards granted under our 2012 Plan vest over the periods determined by the board of directors, generally to four years from the date of grant, and our options expire no more than ten years after the date of grant. Since our IPO in 2012, awards granted under our 2012 Plan consist primarily of RSUs. Until vested, RSUs do not have the voting and dividend participation rights of common stock and the shares underlying the awards are not considered issued and outstanding.
We grant awards with performance conditions (PSAs and PSUs) to certain employees, which vest over a period of to four years from the date of grant. The actual number of PSAs and PSUs earned and eligible to vest is determined based on the level of achievement against revenue growth, pre-established billings and operating margin goals, or pre-defined individual performance targets for the fiscal year.
We have also granted PSOs with both a market condition and a service condition to certain executives. The market condition for PSOs granted in the fiscal years 2018 and 2019 requires the price of our common stock to equal or exceed $297.75 397.00 496.25 595.50 30 397.00 , $496.25 , $595.50 and $700.00 based on the average closing price for 30 consecutive trading days during the -, -, -, and six-and-a-half-year periods following the date of grant. To the extent that the market condition has been met, one-fourth of the PSOs will vest on the anniversary date of the grant date for such PSOs, subject to continued service. Certain outstanding PSOs may be exercised prior to vesting (“early exercise”). Shares of common stock issued upon early exercise of the PSOs will be restricted and, at our option, subject to repurchase if the option holder ceases to be a service provider. The maximum contractual term of our PSOs ranged from six and a half years to seven and a half years from the date of grant, depending on vesting period. During the fiscal year ended July 31, 2021, 0.4 million shares of our PSOs vested as the first stock price target for our PSOs granted in fiscal years 2018 and 2019 was satisfied and the service condition was met.
We net-share settle equity awards held by certain employees by withholding shares upon vesting to satisfy tax withholding obligations. The shares withheld to satisfy employee tax withholding obligations are returned to our 2012 Plan and will be available for future issuance. Payments for employees’ tax obligations to the tax authorities are recognized as a reduction to additional paid-in capital and reflected as financing activities in our consolidated statements of cash flows.
A total of 21.9 million shares of our common stock are reserved for issuance pursuant to our 2012 Plan as of July 31, 2021. This includes shares that are (i) reserved but unissued under our 2005 Plan on the effective date of our 2012 Plan or (ii) returned to our 2005 Plan as a result of expiration or termination of options. On the first day of each fiscal year, the number of shares in the reserve may be increased by the lesser of (i) 8,000,000 shares, (ii) 4.5 % of the outstanding shares of common stock on the last day of our immediately preceding fiscal year, or (iii) such other amount as determined by our board of directors.
2012 Employee Stock Purchase Plan
Our 2012 Employee Stock Purchase Plan was adopted by our board of directors and approved by the stockholders on June 5, 2012, and was effective upon completion of our IPO. On August 29, 2017, we amended and restated our 2012 Employee Stock Purchase Plan (our “2012 ESPP”) to extend the length of our offering periods from 6 to 24 months.
Our 2012 ESPP permits eligible employees to acquire shares of our common stock at 85 % of the lower of the fair market value of our common stock on the first trading day of each offering period or on the purchase date. If the fair market value of our common stock on the purchase date is lower than the first trading day of the offering period, the current offering period will be cancelled after purchase and a new 24 -month offering period will begin. Under our 2012 ESPP, each 24 -month offering period consists of four consecutive 6 -month purchase periods, with purchase dates on the first trading day on or after February 28 and August 31 of each year. Participants may purchase shares of common stock through payroll deductions of up to 15 % of their eligible compensation, subject to purchase limits of 625 shares per six-month purchase period and $25,000 worth of stock for each calendar year. Shares
- 92 -
purchased under our 2012 ESPP during the fiscal years ended July 31, 2021, 2020 and 2019 were 0.6 million, 0.6 million and 0.5 million, at an average exercise price of $161.07 per share, $146.90 per share and $128.81 per share respectively.
A total of 4.6 million shares of our common stock are available for sale under our 2012 ESPP as of July 31, 2021. On the first day of each fiscal year, the number of shares in the reserve may be increased by the lesser of (i) 2,000,000 shares, (ii) 1 % of the outstanding shares of our common stock on the first day of the fiscal year, or (iii) such other amount as determined by our board of directors.
Acquisition-related Activities
Assumed Share-based Compensation Plans
In connection with our acquisitions of Bridgecrew, Expanse, Sinefa and Crypsis during the year ended July 31, 2021, we assumed the Bridgecrew, Inc. 2019 Stock Incentive Plan, the Expanse Holding Company, Inc. Amended and Restated 2012 Stock Incentive Plan, the Sinefa Group, Inc. 2020 Stock Plan, and the Crypsis Group Holdings, LLC 2017 Equity Incentive Plan (together, the “2021 assumed Plans”). In connection with our acquisitions of CloudGenix, Aporeto, and Zingbox during the year ended July 31, 2020, we assumed CloudGenix’s 2013 Equity Incentive Plan, Aporeto’s Amended and Restated 2015 Stock Option and Grant Plan and Zingbox’s Stock Incentive Plan, as amended and restated (together, the “2020 assumed Plans”). In connection with our acquisitions of RedLock, Demisto, and Twistlock during the year ended July 31, 2019, we assumed RedLock’s 2015 Stock Plan, as amended, Demisto’s 2015 Stock Option Plan, as amended, and Twistlock’s 2015 Share Option Plan, as amended and restated (together, the “2019 assumed Plans”). In aggregate, the 2021 assumed Plans, the 2020 assumed Plans and the 2019 assumed plans are referenced as “the Assumed Plans.”
The equity awards assumed in connection with each acquisition were granted from their respective assumed plans. The assumed equity awards will be settled in shares of our common stock and will retain the terms and conditions under which they were originally granted. No additional equity awards will be granted under and forfeited awards will not be returned to the Assumed Plans. Refer to Note 7. Acquisitions for more information on our acquisitions and the related equity awards assumed.
Restricted Stock Issuances
In connection with our acquisitions of Expanse and Sinefa during the year ended July 31, 2021, we issued a total of 0.3 million shares of restricted common stock as replacement equity awards which are subject to additional time-based vesting requirements and continued service by the award holder.
In connection with our acquisition of Zingbox during the year ended July 31, 2020, we issued a total of 0.1 million shares of restricted common stock as replacement equity awards which are subject to additional time-based vesting requirements and continued service by the award holder.
In connection with our acquisitions of RedLock, Demisto, PureSec, and Twistlock during the year ended July 31, 2019, we issued a total of 0.5 million shares of restricted common stock as replacement equity awards which are subject to additional time-based vesting requirements and continued service by the award holder.
- 93 -
Stock Option Activities
| Stock Options Outstanding | PSOs Outstanding | ||||||||||||||||||||||||||||||||||||||||||||||
| Number of Shares | Weighted-Average Exercise Price Per Share | Weighted-Average Remaining Contractual Term (Years) | Aggregate Intrinsic Value | Number of Shares | Weighted-Average Exercise Price Per Share | Weighted-Average Remaining Contractual Term (Years) | Aggregate Intrinsic Value | ||||||||||||||||||||||||||||||||||||||||
| Balance—July 31, 2018 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||
| Granted | $ | $ | |||||||||||||||||||||||||||||||||||||||||||||
| Exercised | ( | $ | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Forfeited | $ | ( | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Balance—July 31, 2019 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||
| Exercised | ( | $ | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Forfeited | $ | ( | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Balance—July 31, 2020 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||
| Granted | $ | $ | |||||||||||||||||||||||||||||||||||||||||||||
| Exercised | $ | $ | |||||||||||||||||||||||||||||||||||||||||||||
| Forfeited | $ | ( | $ | ||||||||||||||||||||||||||||||||||||||||||||
| Balance—July 31, 2021 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||
| Exercisable—July 31, 2021 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||
The weighted-average grant-date fair value of PSOs granted during the years ended July 31, 2021 and 2019 was $82.12 and $59.11 , per share, respectively. The intrinsic value of options exercised during the years ended July 31, 2021, 2020, and 2019 was $22.2 million, $50.2 million and $139.5 million, respectively.
- 94 -
RSA and PSA Activities
| RSAs Outstanding | PSAs Outstanding | ||||||||||||||||||||||
| Number of Shares | Weighted- Average Grant-Date Fair Value Per Share | Number of Shares | Weighted- Average Grant-Date Fair Value Per Share | ||||||||||||||||||||
| Balance—July 31, 2018 | $ | $ | |||||||||||||||||||||
Vested | ( | $ | $ | ||||||||||||||||||||
Forfeited | $ | $ | |||||||||||||||||||||
| Balance—July 31, 2019 | $ | $ | |||||||||||||||||||||
Vested | $ | $ | |||||||||||||||||||||
Forfeited | $ | $ | |||||||||||||||||||||
| Balance—July 31, 2020 | $ | $ | |||||||||||||||||||||
Vested | $ | ( | $ | ||||||||||||||||||||
Forfeited | $ | $ | |||||||||||||||||||||
| Balance—July 31, 2021 | $ | $ | |||||||||||||||||||||
The aggregate fair value, as of respective vesting dates, of RSAs vested during the years ended July 31, 2021, 2020 and 2019, was $1.6 million, $7.0 million and $41.1 million, respectively. The aggregate fair value, as of the respective vesting dates, of PSAs vested during the years ended July 31, 2021, 2020, and 2019 was $0.8 million, $3.8 million and $4.5 million, respectively.
RSU and PSU Activities
The following table summarizes the RSU and PSU activity under our stock plans during the years ended July 31, 2021, 2020, and 2019 (in millions, except per share amounts):
| RSUs Outstanding | PSUs Outstanding | ||||||||||||||||||||||||||||||||||
| Number of Shares | Weighted- Average Grant-Date Fair Value Per Share | Aggregate Intrinsic Value | Number of Shares | Weighted- Average Grant-Date Fair Value Per Share | Aggregate Intrinsic Value | ||||||||||||||||||||||||||||||
| Balance—July 31, 2018 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||
Granted(1)(2) | $ | $ | |||||||||||||||||||||||||||||||||
Vested(3) | ( | $ | ( | $ | |||||||||||||||||||||||||||||||
Forfeited | ( | $ | $ | ||||||||||||||||||||||||||||||||
| Balance—July 31, 2019 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||
Granted(1)(2) | $ | $ | |||||||||||||||||||||||||||||||||
Vested(3) | ( | $ | ( | $ | |||||||||||||||||||||||||||||||
Forfeited | ( | $ | $ | ||||||||||||||||||||||||||||||||
| Balance—July 31, 2020 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||
Granted(1)(2) | $ | $ | |||||||||||||||||||||||||||||||||
Vested(3) | ( | $ | ( | $ | |||||||||||||||||||||||||||||||
Forfeited | ( | $ | $ | ||||||||||||||||||||||||||||||||
| Balance—July 31, 2021 | $ | $ | $ | $ | |||||||||||||||||||||||||||||||
______________
(1) For PSUs, shares granted represent the aggregate maximum number of shares that may be earned and issued with respect to these awards over their full terms.
