Akamai Technologies Inc (AKAM) — Q2 2021 Earnings Call Transcript

Thank you, operator. Good afternoon, everyone, and thank you for joining Akamai’s second quarter 2021 earnings conference call. Speaking today will be Tom Leighton, Akamai’s Chief Executive Officer, and Ed McGowan, Akamai’s Chief Financial Officer. Before we get started, please note that today’s comments include forward-looking statements, including statements regarding revenue and earnings guidance. These forward-looking statements are subject to risks and uncertainties and involve a number of factors that could cause actual results to differ materially from those expressed or implied by such statements; the factors include uncertainty stemming from the COVID-19 pandemic and any impact from unexpected geopolitical developments. Additional information concerning these factors is contained in Akamai’s filings with the SEC, including our Annual Report on Form 10-K and Quarterly Reports on Form 10-Q. The forward-looking statements included in this call represent the company’s view on August 3, 2021. Akamai disclaims any obligation to update these statements to reflect future events or circumstances. As a reminder, we will be referring to some non-GAAP financial metrics during today’s call. A detailed reconciliation of GAAP and non-GAAP metrics can be found under the financial portion of the Investor Relations section at akamai.com. And with that, let me turn the call over to Tom.

Thanks, Tom, and thank you all for joining us today. I'm pleased to report that Akamai delivered excellent financial results in the second quarter, coming in at or above the high end of our guidance range for both revenue and EPS. Q2 revenue was $853 million, up 7% year-over-year and up 5% in constant currency. Non-GAAP operating margin in Q2 was 32%, which reflects our continued focus on operational efficiency, even as we've continued to invest for future growth. Q2 non-GAAP EPS was $1.42 per diluted share, up 3% year-over-year. Akamai Security Solutions continued to perform especially well in Q2, generating revenue of $325 million, up 25% year-over-year and up 22% in constant currency. Cyberattacks generated headlines throughout the first half of the year, and our strong growth reflects the criticality of security to organizations in every sector and geography of the world. Akamai is increasingly recognized as a security leader that offers not just innovative and market-leading solutions, but also insights into an enormous amount of Internet data and threat intelligence, a massive distributed platform at the edge of the Internet where most attacks originate. And the technical expertise of one of the industry's largest and most experienced teams of security professionals. The strong growth of our security portfolio was driven by several product lines, including our market-leading solutions for web app firewall, bot management, DDoS prevention, and Access Control. Our recently released Akamai Page Integrity Manager continued to have rapid adoption in Q2. Page Integrity Manager helps businesses protect their users from having credit card data or other personal information stolen by malware embedded in third-party content. It's also designed to prevent user data from being intentionally or inadvertently sent to third parties such as advertisers or social networks, which can result in a violation of privacy laws and steep fines. As an example, one of our customers is a leading furniture retailer. Page Integrity Manager detected that one of their partners, a major social media platform, was taking their shoppers' email addresses in violation of their data privacy rules. Page Integrity Manager blocks such transfers of personal data and immediately notifies our customers so that appropriate business actions can be taken. In June, we entered beta with a related solution that we call Audience Hijacking Protection. Audience Hijacking Protection is designed to detect and block malicious or unwanted activity from client-side plug-ins, browser extensions, and malware. For example, it can quickly identify vulnerable resources, detect suspicious behavior, and block unwanted ads, pop-ups, affiliate fraud, and other malicious activities that attempt to hijack a retailer's audience. Initial customer interest in this new capability is very strong. Akamai Bot Manager also continued to perform very well in Q2, with revenue growing 40% year-over-year. Bot Manager now has nearly 800 customers with an annualized revenue run rate of nearly $200 million. Our customers use Bot Manager to thwart a variety of unwanted activities and attacks such as price scraping, inventory manipulation, credential stuffing, and account takeover. Recently, we enhanced our ability to defend against account takeover attempts with the beta launch of Akamai Account Protector. It's designed to proactively identify and block human fraudulent activity using advanced machine learning, behavioral analytics, and reputation heuristics. Account Protector intelligently evaluates every login request to determine if it's coming from a legitimate user or an impersonator. Q2 bookings were also strong for our Prolexic service, which helps organizations defend against the surge of ransom DDoS attacks that began in Q3 of last year. As an example, a leading financial analytics company recently adopted Prolexic to protect them from this growing threat. Prior to that, the company faced operational and technical challenges from needing to manage multiple security technologies from various niche vendors and cloud service providers. Since consolidating with Akamai, they have greatly benefited from reduced complexity, improved security, and greater consistency for compliance and risk management across their many business units. As you all likely know, there have been widespread ransomware, data theft, and other malware attacks against major enterprises this year. Included were well-publicized attacks on critical infrastructure at a major pipeline company, the world's largest meat packer, and a freight operator that serves as the lifeline for two popular island destinations in New England. The need to stop these kinds of attacks is driving organizations to adopt new Zero Trust and Secure Access Service Edge, or SASE solutions, such as those offered by Akamai. For example, when the exchange server attack hit thousands of organizations in March, Akamai's email wasn't compromised because our IT department uses Akamai's Enterprise Application Access solution, which prevented unauthorized access to our exchange server. Our Access Control suite of products continues to be Akamai's fastest-growing security segment in Q2, with revenue up 161% year-over-year, including the acquisition of Asavie, and up 57% on an organic basis. As one example of a new customer, we closed a large security contract in Q2 with a company that helps maritime operators manage risk. This company has thousands of employees and hundreds of offices throughout the world. They adopted our Enterprise Application Access and Kona Site Defender solutions to secure the access to their applications and to protect their internal systems from malware and other threats. I'll now turn to our CDN portfolio, which generated revenue of $528 million in Q2, down 1% year-over-year and 4% in constant currency. This result was in line with our expectations and reflects the challenging comparison against last year's pandemic-related jump in traffic and the loss of revenue from Chinese applications that were banned from India in July of 2020. Traffic on our platform remained strong in Q2, with peaks exceeding 130 terabits per second every day throughout the quarter. This enormous amount of traffic provides strong evidence of how much customers were live on our platform's unparalleled scale and reach, which is enabled by more than 4,200 points of presence at the edge in 135 countries around the world. Our tremendous global presence is especially important to the world's major broadcasters, who continue to look to Akamai to deliver the world's most significant events. For example, during the recent European football tournament, the peak traffic that we delivered globally for more than 30 broadcasters was 35 terabits per second, nearly five times the peak observed in 2016. Our fast-growing Edge Applications segment delivered $47 million in Q2, up 35% year-over-year and up 32% in constant currency. This rapid growth rate reflects the shift of compute workloads from core data centers, on-prem or in the cloud to our edge platform for offload, improved performance, security and global scale. For example, each time a user accesses one of our retailer customer sites, the retailer's geo location code is executed on an Akamai edge server to identify the user's location and then deliver content tailored for that location. Overall, we're now supporting an average of five billion such edge computing instances per day on our platform. In summary, I'm pleased to report that we've executed according to the plan we outlined for investors during our February Analyst Day. In particular, we continued to achieve strong demand from customers for our security and edge computing solutions, diversification of our business across products, geographies, and sales channels, and strong financial performance on both the top and bottom lines. Before turning the call over to Ed, I'd like to formally welcome Sharon Bowen to our Board of Directors. Sharon has had extensive experience in financial and securities transactions for large global companies and we're very much looking forward to benefiting from her engagement and counsel. In addition, as many of you know, our Board is now chaired by Dan Hesse, who succeeded Fred Salerno in June. Dan has held senior management positions in the telco industry for many years, including as CEO of Sprint. He's also recognized as a leader in ESG and is providing valuable advice and oversight to our senior management team. Of course, we all deeply appreciate Fred's many years of outstanding leadership and service to Akamai, and we wish him the very best in his future endeavors. I'll now turn the call over to Ed to provide further details on our Q2 results and our outlook for next quarter and the full year. Ed?