(2) Includes 0.4 million RSUs assumed in connection with the acquisitions of Crypsis, Sinefa, Expanse and Bridgecrew, with weighted-average grant-date fair value of $241.43 , $297.17 , $317.45 , $354.66 , respectively, for the year ended July 31, 2021 and 0.1 million RSUs assumed in connection with the acquisitions of Zingbox, Aporeto and CloudGenix, with weighted-average grant-date fair value of $208.25 , $231.30 and $181.48 , respectively, for the year ended July 31, 2020. It also
- 95 -
includes 0.4 million RSUs assumed and 0.1 million replacement RSUs granted in connection with the acquisitions of RedLock, Demisto, PureSec, and Twistlock, with weighted-average grant-date fair values of $218.69 and $224.31 per share, respectively, for the year ended July 31, 2019.
(3) Includes time-based vesting for PSUs.
The aggregate fair value, as of the respective vesting dates, of RSUs vested during the years ended July 31, 2021, 2020, and 2019 was $986.4 million, $615.7 million, and $566.4 million, respectively. The aggregate fair value, as of the respective vesting dates, of PSUs vested during the year ended July 31, 2021, 2020 and 2019 was $20.8 million, $11.9 million and $17.2 million, respectively.
Shares Available for Grant
| Number of shares | |||||
| Balance—July 31, 2020 | |||||
| Authorized | |||||
| PSOs, RSUs, and PSUs granted | ( | ||||
| Options, PSOs, RSAs, PSAs, RSUs, and PSUs forfeited | |||||
| Shares withheld for taxes | |||||
| Balance—July 31, 2021 | |||||
Share-Based Compensation
We record share-based compensation awards based on estimated fair value as of the grant date. The fair value of RSUs, PSUs, RSAs, and PSAs is based on the closing market price of our common stock on the date of grant.
The fair value of PSOs is estimated on the grant date using a Monte Carlo simulation model, which predicts settlement of the options midway between the vesting term and the contractual term. No PSOs were granted during the year ended July 31, 2020. The following table summarizes the assumptions used and the resulting grant-date fair values of our PSOs granted during the years ended July 31, 2021 and 2019:
| Year Ended July 31, | |||||||||||
| 2021 | 2019 | ||||||||||
Volatility | % | ||||||||||
Dividend yield | % | ||||||||||
Risk-free interest rate | % | ||||||||||
| Weighted-average grant-date fair value per share | $ | $ | |||||||||
The expected volatility is based on a combination of implied volatility from traded options on our common stock and the historical volatility of our common stock. The dividend yield assumption is based on our current expectations about our anticipated dividend policy. The risk-free interest rate is based on the implied yield available on U.S. Treasury zero-coupon issues with terms equal to the contractual terms of each tranche.
The fair value of shares issued under our 2012 ESPP are estimated on the grant date using the Black-Scholes option pricing model. The following table summarizes the assumptions used and the resulting grant-date fair values of our ESPP:
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
Volatility | |||||||||||||||||
Expected term (in years) | |||||||||||||||||
Dividend yield | % | % | % | ||||||||||||||
Risk-free interest rate | |||||||||||||||||
| Grant-date fair value per share | $ | $ | $ | ||||||||||||||
The expected volatility is based on a combination of implied volatility from traded options on our common stock and the historical volatility of our common stock. The expected term represents the term from the first day of the offering period to the purchase dates within each offering period. The dividend yield assumption is based on our expectations about our anticipated dividend
- 96 -
policy. The risk-free interest rate is based on the implied yield available on U.S. Treasury zero-coupon issues with maturities that approximate the expected term.
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
Cost of product revenue | $ | $ | $ | ||||||||||||||
Cost of subscription and support revenue | |||||||||||||||||
Research and development | |||||||||||||||||
Sales and marketing | |||||||||||||||||
General and administrative | |||||||||||||||||
| Total share-based compensation | $ | $ | $ | ||||||||||||||
During the year ended July 31, 2021, we accelerated the vesting of certain equity awards in connection with our acquisitions of Bridgecrew, Expanse, Sinefa and Crypsis and recorded $9.8 million, $5.7 million, $9.8 million and $7.1 million, respectively. During the year ended July 31, 2020, we accelerated the vesting of certain equity awards in connection with our acquisitions of Zingbox, Aporeto and CloudGenix and recorded $1.3 million, $4.4 million and $0.3 million, respectively, and during the year ended July 31, 2019, we accelerated the vesting of certain equity awards in connection with our acquisitions of RedLock and Twistlock and recorded $14.2 million and $5.8 million, respectively, of share-based compensation within general and administrative expense.
As of July 31, 2021, total compensation cost related to unvested share-based awards not yet recognized was $2.0 billion. This cost is expected to be amortized over a weighted-average period of approximately 2.6 years. Future grants will increase the amount of compensation expense to be recorded in these periods.
15. Income Taxes
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| United States | $ | ( | $ | ( | $ | ( | |||||||||||
| Foreign | ( | ||||||||||||||||
| Total | $ | ( | $ | ( | $ | ( | |||||||||||
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Federal: | |||||||||||||||||
| Current | $ | $ | $ | ( | |||||||||||||
| Deferred | ( | ( | ( | ||||||||||||||
| State: | |||||||||||||||||
| Current | ( | ||||||||||||||||
| Deferred | ( | ||||||||||||||||
| Foreign: | |||||||||||||||||
| Current | |||||||||||||||||
| Deferred | ( | ( | ( | ||||||||||||||
| Total | $ | $ | $ | ||||||||||||||
For the year ended July 31, 2021, our provision for income taxes decreased slightly compared to the year ended July 31, 2020, primarily due to tax benefits from changes in our valuation allowances.
For the year ended July 31, 2020, our provision for income taxes increased compared to the year ended July 31, 2019, primarily due to an increase in foreign income as a result of increased business operations and withholding taxes from an increase in billings in the relevant jurisdictions. We also had a change in our valuation allowance related to acquisitions completed during fiscal 2019.
- 97 -
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Federal statutory rate | % | % | % | ||||||||||||||
| Effect of: | |||||||||||||||||
| State taxes, net of federal tax benefit | |||||||||||||||||
| Effects of non-U.S. operations | ( | ||||||||||||||||
| Change in valuation allowance | ( | ( | ( | ||||||||||||||
| Effect of U.S. tax law change | |||||||||||||||||
| Share-based compensation | ( | ||||||||||||||||
| Tax credits | |||||||||||||||||
| Non-deductible expenses | ( | ( | ( | ||||||||||||||
| Other, net | ( | ( | |||||||||||||||
| Total | ( | % | ( | % | ( | % | |||||||||||
In fiscal 2020, we transferred certain intellectual property rights to a wholly owned United Kingdom subsidiary, primarily to align our legal structure to our evolving operations. The tax benefit from an increase in the tax basis of intellectual property rights resulted in an increase in effects of non-U.S. operations and was fully offset by a full valuation.
| July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| Deferred tax assets: | |||||||||||
| Accruals and reserves | $ | $ | |||||||||
| Deferred revenue | |||||||||||
| Net operating loss carryforwards | |||||||||||
| Tax credits | |||||||||||
| Share-based compensation | |||||||||||
| Fixed assets and intangible assets | |||||||||||
| Gross deferred tax assets | |||||||||||
| Valuation allowance | ( | ( | |||||||||
| Total deferred tax assets | |||||||||||
| Deferred tax liabilities: | |||||||||||
| Deferred commissions | ( | ( | |||||||||
| Other deferred tax liabilities | ( | ( | |||||||||
| Total deferred tax liabilities | ( | ( | |||||||||
| Net deferred tax assets | $ | $ | |||||||||
Our increase in deferred tax assets relating to net operating losses and fixed assets and intangible assets is largely due to an impact from the United Kingdom tax rate increase from 19% to 25% effective April 1, 2023. As of July 31, 2021, it is not more likely than not that our deferred tax assets will be realizable, and therefore, are offset by a full valuation allowance.
A valuation allowance is provided when it is more likely than not that the deferred tax asset will not be realized. Realization of deferred tax assets is dependent upon future taxable income, if any, the amount and timing of which are uncertain. At such time, if it is determined that it is more likely than not that the deferred tax assets are realizable, the valuation allowance will be adjusted. As of July 31, 2021, we have provided a valuation allowance for our federal, state, United Kingdom and certain other foreign deferred tax assets that we believe will, more likely than not, be unrealizable. The net valuation allowance increased by $0.7 billion from the year
- 98 -
ended July 31, 2020 to the year ended July 31, 2021, primarily due to a change in the United Kingdom tax rate as discussed above and an increase in our operations.
As of July 31, 2021, we had federal, state, and foreign NOL carryforwards of approximately $1.8 billion, $0.9 billion, and $1.1 billion, respectively, as reported on our tax returns, available to reduce future taxable income, if any. If not utilized, our federal and state NOL carryforwards will expire in various amounts at various dates beginning in the years ending July 31, 2034 and July 31, 2022, respectively. Our foreign NOL will carry forward indefinitely.
As of July 31, 2021, we had federal and state research and development tax credit carryforwards of approximately $172.8 million and $144.7 million, respectively, as reported on our tax returns. If not utilized, the federal credit carryforwards will expire in various amounts at various dates beginning in the year ending July 31, 2026. The state credit will carry forward indefinitely.
As of July 31, 2021, we had foreign tax credit carryforwards of $3.6 million as reported on our tax returns. If not utilized, the foreign tax credit carryforwards will expire in various amounts at various dates beginning in the year ending July 31, 2022.
Utilization of the NOL carryforwards and credits may be subject to a substantial annual limitation due to the ownership change limitations provided by the Internal Revenue Code of 1986, as amended, and similar state provisions. The annual limitation may result in the expiration of NOLs and credits before utilization.
As of July 31, 2021, we had $372.9 million of unrecognized tax benefits, $68.7 million of which would affect income tax expense if recognized, after consideration of our valuation allowance in the United States and other assets. As of July 31, 2020, we had $326.4 million of unrecognized tax benefits, $63.9 million of which would affect income tax expense if recognized, after consideration of our valuation allowance in the United States and other assets. As of July 31, 2021, our federal, state, and foreign returns for the tax years 2009 through the current period remain subject to adjustment due to current and future examinations. Fiscal years outside the normal statute of limitation remain open to audit by tax authorities due to tax attributes generated in earlier years, which have been carried forward and may be audited in subsequent years when utilized. We do not expect the amount of unrecognized tax benefits as of July 31, 2021 to change significantly over the next 12 months. We recognize both interest and penalties associated with uncertain tax positions as a component of income tax expense. During the years ended July 31, 2021, 2020, and 2019, we recognized income tax expense related to interest and penalties of $3.5 million, $1.6 million, and $2.3 million, respectively. We had accrued interest and penalties on our consolidated balance sheets related to unrecognized tax benefits of $15.7 million and $12.2 million as of July 31, 2021 and 2020, respectively. The ultimate amount and timing of any future cash settlements cannot be predicted with reasonable certainty.
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Unrecognized tax benefits at the beginning of the period | $ | $ | $ | ||||||||||||||
| Additions for tax positions taken in prior years | |||||||||||||||||
| Reductions for tax positions taken in prior years | ( | ( | ( | ||||||||||||||
| Additions for tax positions taken in the current year | |||||||||||||||||
| Unrecognized tax benefits at the end of the period | $ | $ | $ | ||||||||||||||
During the year ended July 31, 2021, our additions for tax positions taken in the given year were primarily attributable to uncertain tax positions related to tax credits.
During the year ended July 31, 2020 and July 31, 2019, our additions for tax positions taken in the given year were primarily attributable to intercompany transactions.
16. Net Loss Per Share
- 99 -
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
Weighted-average shares used to compute net loss per share, basic and diluted | |||||||||||||||||
| Net loss per share, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Convertible senior notes | |||||||||||||||||
| Warrants related to the issuance of convertible senior notes | |||||||||||||||||
| RSUs and PSUs | |||||||||||||||||
| Options to purchase common stock, including PSOs | |||||||||||||||||
| RSAs and PSAs | |||||||||||||||||
| ESPP shares | |||||||||||||||||
| Total | |||||||||||||||||
17. Other Income, Net
| Year Ended July 31, | |||||||||||||||||
| 2021 | 2020 | 2019 | |||||||||||||||
| Interest income | $ | $ | $ | ||||||||||||||
| Foreign currency exchange gains (losses), net | ( | ( | ( | ||||||||||||||
| Other | ( | ( | |||||||||||||||
| Total other income, net | $ | $ | $ | ||||||||||||||
18. Employee Benefit Plan
19. Segment Information
- 100 -
| Year Ended July 31, | |||||||||||
| 2021 | 2020 | ||||||||||
| Long-lived assets: | |||||||||||
| United States | $ | $ | |||||||||
| Israel | |||||||||||
| Other countries | |||||||||||
| Total long-lived assets | $ | $ | |||||||||
Refer to Note 2. Revenue for revenue by geographic theater and revenue for groups of similar products and services for the years ended July 31, 2021, 2020, and 2019.
20. Related Party Transactions
21. Subsequent Events
Share Repurchase
On August 17, 2021, our board of directors authorized a $676.1 million increase to our share repurchase program under the current authorization, bringing the total remaining authorization for future share repurchases to $1.0 billion. Repurchases may be made at management’s discretion from time to time on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing. The repurchase authorization will expire on December 31, 2022, and may be suspended or discontinued at any time.
Business Combination
On August 11, 2021, we completed our acquisition of Gamma Networks, Inc. (“Gamma”), a privately-held AI powered company, for total consideration of approximately $36 million, subject to adjustment. We expect the acquisition will expand our data loss prevention offerings. We will complete the initial accounting for the acquisition of Gamma, including the allocation of purchase consideration, during our first quarter of fiscal 2022.
- 101 -
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
Not applicable.
ITEM 9A. CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our chief executive officer and chief financial officer, evaluated the effectiveness of our disclosure controls and procedures pursuant to Rule 13a-15 under the Securities Exchange Act of 1934, as amended (the “Exchange Act”). In designing and evaluating the disclosure controls and procedures, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs.
Based on our evaluation, our chief executive officer and chief financial officer concluded that, as of July 31, 2021, our disclosure controls and procedures are designed at a reasonable assurance level and are effective to provide reasonable assurance that information we are required to disclose in reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in Securities and Exchange Commission (“SEC”) rules and forms, and that such information is accumulated and communicated to our management, including our chief executive officer and chief financial officer, as appropriate, to allow timely decisions regarding required disclosure.
Management’s Annual Report on Internal Control over Financial Reporting
For “Management’s Annual Report on Internal Control Over Financial Reporting” see the report under Part II, Item 8 of this Annual Report on Form 10-K, which report is incorporated herein by reference.
For the “Report of Independent Registered Public Accounting Firm,” see the report under Part II, Item 8 of this Annual Report on Form 10-K, which report is incorporated herein by reference.
Changes in Internal Control over Financial Reporting
As a result of COVID-19, most of our workforce has been working from home since March 2020. However there were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended July 31, 2021 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
ITEM 9B. OTHER INFORMATION
Not applicable.
ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS
Not applicable.
- 102 -
PART III
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The information required by this item will be contained in our definitive proxy statement to be filed with the SEC in connection with our 2021 annual meeting of stockholders (the “Proxy Statement”), which is expected to be filed not later than 120 days after the end of our fiscal year ended July 31, 2021, and is incorporated in this report by reference.
ITEM 11. EXECUTIVE COMPENSATION
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
- 103 -
PART IV
ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
Documents filed as part of this Annual Report on Form 10-K are as follows:
1.Consolidated Financial Statements
Our Consolidated Financial Statements are listed in the “Index to Consolidated Financial Statements” under Part II, Item 8 of this Annual Report on Form 10-K.
2.Financial Statement Schedules
Financial statement schedules have been omitted because they are not required, not applicable, not present in amounts sufficient to require submission of the schedule, or the required information is shown in the Consolidated Financial Statements or the notes thereto.
3.Exhibits
The following documents are incorporated by reference or are filed with this Annual Report on Form 10-K, in each case as indicated therein (numbered in accordance with Item 601 of Regulation S-K).
EXHIBIT INDEX
| Exhibit Number | Exhibit Description | Incorporated by Reference | ||||||||||||||||||||||||||||||
| Form | File No. | Exhibit | Filing Date | |||||||||||||||||||||||||||||
| Restated Certificate of Incorporation of the Registrant. | 10-K | 001-35594 | 3.1 | October 4, 2012 | ||||||||||||||||||||||||||||
| Amended and Restated Bylaws of the Registrant. | 10-Q | 001-35594 | 3.2 | February 25, 2020 | ||||||||||||||||||||||||||||
| Certificate of Change of Location of Registered Agent and/or Registered Office. | 8-K | 001-35594 | 3.1 | August 30, 2016 | ||||||||||||||||||||||||||||
| Indenture between the Registrant and U.S. Bank National Association, dated as of July 12, 2018. | 8-K | 001-35594 | 4.1 | July 13, 2018 | ||||||||||||||||||||||||||||
| Indenture between the Registrant and U.S. Bank National Association, dated as of June 8, 2020. | 8-K | 001-35594 | 4.1 | June 8, 2020 | ||||||||||||||||||||||||||||
| Form of Global 0.75% Convertible Senior Note due 2023 (included in Exhibit 4.1). | 8-K | 001-35594 | 4.2 | July 13, 2018 | ||||||||||||||||||||||||||||
| Form of Global 0.375% Convertible Senior Note due 2023 (included in Exhibit 4.1). | 8-K | 001-35594 | 4.2 | June 8, 2020 | ||||||||||||||||||||||||||||
| Description of Registrant’s Securities. | ||||||||||||||||||||||||||||||||
10.1* | Form of Indemnification Agreement between the Registrant and its directors and officers. | S-1/A | 333-180620 | 10.1 | July 9, 2012 | |||||||||||||||||||||||||||
10.2* | 2005 Equity Incentive Plan and related form agreements under 2005 Equity Incentive Plan. | S-1/A | 333-180620 | 10.2 | July 9, 2012 | |||||||||||||||||||||||||||
10.3* | 2012 Equity Incentive Plan and related form agreements under 2012 Equity Incentive Plan, as amended. | 10-Q | 001-35594 | 10.2 | November 26, 2019 | |||||||||||||||||||||||||||
10.4* | 2012 Employee Stock Purchase Plan and related form agreements under 2012 Employee Stock Purchase Plan, as amended and restated. | 10-K | 001-35594 | 10.4 | September 7, 2017 | |||||||||||||||||||||||||||
10.5* | RedLock Inc. 2015 Stock Plan, as amended, and related form agreements under RedLock Inc. 2015 Stock Plan, as amended. | S-8 | 333-227901 | 99.1 | October 19, 2018 | |||||||||||||||||||||||||||
10.6* | Demisto, Inc. 2015 Stock Option Plan, as amended. | S-8 | 333-230663 | 99.1 | April 1, 2019 | |||||||||||||||||||||||||||
10.7* | Twistlock Ltd. Amended and Restated 2015 Share Option Plan. | S-8 | 333-232672 | 99.1 | July 16, 2019 | |||||||||||||||||||||||||||
10.8* | Zingbox, Inc. Stock Incentive Plan, as amended and restated. | S-8 | 333-234059 | 99.1 | October 2, 2019 | |||||||||||||||||||||||||||
10.9* | Aporeto, Inc. Amended and Restated 2015 Stock Option and Grant Plan. | S-8 | 333-235854 | 99.1 | January 8, 2020 | |||||||||||||||||||||||||||
- 104 -
| Exhibit Number | Exhibit Description | Incorporated by Reference | ||||||||||||||||||||||||||||||
| Form | File No. | Exhibit | Filing Date | |||||||||||||||||||||||||||||
| CloudGenix Inc. 2013 Equity Incentive Plan. | S-8 | 333-238014 | 99.1 | May 5, 2020 | ||||||||||||||||||||||||||||
Crypsis Group Holdings, LLC 2017 Equity Incentive Plan. | S-8 | 333-249387 | 99.1 | October 8, 2020 | ||||||||||||||||||||||||||||
| Sinefa Group, Inc. 2020 Stock Plan. | S-8 | 333-251423 | 99.1 | December 17, 2020 | ||||||||||||||||||||||||||||
| Expanse Holding Company, Inc. Amended and Restated 2012 Stock Incentive Plan. | S-8 | 333-251425 | 99.1 | December 17, 2020 | ||||||||||||||||||||||||||||
| Bridgecrew, Inc. 2019 Stock Incentive Plan. | S-8 | 333-254042 | 99.1 | March 9, 2021 | ||||||||||||||||||||||||||||
| Employee Incentive Compensation Plan, as amended and restated. | 10-Q | 001-35594 | 10.2 | November 25, 2014 | ||||||||||||||||||||||||||||
| Clawback Policy, adopted as of August 29, 2017. | 10-Q | 001-35594 | 10.3 | November 21, 2017 | ||||||||||||||||||||||||||||
| Executive Incentive Plan effective December 8, 2017. | 10-Q | 001-35594 | 10.2 | February 27, 2018 | ||||||||||||||||||||||||||||
Employment Agreement between Palo Alto Networks (Israel Analytics) Ltd. and Nir Zuk, dated August 18, 2020. | 10-Q | 001-35594 | 10.1 | November 19, 2020 | ||||||||||||||||||||||||||||
| Offer Letter between the Registrant and Jean Compeau, dated February 22, 2018. | 8-K | 001-35594 | 10.1 | February 26, 2018 | ||||||||||||||||||||||||||||
Addendum to Offer Letter by and between the Registrant and Jean Compeau, dated March 17, 2021. | 10-Q | 001-35594 | 10.1 | May 21, 2021 | ||||||||||||||||||||||||||||
| New Offer Letter between the Registrant and Mark D. McLaughlin, dated May 31, 2018. | 8-K | 001-35594 | 10.1 | June 4, 2018 | ||||||||||||||||||||||||||||
| Offer Letter between the Registrant and Nikesh Arora, dated May 30, 2018. | 8-K | 001-35594 | 10.2 | June 4, 2018 | ||||||||||||||||||||||||||||
| Offer Letter between the Registrant and Amit K. Singh, dated October 11, 2018. | 8-K | 001-35594 | 10.1 | October 15, 2018 | ||||||||||||||||||||||||||||
| Confirmatory Employment Letter between the Registrant and Lee Klarich, dated December 19, 2011. | 10-Q | 001-35594 | 10.4 | November 30, 2018 | ||||||||||||||||||||||||||||
| Addendum to Offer Letter by and between the Registrant and Dipak Golechha, dated March 17, 2021. | 8-K | 001-35594 | 10.1 | March 19, 2021 | ||||||||||||||||||||||||||||
| Offer Letter between the Registrant and William “BJ” Jenkins dated July 27, 2021. | 8-K | 001-35594 | 10.1 | August 12, 2021 | ||||||||||||||||||||||||||||
Form of Offer Letter between the Registrant and its directors. | ||||||||||||||||||||||||||||||||
| Amended and Restated Flextronics Manufacturing Services Agreement, by and between the Registrant and Flextronics Telecom Systems Ltd., dated April 1, 2019. | 10-Q | 001-35594 | 10.1 | May 30, 2019 | ||||||||||||||||||||||||||||
Vendor Information Security Terms between the Registrant and Flextronics Telecom Systems Ltd. dated July 30, 2021 | ||||||||||||||||||||||||||||||||
| Settlement, Release and Cross-License Agreement, dated May 27, 2014, by and between the Registrant and Juniper Networks, Inc. | 8-K | 001-35594 | 10.1 | May 28, 2014 | ||||||||||||||||||||||||||||
| Purchase Agreement, dated July 10, 2018, by and among the Registrant and Citigroup Global Markets Inc. and Wells Fargo Securities, LLC, as representatives of the several Initial Purchasers named therein. | 8-K | 001-35594 | 10.1 | July 13, 2018 | ||||||||||||||||||||||||||||
| Form of Convertible Note Hedge Confirmation. | 8-K | 001-35594 | 10.2 | July 13, 2018 | ||||||||||||||||||||||||||||
- 105 -
| Exhibit Number | Exhibit Description | Incorporated by Reference | ||||||||||||||||||||||||||||||
| Form | File No. | Exhibit | Filing Date | |||||||||||||||||||||||||||||
| Form of Warrant Confirmation. | 8-K | 001-35594 | 10.3 | July 13, 2018 | ||||||||||||||||||||||||||||
| Purchase Agreement, dated June 3, 2020, by and among the Registrant and Morgan Stanley & Co. LLC and Citigroup Global Markets Inc., as representatives of the several Initial Purchasers named therein. | 8-K | 001-35594 | 10.1 | June 8, 2020 | ||||||||||||||||||||||||||||
| Form of Convertible Note Hedge Confirmation. | 8-K | 001-35594 | 10.2 | June 8, 2020 | ||||||||||||||||||||||||||||
| Form of Warrant Confirmation. | 8-K | 001-35594 | 10.3 | June 8, 2020 | ||||||||||||||||||||||||||||
| Lease between the Registrant and Santa Clara Campus Property Owner I LLC, dated May 28, 2015. | 10-K | 001-35594 | 10.29 | September 17, 2015 | ||||||||||||||||||||||||||||
| Lease between the Registrant and Santa Clara Campus Property Owner I LLC, dated May 28, 2015. | 10-K | 001-35594 | 10.30 | September 17, 2015 | ||||||||||||||||||||||||||||
| Lease between the Registrant and Santa Clara Campus Property Owner I LLC, dated May 28, 2015. | 10-K | 001-35594 | 10.31 | September 17, 2015 | ||||||||||||||||||||||||||||
| Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated October 7, 2015. | 8-K/A | 001-35594 | 10.1 | October 19, 2015 | ||||||||||||||||||||||||||||
| Amendment No. 1 to Lease by and between the Registrant and Santa Clara Phase I Property LLC, dated November 9, 2015. | 10-Q | 001-35594 | 10.2 | November 24, 2015 | ||||||||||||||||||||||||||||
| Amendment No. 1 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated November 9, 2015. | 10-Q | 001-35594 | 10.3 | November 24, 2015 | ||||||||||||||||||||||||||||
| Amendment No. 1 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated September 16, 2016. | 10-Q | 001-35594 | 10.1 | November 22, 2016 | ||||||||||||||||||||||||||||
| Amendment No. 1 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated September 16, 2016. | 10-Q | 001-35594 | 10.2 | November 22, 2016 | ||||||||||||||||||||||||||||
| Amendment No. 2 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated September 16, 2016. | 10-Q | 001-35594 | 10.3 | November 22, 2016 | ||||||||||||||||||||||||||||
| Amendment No. 2 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated November 16, 2016. | 10-Q | 001-35594 | 10.1 | March 1, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 2 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated November 16, 2016. | 10-Q | 001-35594 | 10.2 | March 1, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 3 to Lease by and between the Registrant and Santa Clara Campus Property Owner I LLC, dated November 16, 2016. | 10-Q | 001-35594 | 10.3 | March 1, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 3 to Lease by and between the Registrant and Santa Clara EFH LLC, dated June 22, 2017. | 10-K | 001-35594 | 10.40 | September 7, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 3 to Lease by and between the Registrant and Santa Clara G LLC, dated June 22, 2017. | 10-K | 001-35594 | 10.41 | September 7, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 4 to Lease by and between the Registrant and Santa Clara EFH LLC, dated June 22, 2017. | 10-K | 001-35594 | 10.42 | September 7, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 4 to Lease by and between the Registrant and Santa Clara Phase III EFH LLC, dated September 29, 2017. | 10-Q | 001-35594 | 10.5 | November 21, 2017 | ||||||||||||||||||||||||||||
- 106 -
| Exhibit Number | Exhibit Description | Incorporated by Reference | ||||||||||||||||||||||||||||||
| Form | File No. | Exhibit | Filing Date | |||||||||||||||||||||||||||||
| Amendment No. 4 to Lease by and between the Registrant and Santa Clara Phase III G LLC, dated September 29, 2017. | 10-Q | 001-35594 | 10.6 | November 21, 2017 | ||||||||||||||||||||||||||||
| Amendment No. 5 to Lease by and between the Registrant and Santa Clara Phase III EFH LLC, dated September 29, 2017. | 10-Q | 001-35594 | 10.7 | November 21, 2017 | ||||||||||||||||||||||||||||
| Credit Agreement, dated as of September 4, 2018, by and among the Registrant, the lenders from time to time party thereto and Citibank, N.A., as administrative agent. | 8-K | 001-35594 | 10.1 | September 6, 2018 | ||||||||||||||||||||||||||||
| List of subsidiaries of the Registrant. | ||||||||||||||||||||||||||||||||
| Consent of Independent Registered Public Accounting Firm. | ||||||||||||||||||||||||||||||||
| Power of Attorney (contained in the signature page to this Annual Report on Form 10-K). | ||||||||||||||||||||||||||||||||
| Certification of the Chief Executive Officer pursuant to Section 302(a) of the Sarbanes-Oxley Act of 2002. | ||||||||||||||||||||||||||||||||
| Certification of the Chief Financial Officer pursuant to Section 302(a) of the Sarbanes-Oxley Act of 2002. | ||||||||||||||||||||||||||||||||
32.1† | Certification of Chief Executive Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002. | |||||||||||||||||||||||||||||||
32.2† | Certification of Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002. | |||||||||||||||||||||||||||||||
| 101.INS | XBRL Instance Document. | |||||||||||||||||||||||||||||||
| 101.SCH | XBRL Taxonomy Schema Linkbase Document. | |||||||||||||||||||||||||||||||
| 101.CAL | XBRL Taxonomy Calculation Linkbase Document. | |||||||||||||||||||||||||||||||
| 101.DEF | XBRL Taxonomy Definition Linkbase Document. | |||||||||||||||||||||||||||||||
| 101.LAB | XBRL Taxonomy Labels Linkbase Document. | |||||||||||||||||||||||||||||||
| 101.PRE | XBRL Taxonomy Presentation Linkbase Document. | |||||||||||||||||||||||||||||||
| 104 | Cover Page Interactive Data File (formatted as inline XBRL and contained in Exhibit 101) | |||||||||||||||||||||||||||||||
* Indicates a management contract or compensatory plan or arrangement.
** Certain portions of this exhibit have been omitted as the Registrant has determined (i) the omitted information is not material and (ii) the omitted information would likely cause harm to the Registrant if publicly disclosed.
† The certifications attached as Exhibit 32.1 and Exhibit 32.2 that accompany this Annual Report on Form 10-K, are not deemed filed with the Securities and Exchange Commission and are not to be incorporated by reference into any filing of the Registrant under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended, whether made before or after the date of this Annual Report on Form 10-K, irrespective of any general incorporation language contained in such filing.
- 107 -
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, on September 3, 2021.
| PALO ALTO NETWORKS, INC. | |||||
| By: | /s/ NIKESH ARORA | ||||
| Nikesh Arora | |||||
| Chairman and Chief Executive Officer | |||||
- 108 -
POWER OF ATTORNEY
KNOW ALL THESE PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Nikesh Arora, Dipak Golechha, and Jean Compeau, and each of them, as his or her true and lawful attorney-in-fact and agent, with full power of substitution and resubstitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K, and to file the same, with all exhibits thereto, and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents, and each of them, full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes as he or she might or could do in person, hereby ratifying and confirming all that said attorneys-in-fact and agents, or any of them, or their, his or her substitutes, may lawfully do or cause to be done by virtue thereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated:
| Signature | Title | Date | ||||||||||||
| /s/ NIKESH ARORA | Chairman, Chief Executive Officer and Director (Principal Executive Officer) | September 3, 2021 | ||||||||||||
| Nikesh Arora | ||||||||||||||
| /s/ DIPAK GOLECHHA | Chief Financial Officer (Duly Authorized Officer and Principal Financial Officer) | September 3, 2021 | ||||||||||||
| Dipak Golechha | ||||||||||||||
| /s/ JEAN COMPEAU | Deputy Chief Financial Officer and Chief Accounting Officer (Duly Authorized Officer and Principal Accounting Officer) | September 3, 2021 | ||||||||||||
| Jean Compeau | ||||||||||||||
| /s/ MARK D. MCLAUGHLIN | Vice Chairman and Director | September 3, 2021 | ||||||||||||
| Mark D. McLaughlin | ||||||||||||||
| /s/ NIR ZUK | Chief Technology Officer and Director | September 3, 2021 | ||||||||||||
| Nir Zuk | ||||||||||||||
/s/ APARNA BAWA | Director | September 3, 2021 | ||||||||||||
| Aparna Bawa | ||||||||||||||
| /s/ ASHEEM CHANDNA | Director | September 3, 2021 | ||||||||||||
| Asheem Chandna | ||||||||||||||
| /s/ JOHN M. DONOVAN | Director | September 3, 2021 | ||||||||||||
| John M. Donovan | ||||||||||||||
| /s/ CARL ESCHENBACH | Director | September 3, 2021 | ||||||||||||
| Carl Eschenbach | ||||||||||||||
/s/ DR. HELENE D. GAYLE | Director | September 3, 2021 | ||||||||||||
| Dr. Helene D. Gayle | ||||||||||||||
| /s/ JAMES J. GOETZ | Director | September 3, 2021 | ||||||||||||
| James J. Goetz | ||||||||||||||
| /s/ RT HON SIR JOHN KEY | Director | September 3, 2021 | ||||||||||||
| Rt Hon Sir John Key | ||||||||||||||
| /s/ MARY PAT MCCARTHY | Director | September 3, 2021 | ||||||||||||
| Mary Pat McCarthy | ||||||||||||||
| /s/ LORRAINE TWOHILL | Director | September 3, 2021 | ||||||||||||
| Lorraine Twohill | ||||||||||||||
- 109 -
Exhibit 4.5
DESCRIPTION OF REGISTRANT’S SECURITIES
The following is a summary of information concerning the capital stock of Palo Alto Networks, Inc. (the “Company,” “we,” “us” or “our”) and certain provisions of our restated certificate of incorporation (“COI”) and amended and restated bylaws (“Bylaws”) as they are currently in effect. This summary does not purport to be complete and does not contain all the information that may be important to you. This summary is qualified in its entirety by the provisions of our COI and Bylaws, each previously filed with the Securities and Exchange Commission and incorporated by reference as an exhibit to the Annual Report on Form 10-K, of which this Exhibit 4.5 is a part, as well as the applicable provisions of the Delaware General Corporate Law (the “DGCL”). We encourage you to read our COI, Bylaws, and to the applicable provisions of the DGCL carefully.
General
Our authorized capital stock consists of 1,100,000,000 shares, with a par value of $0.0001 per share, of which 1,000,000,000 shares are designated as common stock and 100,000,000 shares are designated as preferred stock.
Common stock
The holders of our common stock are entitled to one vote per share in any election of directors and on all matters submitted to a vote of our stockholders and do not have cumulative voting rights. Accordingly, holders of a majority of the shares of our common stock entitled to vote in any election of directors may elect all of the directors standing for election. Subject to preferences that may be applicable to any preferred stock outstanding at the time, the holders of outstanding shares of common stock are entitled to receive ratably any dividends declared by our board of directors out of assets legally available. Upon our liquidation, dissolution, or winding up, holders of our common stock are entitled to share ratably in all assets remaining after payment of liabilities and the liquidation preference of any then outstanding shares of preferred stock. Holders of common stock have no preemptive or conversion rights or other subscription rights. There are no redemption or sinking fund provisions applicable to the common stock.
Preferred stock
Our board of directors is authorized, without further action by our stockholders, to issue from time to time up to an aggregate of 100,000,000 shares of preferred stock in one or more series and to designate the rights, preferences, privileges, and restrictions of the preferred stock, including dividend rights, conversion rights, voting rights, redemption rights, liquidation preference, sinking fund terms, and the number of shares constituting any series or the designation of any series, any or all of which may be greater than the rights of common stock.
Anti-takeover effects of the COI, Bylaws and Delaware law
Our COI and Bylaws contain certain provisions that could have the effect of delaying, deferring or discouraging another party from acquiring control of the Company. These provisions and certain provisions of Delaware law, which are summarized below, could discourage takeovers, coercive or otherwise. These provisions are also designed, in part, to encourage persons seeking to acquire control of us to negotiate first with our board of directors. We believe
that the benefits of increased protection of our potential ability to negotiate with an unfriendly or unsolicited acquirer outweigh the disadvantages of discouraging a proposal to acquire us.
Undesignated preferred stock. As discussed above, our board of directors has the ability to designate and issue preferred stock with voting or other rights or preferences that could deter hostile takeovers or delay changes in our control or management.
Limits on the ability of stockholders to act by written consent or call a special meeting. Our COI provides that our stockholders may not act by written consent, which may lengthen the amount of time required to take stockholder actions. As a result, the holders of a majority of our capital stock would not be able to amend our COI or Bylaws or remove directors without holding a meeting of stockholders called in accordance with our Bylaws.
In addition, our COI and Bylaws provide that special meetings of the stockholders may be called only by chairman of our board of directors, the chief executive officer, the president (in the absence of a chief executive officer), or our board of directors. A stockholder may not call a special meeting, which may delay the ability of our stockholders to force consideration of a proposal or for holders controlling a majority of our capital stock to take any action, including the removal of directors. Our board of directors may, at any time prior to the holding of a meeting of stockholders and for any reasonable reason, postpone or cancel such meeting.
Requirements for advance notification of stockholder nominations and proposals. Our COI and Bylaws contain advance notice procedures with respect to stockholder proposals and the nomination of candidates for election as directors, other than nominations made by or at the direction of our board of directors or a committee of the board of directors. Under our Bylaws, eligible stockholders may nominate persons for our board of directors for inclusion in our proxy statement. To be eligible, a single stockholder, or group of up to 20 stockholders, must own 3% of our outstanding stock continuously from at least three years prior to such nomination through the date of our relevant annual meeting. The individual stockholder, or group of stockholders, may submit that number of director nominations not exceeding the greater of (a) two or (b) 20% of the number of directors in office. Any such nomination must comply with the requirements set forth in our Bylaws. These advance notice procedures may have the effect of precluding the conduct of certain business at a meeting if the proper procedures are not followed and may also discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempt to obtain control of our company.
Board classification. Our board of directors is divided into three classes. The directors in each class serve for a three-year term, one class being elected each year by our stockholders. This system of electing and removing directors may tend to discourage a third party from making a tender offer or otherwise attempting to obtain control of us, because it generally makes it more difficult for stockholders to replace a majority of the directors.
No cumulative voting. The Delaware General Corporation Law provides that stockholders are not entitled to the right to cumulate votes in the election of directors unless the certificate of incorporation provides otherwise. Our COI and Bylaws do not expressly provide for cumulative voting. Without cumulative voting, a minority stockholder may not be able to gain as many seats on our board of directors as the stockholder would be able to gain if cumulative voting were permitted. The absence of cumulative voting makes it more difficult for a minority stockholder to
gain a seat on our board of directors to influence our board of directors’ decision regarding a takeover.
Delaware anti-takeover statute. We are subject to the provisions of Section 203 of the Delaware General Corporation Law regulating corporate takeovers. In general, Section 203 prohibits a publicly held Delaware corporation from engaging, under certain circumstances, in a business combination with an interested stockholder for a period of three years following the date the person became an interested stockholder unless:
•prior to the date of the transaction, our board of directors approved either the business combination or the transaction that resulted in the stockholder becoming an interested stockholder;
•upon completion of the transaction that resulted in the stockholder becoming an interested stockholder, the interested stockholder owned at least 85% of the voting stock of the corporation outstanding at the time the transaction commenced, excluding for purposes of determining the voting stock outstanding, but not the outstanding voting stock owned by the interested stockholder, (1) shares owned by persons who are directors and also officers and (2) shares owned by employee stock plans in which employee participants do not have the right to determine confidentially whether shares held subject to the plan will be tendered in a tender or exchange offer; or
•at or subsequent to the date of the transaction, the business combination is approved by our board of directors and authorized at an annual or special meeting of stockholders, and not by written consent, by the affirmative vote of at least 66 2/3% of the outstanding voting stock that is not owned by the interested stockholder.
Generally, a business combination includes a merger, asset or stock sale, or other transaction resulting in a financial benefit to the interested stockholder. An interested stockholder is a person who, together with affiliates and associates, owns or, within three years prior to the determination of interested stockholder status, did own 15% or more of a corporation’s outstanding voting stock. We expect the existence of this provision to have an anti-takeover effect with respect to transactions our board of directors does not approve in advance. We also anticipate that Section 203 may discourage attempts that might result in a premium over the market price for the shares of common stock held by stockholders.
Transfer Agent and Registrar
The transfer agent and registrar for our common stock is ComputerShare Trust Company, N.A. The transfer agent’s address is 250 Royall Street, Canton, Massachusetts 02021, and its telephone number is (877) 373-6374.
Exchange Listing
Our common stock is listed on the New York Stock Exchange under the symbol “PANW.”
Exhibit 10.26
Dear ,
On behalf of the Board of Directors (the “Board”) of Palo Alto Networks, Inc. (the “Company”), we are pleased to inform you that our Nominating and Governance Committee of the Board has nominated you for election as a member of our Board.
As you are aware, the Company is a Delaware corporation and therefore your rights and duties as a Board member of the Company are prescribed by Delaware law, SEC laws, listing rules for the stock exchange on which our shares are traded, our charter documents and by the policies established by our Board from time to time. In addition, you may also be requested to serve as a director of one or more of our subsidiaries in which case you may be subject to other laws while serving in such a capacity.
From time to time, our Board may establish certain other committees to which it may delegate certain duties. In addition to committee meetings, which shall be convened as needed, our Board meetings are generally held quarterly at the Company’s offices in Santa Clara, California. We would hope that your schedule would permit you to attend all of the meetings of the Board and any committees of which you are a member. In addition, from time to time, there may be telephonic meetings to address special matters.
It is expected that during the term of your Board membership with the Company you will not engage in any other employment, occupation, consulting or other business activity that competes with the business in which the Company is now involved in or becomes involved in during the term of your service to the Company, nor will you engage in any other activities that conflict with your obligations to the Company.
If you decide to join the Board, under the terms of our non-employee director compensation policy, you will automatically be granted a restricted stock unit award under our 2012 Equity Incentive Plan (the “2012 Plan”) having a value equal to $1,000,000 (the “Award”) in consideration for your service as a member of the Board. The number of Award shares will be based on the average closing price of the Company’s common stock over the 30 calendar days prior to the 15th day of the month in which the grant occurs. The Award shares will vest over three years, with 1/3 of the shares subject to the Award grant vesting on the first anniversary of the grant date and the remaining shares vesting equally over the next two years on a quarterly basis, subject to you continuing to serve as a Board member on each vesting date. The vesting of the Award will accelerate upon a Change in Control (as defined in the 2012 Plan).
In addition to the Award, you will be eligible to receive annual restricted stock unit equity awards with a value of $300,000 (plus any fees for committee service) on the date of each annual meeting of stockholders (commencing with the December [year] meeting) in accordance with our non-employee director compensation policy, subject to your continuing service on the Board. Each annual restricted stock unit equity award is expected to vest over one year on a quarterly basis and will accelerate upon a Change in Control (as defined in the 2012 Plan).
The payment of compensation to Board members is subject to many restrictions under applicable law, and as such, you should be aware that the compensation set forth above is subject to such future changes and
modifications as the Board or its committees may deem necessary or appropriate. In addition, please note that unless otherwise approved by our Board or required under applicable law, directors of our
subsidiaries shall not be entitled to any compensation. You shall be entitled to reimbursement for reasonable expenses incurred by you in connection with your service to the Company and attendance of Board and committee meetings in accordance with the Company’s established policies.
Please note that nothing in this letter or any agreement granting you equity should be construed to interfere with or otherwise restrict in any way the rights of the Company, its Board or stockholders from removing you from the Board or any committee in accordance with the provisions of applicable law. Furthermore, except as otherwise provided to other non-employee Board members or required by law, the Company does not intend to afford you any rights as an employee, including without limitation, the right to further employment or any other benefits.
We hope that you find the foregoing terms acceptable. You may indicate your agreement with these terms by signing and dating both the enclosed duplicate and original letter and returning them to me. By signing this letter you also represent that the execution and delivery of this agreement and the fulfillment of the terms hereof will not require the consent of another person, constitute a default under or conflict with any agreement or other instrument to which you are bound or a party.
On behalf of the Company it gives us great pleasure to welcome you as a member of our Board. We anticipate your leadership and experience shall make a key contribution to our success at this critical time in our growth and development.
Yours very truly,
Palo Alto Networks, Inc.
Acknowledged and agreed to
Exhibit 10.28
VENDOR INFORMATION SECURITY TERMS
These Information Security Terms (“Terms”) is made and entered into of the latter date of execution (“Effective Date”) by and between:
Flextronics Telecom Systems Ltd. (“Vendor”)
Suite 402, St. James Court, St. Dennis Street, Port Louis Mauritius
And,
If Company is located in the Americas:
Palo Alto Networks, Inc.,
3000 Tannery Way, Santa Clara
California 95054, United States
If Company is located in any other country:
Palo Alto Networks (Netherlands) B.V.
De Entrée 99-197, Oval Tower, 5th Floor
1101 HE Amsterdam, the Netherlands
(collectively, "Palo Alto Networks")
Palo Alto Networks and Company may also be referred to herein individually as a “Party” or collectively as the “Parties” throughout this Agreement.
IN WITNESS WHEREOF, Parties hereto have caused their respective authorized representatives to execute this Agreement as of the Effective Date.
| ☒ Palo Alto Networks, Inc. | Company: | |||||||||||||
| □ Palo Alto Networks (Netherlands) B.V. | Flextronics Telecom Systems Ltd | |||||||||||||
| (to be completed by Palo Alto Networks) | ||||||||||||||
| Signed: | /s/ Vonnie French | Signed: | /s/ B. Vijayandran A/L S. Balasingam | |||||||||||
| Print Name: | Vonnie French | Print Name: | B. Vijayandran A/L S. Balasingam | |||||||||||
| Title: | SVP, Worldwide Operations | Title: | DIRECTOR | |||||||||||
| Date: | 2021-07-23 | Date: | June, 30, 2021 | |||||||||||
Vendor Information Security Terms – 2019MAR211111 page 1 of 7
1.Definitions
a.“Agreement(s)” shall mean the commercial agreement between Palo Alto Networks and the Vendor that outlines the commercial terms applicable to the services pursuant to which the Protected Information shall be processed. This could be, amongst others, a Professional Services Agreement or a Software-as-a-Service Agreement.
b.“Data Protection Law(s)” shall mean all applicable privacy and security laws, including but not limited to (i) domestic and international data privacy and data protection legislation; (ii) security and breach notification laws; (iii) generally accepted privacy and security industry standards; and (iv) the European Union General Data Protection Regulation (“GDPR”).
c.“Encryption” means encryption that is based on industry-tested, accepted and uncompromised algorithms that meets at least the NIST standards for encryption algorithms, as updated.
d.“Personal Data” shall mean any information related to any identified or identifiable natural person, such as Palo Alto Networks personnel, customers, subcontractors, partners or any other third party (including third parties’ personnel) (“Individuals”), that Vendor has received or collected for processing pursuant to the Agreement(s). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such information includes, without limit, names, contact information, e-mail addresses, and other categories of information as agreed upon for each service.
e.“Protected Information” shall mean information that Palo Alto Networks provides to Vendor during the course of the Agreement, including, Personal Information, Confidential Information as defined in the Agreement, and other material data, financial affairs, customer information, product information, intellectual property, trade secrets or proprietary information.
f. “Security Incident” shall mean: (i) the loss, misuse or breach, by any means, of Protected Information; (ii) the inadvertent, unauthorized, and/or unlawful Processing of any Protected Information that compromises its security, confidentiality, or integrity.
2.General Controls
a.Vendor must maintain a written information security program that:
i.is managed by a senior employee responsible for overseeing and implementing the program;
ii.includes appropriate technical and organizational security measures reasonably designed to protect Protected Information against unauthorized or unlawful processing and against accidental loss or destruction, or damage; and
iii.is appropriate to the nature, size, and complexity of Vendor’s business operations.
b.Vendor must only process Protected Information in accordance with the Agreement for the purpose of meeting its obligations under the Agreement.
Vendor Information Security Terms – 2019MAR211111 page 1 of 7
c.Vendor must, at all times, have in place appropriate technical and organizational security measures so that Protected Information is protected against unauthorized or unlawful processing and against accidental loss or destruction, or damage.
d.Vendor shall conduct a risk assessment periodically, and will promptly implement, at its sole cost and expense, a corrective action plan to correct any issues that are reported as a result of the assessment or of any scanning, vulnerability or penetration testing. Vendor shall perform at least:
i.quarterly vulnerability scans
ii.annual penetration tests.
3.Human Resources
a.Vendor must take reasonable steps to ensure the reliability of any of its employees who process Protected Information.
b.Vendor must ensure that all of its employees are informed of the confidential nature of Protected Information and are aware both of the Vendor’s obligations and their personal duties and obligations under the Agreement and under applicable laws.
c.Vendor must inform employees that failure to meet their responsibilities for processing Protected Information may result in disciplinary action.
d.Vendor shall remain legally responsible for obligations which are performed by employees and for the acts or omissions of employees as if they were acts or omissions of the Vendor.
4.Subcontractors
a.Vendor may engage agents or sub-contractors to provide the services or any material part of the services or to process any Protected Information with written notification to the Palo Alto Networks Contact identified above.
b.Vendor must ensure all agents or sub-contractors provide sufficient guarantees in respect of technical and organizational measures governing the processing of Protected Information and must take reasonable steps to ensure agents or sub- contractors comply with those measures.
c.Vendor must ensure any written contract it has with an agent or sub- contractor requires them to act on its instructions only and imposes obligations upon them to observe the confidentiality and security of Protected Information they may be required to process.
d.Vendor must ensure that all agents or sub-contractors meet, as a minimum, all requirements detailed in this document.
e.Vendor will remain responsible for obligations which are performed by agents or sub-contractors and for the acts or omissions of agents and sub-contractors as if they were acts or omissions of the Vendor.
5.Controlling Access to Data
a.Vendor must ensure that only its employees who may be required by the Vendor to assist it in meeting its obligations under the Agreement will have access to Protected Information.
b.Vendor must enforce the principle of least privilege (i.e. each individual is only given the minimum access capabilities necessary to meet business requirements) when providing employees with access to systems containing Protected Information.
c.Vendor must ensure only its system administrators have privileges to create access accounts to systems containing Protected Information.
d.Access to systems containing Protected Information must be controlled by a secure log- on procedure. Users must not share names, accounts or passwords.
Vendor Information Security Terms – 2019MAR212222 page 2 of 7
e.Vendor must ensure that each user accessing systems containing Protected Information is uniquely identifiable.
f.Vendor must ensure that employees accessing Protected Information remotely are authenticated using two-factor authentication mechanisms via a secure connection.
g.Access to Protected Information, including user accounts and passwords, must be revoked immediately when no longer required.
h.Vendor must maintain reasonable information details of all employees with access to Protected Information. Vendor must perform regular reviews of user access to Protected Information (e.g. at least every 6 months and promptly after any changes such as promotion, demotion or termination of employment).
i.Vendor must keep security event logs on systems storing, processing or transmitting Protected Information to permit tracking of system activity (e.g. date, who, where). Security event logs must be retained for a minimum period of 365 days and reviewed regularly for unauthorized or unlawful activity.
j.Vendor must ensure that appropriate physical access controls are in place where Protected Information is stored.
k.Access shall not be granted in public areas and output such as printouts shall be to areas where only those organization staff who are authorized to access the Protected Information can reach it.
6.Storing Protected Information
a.Vendor must ensure Protected Information in its information systems is logically segregated from other client’s data using appropriate access control mechanisms.
b.Electronic and paper records containing Protected Information must be stored in a locked room or area where access is controlled.
i.Personal Information should not be stored on external hard drives or removable media (e.g. USB Thumb Drives, CDs or DVDs) without providing notification to Palo Alto Networks Contact.Backups may be taken if this provides no more access than when the information is within the computer system. Backup media must be subject to secure storage. Additional controls such as Encryption shall be used.
c.Protected Information stored by Vendor must be secured using Encryption.
d.Vendor must ensure appropriate anti-virus/anti-malware detection software is implemented across all information systems processing Protected Information in its organization. Vendor must also ensure the anti-virus/anti-malware software is up-to- date using the most recent virus and malware signatures and definitions.
7.Transferring Protected Information
a.Vendor must not disclose Protected Information to a third party in any circumstances other than as specified in the Agreement or at the specific written request of the Palo Alto Networks Contact.
b.Subject to Vendor’s disaster recovery and business continuity obligation under 1.10 (Backup and Disaster Recovery), Vendor must not under any circumstances transfer, use or process Personal Information to the extent it is subject to GDPR, outside the European Economic Area unless authorized in writing to do so by the Palo Alto Networks Contact.
c.In relation to transfers of Protected Information to and from Palo Alto Networks and any agent or sub-contractor:
Vendor Information Security Terms – 2019MAR213333 page 3 of 7
i.All electronic transfers of Protected Information must be secured using Encryption. Protected Information shall not be sent in the clear over unencrypted connections.
ii.When transferring Protected Information on paper, the document must be labelled Palo Alto Networks Confidential and sent by secure mail courier using double-wrapped envelopes, sealed in a way that tampering with the seal is immediately evident.
iii.When transferring Protected Information using removable media (e.g. CD, memory stick, external hard drives) all media must be labelled ‘Palo Alto Networks Confidential’, must be secured using appropriate Encryption and sent using double-wrapped envelopes, sealed in a way that tampering with the seal is immediately evident.
iv.If Vendor uses a secure mail courier for transferring Protected Information it must ensure the courier only delivers the envelope to a specified contact after examination of an original and valid photographic identity document (e.g. Palo Alto Networks issued pass, driving license or passport). Following delivery, a signature must be obtained as confirmation of receipt. If the specified recipient is not available, then delivery must be delayed or if delivery cannot be completed then the envelope must be returned unopened.
v.Vendor must always seek the Palo Alto Networks Contact’s written permission before transferring Protected Information that does not meet the above criteria.
vi.The chain of custody for Palo Alto Networks Information shall be clearly defined and tracked via formal handovers including signatures for acceptance.
vii.Vendor must maintain, for the duration of the Agreement and then for as long as is required by law, complete and accurate records of all transfers of Personal Information in connection with the Agreement.
8.Deletion or Return Protected Information
a.Upon termination or expiration of the Agreement or at any time per Palo Alto Networks’ written request, Vendor shall: (i) return to Palo Alto Networks all data, including but not limited to, all paper and electronic files, materials, documentation, notes, plans, drawings, and all copies thereof, and ensure that all electronic copies of such Protected Information are deleted from Vendor’s (and where applicable, its subcontractors’) systems: or (ii) if requested by Palo Alto Networks in writing, destroy, delete and render unrecoverable (in accordance with the National Institute of Standards and Technology (NIST) Guidelines for Media Sanitization) from Vendor’s systems (and where applicable, its subcontractors’) all Protected Information. Where possible, secure destruction shall be verified by a second authorized individual. Vendor shall certify in writing within thirty (30) days of Palo Alto Networks’ request for destruction that these actions have been completed.
9.Incident Management
a.Vendor must ensure incident management procedures are in place throughout its organization and they are communicated to all staff, and incidents are logged.
b.Any Security Incident where Palo Alto Networks Protected Information has been compromised shall be reported to Vendor’s management immediately and flagged as a Security Incident. Such incidents will be recorded and investigated in accordance with Vendor’s security incident management procedures.
Vendor Information Security Terms – 2019MAR214444 page 4 of 7
c.Vendor must notify without undue delay the Palo Alto Networks Contact of any confirmed Security Incident. Vendor must provide Palo Alto Networks with all reasonable information, data and documentation relating to the Security Incident. Vendor shall immediately take all commercially reasonable measures to mitigate the harmful effects of the Security Incident and/or to prevent such Security Incident from reoccurring.
d.Vendor must immediately notify the Palo Alto Networks Contact of:
i. Any request for disclosure of Protected Information by a law enforcement authority or any notice or communication from any supervisory or government body which relates directly or indirectly to the processing of Protected Information received by the Vendor;
ii.Any complaint, notice or communication which relates directly or indirectly to the processing of Protected Information or to either party’s compliance with any Data Protection Laws; and/or
iii.Any subject access request by an individual concerning his or her Personal Data and must provide Palo Alto Networks with full co-operation and assistance in relation to any such request, complaint, notice or communication and shall not respond unless Palo Alto Networks has instructed the Vendor to do so or as provided in the Agreement.
10.Backup and Disaster Recovery
a.Vendor must maintain a disaster recovery and business continuity plan defining how Protected Information will be recovered from backup tapes and offsite information systems, and how the business will continue operating during the recovery period.
b.Vendor must perform regular encrypted backups of Protected Information processed on its information systems. The regularity of backup will depend on the type, volume and frequency of change of Protected Information processed by Vendor and agreed with the Palo Alto Networks Contact.
11.System Development
a.Vendor must maintain documentation on overall system, network, and application architecture, data flows, process flows, and security functionality for all applications that process or store any Protected Information. Vendor must employ documented secure programming guidelines, standards, and protocols in the development of applications that process or store any Protected Information.
b.Vendor must have a documented program for secure code reviews and maintain documentation of secure code reviews performed for all applications that store or process Protected Information.
c.Vendor must use a threat model methodology to identify the key risks to the important assets and functions provided by all applications that store or process Protected Information, conduct an analysis of the most common programming errors, and document in writing that they have been mitigated.
d.Vendor will patch all workstations and servers with all current operating system, database and application patches deployed in Vendor’s computing environment according to a schedule predicated on the criticality of the patch. Vendor must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched.
e.Vendor will employ an effective, documented change management program with respect to the Services as an integral part of its security profile. This includes logically or physically separate environments from production for all development and testing.
Vendor Information Security Terms – 2019MAR215555 page 5 of 7
Vendor shall not use Protected Information in development or testing environments, unless the Protected Information has been sufficiently sanitized such that it does not pose a risk of a Security Incident.
f. Vendor must notify the Palo Alto Networks contact upon system changes that result in a material reduction of security and work with Vendor in good faith to resolve such gaps.
12.Training
a.Vendor must ensure that all of its employees who process Protected Information are trained in Data Protection Laws and in the manner of dealing with Protected Information.
b.Vendor will conduct information security awareness training for all employees involved in the delivery of service. This should ensure that everyone involved is aware of the need to protect Palo Alto Networks information assets and the associated policies and procedures. Employees and contractors using the organization’s information systems and services shall be required to note and report any observed or suspected information security weaknesses.
13.Verification
a.Vendor will perform annual audits at Vendor’s chosen locations in line with Vendor’s existing corporate IT and data security policy. Upon request from Palo Alto Networks, Vendor will select an independent qualified third-party auditor to conduct, at Vendor’s expense, at least annual audits of the security of its data centers, its computers, and its computing environments used to process Protected Information.
b.Each audit will be performed according to the standards and rules of the regulatory or accreditation body for each applicable control standard or security framework (e.g. SOC 2). Audit reports generated by such audits will be Vendor’s confidential information and will contain material findings by the auditor. At Palo Alto Network’s request and under non-disclosure agreement, Vendor will provide the audit report so that Palo Alto Networks can verify Vendor’s compliance with the adopted security framework.
c.Upon request from Palo Alto Networks, but not more than once during each 12-month period unless preceded by a Security Incident, Vendor shall complete a Palo Alto Networks provided information security program questionnaire (“Security Review”). Vendor agrees to fully cooperate with such Security Review and implement all commercially reasonable changes to its information security program, that as a result of the Security Review, are required to ensure Vendor’s compliance with this Exhibit, at Vendor’s sole cost and expense.
d.Vendor acknowledges and agrees that Palo Alto Networks or a Palo Alto Networks – appointed third-party (collectively, “Monitor”) has the right, for the purposes of verifying compliance with the requirements of these Terms, to review the terms, records and/or facilities of Vendor and Vendor’s subcontractors or affiliates that provide goods and/or services related to or involving the processing, transport or storage of Palo Alto Networks Information. Palo Alto Networks will announce its intent to review Vendor in accordance with these Terms by providing at least five (5) business days’ notice to Vendor. Vendor will provide Monitor with access to its site, systems and records as reasonably necessary to assess compliance with the requirements of these Terms. At Palo Alto Networks’ reasonable request, Vendor will provide Monitor, with a personal site guide while on-site. Vendor will make available to Monitor, for in-person or phone interviews, any Vendor employees and/or contractors for provision of information and cooperation related to the verification hereunder. Such verification will be at Palo Alto
Vendor Information Security Terms – 2019MAR216666 page 6 of 7
Networks’ expense, unless it reveals material non-compliance with the requirements of these Terms, in which case will be borne by Vendor.
14.Termination and Survival
a.These Terms shall be effective as of its Effective Date and continue until terminated by Palo Alto Networks.
b.Vendor shall cease to process Protected Information upon the termination or expiration of the Agreement.
c.The provisions in these Terms relating to the protection of Protected Information shall survive termination of the Agreement or these Terms and remain in effect for as long as Vendor has Protected Information.
Vendor Information Security Terms – 2019MAR217777 page 7 of 7
Exhibit 21.1
LIST OF SUBSIDIARIES
OF
PALO ALTO NETWORKS, INC.
| Name of Subsidiary | Jurisdiction of Incorporation | |||||||
| Palo Alto Networks (Australia) Pty Ltd | Australia | |||||||
| Evident.io Pty. Ltd. | Australia | |||||||
| Sinefa Pty. Ltd. | Australia | |||||||
| Palo Alto Networks (Austria) GmbH | Austria | |||||||
| Palo Alto Networks Belgium B.V.B.A. | Belgium | |||||||
| Palo Alto Networks (Brasil) Ltda. | Brazil | |||||||
| Palo Alto Networks (Canada Technology), Inc. | Canada | |||||||
| Palo Alto Networks (Canada) Inc. | Canada | |||||||
Palo Alto Networks (Shanghai) Co., Ltd. | China | |||||||
| PA Networks Costa Rica LLC SRL | Costa Rica | |||||||
| Palo Alto Networks (Czech) S.R.O. | Czechia | |||||||
| Palo Alto Networks Denmark ApS | Denmark | |||||||
| Palo Alto Networks (Finland) Oy | Finland | |||||||
| Palo Alto Networks (Germany) GmbH | Germany | |||||||
| Palo Alto Networks (India) Private Limited | India | |||||||
| Palo Alto Networks (India) Technologies Private Limited | India | |||||||
| CGNX Networks Private Limited | India | |||||||
Gammanet Solutions Private Limited | India | |||||||
| Palo Alto Security Limited | Ireland | |||||||
| Palo Alto Networks (Israel Analytics) Ltd. | Israel | |||||||
| Palo Alto Networks (Israel Services) Ltd. | Israel | |||||||
| Palo Alto Networks (Israel) Ltd. | Israel | |||||||
| Twistlock Ltd. | Israel | |||||||
BridgeCrew Technologies Ltd. | Israel | |||||||
| Palo Alto Networks (Italy) S.R.L | Italy | |||||||
| Palo Alto Networks K.K. (Kabushiki Kaisha) | Japan | |||||||
| Palo Alto Networks (Mexico) S. de R.L. de C.V. | Mexico | |||||||
| Palo Alto Networks (New Zealand) Unlimited | New Zealand | |||||||
| Palo Alto Networks (Norway) AS | Norway | |||||||
| Palo Alto Networks (Poland) sp. z o.o. | Poland | |||||||
| Palo Alto Networks (QFC) LLC | Qatar | |||||||
| Palo Alto Networks (Rus) LLC | Russia | |||||||
| Palo Alto Networks Korea, Ltd. - Yuhan Hoesa (YH) | S. Korea | |||||||
| Palo Alto Networks Saudi Arabia LLC | Saudi Arabia | |||||||
| Palo Alto Networks (Singapore) Holding Company Pte. Ltd. | Singapore | |||||||
| Palo Alto Networks (Singapore) PTE. LTD. | Singapore | |||||||
Palo Alto Networks (South Africa) (Pty) Ltd. | South Africa | |||||||
| Palo Alto Networks (Iberia), S.L. | Spain | |||||||
| Palo Alto Networks (Switzerland) GmbH | Switzerland | |||||||
| LightCyber B.V. | The Netherlands | |||||||
| Palo Alto Networks (EU) B.V. | The Netherlands | |||||||
| Palo Alto Networks (GEO) B.V. | The Netherlands | |||||||
| Palo Alto Networks (Netherlands) B.V. | The Netherlands | |||||||
| Palo Alto Networks (APAC Holdings) B.V. | The Netherlands | |||||||
| Palo Alto Networks Holdings B.V. | The Netherlands | |||||||
| Palo Alto Networks FZ LLC | United Arab Emirates | |||||||
| Palo Alto Networks (UK Holding 1) Limited | United Kingdom | |||||||
| Palo Alto Networks (UK Holding 2) Limited | United Kingdom | |||||||
| Palo Alto Networks (UK) Limited | United Kingdom | |||||||
| 3375 Scott Blvd LLC | Delaware | |||||||
| Aporeto, Inc. | Delaware | |||||||
| Evident.io LLC | Delaware | |||||||
| LightCyber, Inc. | Delaware | |||||||
| Palo Alto Networks (Malaysia), LLC | Delaware | |||||||
| Palo Alto Networks Financial Services, LLC | Delaware | |||||||
| Palo Alto Networks International, Inc. | Delaware | |||||||
| Palo Alto Networks Management, LLC | Delaware | |||||||
| Palo Alto Networks Public Sector, LLC | Delaware | |||||||
| Palo Alto Networks Venture Fund, LLC | Delaware | |||||||
| Palo Alto Networks, L.L.C. | Delaware | |||||||
| PAN Demisto LLC | Delaware | |||||||
| PAN II LLC | Delaware | |||||||
| PAN LLC | Delaware | |||||||
| RedLock, Inc. | Delaware | |||||||
| SecDo, Inc. | Delaware | |||||||
| Twistlock, Inc. | Delaware | |||||||
| Zingbox, Inc. | Delaware | |||||||
| Xseer, Inc. | Delaware | |||||||
| CloudGenix, Inc. | Delaware | |||||||
BridgeCrew LLC | Delaware | |||||||
Sinefa Inc. | Delaware | |||||||
Sinefa Group, LLC | Delaware | |||||||
Expanse LLC | Delaware | |||||||
Expanse Holding Company LLC | Delaware | |||||||
Crypsis Digital Security, LLC | Virginia | |||||||
Crypsis Group Holdings, LLC | Virginia | |||||||
Gamma Networks, Inc. | Delaware | |||||||
Exhibit 23.1
Consent of Independent Registered Public Accounting Firm
We consent to the incorporation by reference in the following Registration Statements:
(1)Registration Statement (Form S-3 No. 333-227324) of Palo Alto Networks, Inc.,
(2)Registration Statement (Form S-8 No. 333-182762) pertaining to the 2005 Equity Incentive Plan, 2012 Equity Incentive Plan and the 2012 Employee Stock Purchase Plan of Palo Alto Networks, Inc.,
(3)Registration Statements (Form S-8 No. 333-191340, 333-198859, 333-207003, 333-213547, 333-220383, 333-227322, 333-233689, and 333-248626) pertaining to the 2012 Equity Incentive Plan and the 2012 Employee Stock Purchase Plan of Palo Alto Networks, Inc.,
(4)Registration Statement (Form S-8 No. 333-227901) pertaining to the RedLock Inc. 2015 Stock Plan,
(5)Registration Statement (Form S-8 No. 333-230663) pertaining to the Demisto, Inc. 2015 Stock Option Plan,
(6)Registration Statement (Form S-8 No. 333-232672) pertaining to the Twistlock Ltd. Amended and Restated 2015 Share Option Plan,
(7)Registration Statement (Form S-8 No. 333-234059) pertaining to the Zingbox, Inc. Stock Incentive Plan,
(8)Registration Statement (Form S-8 No. 333-235854) pertaining to the Aporeto, Inc. Amended and Restated 2015 Stock Option and Grant Plan,
(9)Registration Statement (Form S-8 No. 333-238014) pertaining to the CloudGenix Inc. 2013 Equity Incentive Plan;
(10)Registration Statement (Form S-8 No. 333-249387) pertaining to the Crypsis Group Holdings, LLC 2017 Equity Incentive Plan,
(11)Registration Statement (Form S-8 No. 333-251423) pertaining to the Sinefa Group, Inc. 2020 Stock Plan,
(12)Registration Statement (Form S-8 No. 333-251425) pertaining to the Expanse Holding Company, Inc. Amended and restated 2012 Stock Incentive Plan, and
(13)Registration Statement (Form S-8 No. 333-254042) pertaining to the Bridgecrew, Inc.2019 Stock Incentive Plan;
of our reports dated September 3, 2021, with respect to the consolidated financial statements of Palo Alto Networks, Inc. and the effectiveness of internal control over financial reporting of Palo Alto Networks, Inc. included in this Annual Report (Form 10-K) of Palo Alto Networks, Inc. for the year ended July 31, 2021.
/s/ Ernst & Young LLP
San Jose, California
September 3, 2021
Exhibit 31.1
CERTIFICATION PURSUANT TO SECTION 302(a)
OF THE SARBANES-OXLEY ACT OF 2002
I, Nikesh Arora, certify that:
1.I have reviewed this Annual Report on Form 10-K of Palo Alto Networks, Inc.;
2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
(a)Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b)Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c)Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d)Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and
5.The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
(a)All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
(b)Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
/s/ NIKESH ARORA | ||
| Nikesh Arora | ||
| Chief Executive Officer and Director | ||
Date: September 3, 2021
Exhibit 31.2
CERTIFICATION PURSUANT TO SECTION 302(a)
OF THE SARBANES-OXLEY ACT OF 2002
I, Dipak Golechha, certify that:
1.I have reviewed this Annual Report on Form 10-K of Palo Alto Networks, Inc.;
2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
(a)Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b)Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c)Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d)Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and
5.The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
(a)All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
(b)Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
| /s/ DIPAK GOLECHHA | ||
| Dipak Golechha | ||
| Chief Financial Officer | ||
Date: September 3, 2021
Exhibit 32.1
CERTIFICATION OF CHIEF EXECUTIVE OFFICER
PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002
I, Nikesh Arora, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Palo Alto Networks, Inc. for the fiscal year ended July 31, 2021, fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, and that information contained in such Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Palo Alto Networks, Inc.
/s/ NIKESH ARORA | ||
| Nikesh Arora | ||
| Chief Executive Officer and Director | ||
Date: September 3, 2021
Exhibit 32.2
CERTIFICATION OF CHIEF FINANCIAL OFFICER
PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002
I, Dipak Golechha, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Palo Alto Networks, Inc. for the fiscal year ended July 31, 2021, fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, and that information contained in such Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Palo Alto Networks, Inc.
/s/ DIPAK GOLECHHA | ||
| Dipak Golechha | ||
| Chief Financial Officer | ||
Date: September 3, 2021