Thank you, Tom. As Tom outlined, Akamai delivered another excellent quarter. Q2 revenue was $853 million, at the high end of our guidance range and up 7% year-over-year or 5% in constant currency. Revenue growth was led by broad-based strength across our Security business globally. Revenue from our Security Technology Group was $325 million, up 25% year-over-year or 22% in constant currency. Security now accounts for 38% of our total revenue. We saw strong performance across our major security products, including Bot Manager, Prolexic, and our Access Control product suite. Revenue from our Edge Technology Group was $528 million, down 1% year-over-year or 4% in constant currency. These results were in line with our internal expectations, which factored in challenging comparisons from our outstanding CDN results in Q2 a year ago. The tough year-over-year comparisons within our Edge delivery business offset the continued strong growth in our edge applications business. Foreign exchange fluctuations had a negative impact on revenue of $2 million on a sequential basis and a positive $19 million on a year-over-year basis, largely in line with our expectations. International revenue was $403 million, up 15% year-over-year or 9% in constant currency. Sales in our international markets represented 47% of total revenue in Q2, up three points from Q2 2020 and up two points from Q1 levels. As a reminder, our Q2 results last year included approximately $15 million of revenue from China-based apps that were banned in India from Q3 2020 onwards. Adjusting for this impact, international growth would have been approximately 20% year-over-year and 14% in constant currency. Finally, revenue from our US market was $450 million, up 1% year-over-year. Moving now to costs. Cash gross margin was 76%, in line with our expectations. GAAP gross margin, which includes both depreciation and stock-based compensation, was 62%. Non-GAAP cash operating expenses were $259 million, slightly below our guidance range due to lower-than-expected hiring during the quarter. Now, moving on to profitability. Adjusted EBITDA was $386 million. Our adjusted EBITDA margin was 45%, in line with our guidance. Non-GAAP operating income was $270 million, and our non-GAAP operating margin was 32%, slightly favorable to our guidance due to lower operating expenses I just mentioned. Capital expenditures in Q2, excluding equity compensation and capitalized interest expense were $138 million, consistent with our guidance range. GAAP net income for the second quarter was $156 million or $0.94 of earnings per diluted share. Non-GAAP net income was $233 million or $1.42 of earnings per diluted share, up 3% year-over-year, down 1% in constant currency, and $0.02 above the high end of our guidance range. Taxes included in our non-GAAP earnings were $39 million, based on a Q2 effective tax rate of approximately 14.5%. Now I will discuss some balance sheet items. As of June 30th, our cash, cash equivalents, and marketable securities totaled approximately $2.6 billion. After accounting for the $2.3 billion of combined principal amounts of our two convertible notes, net cash was approximately $281 million as of June 30th. Now I will review our use of capital. During the second quarter, we spent approximately $96 million to repurchase shares, buying back approximately 900,000 shares. We ended Q2 with approximately $417 million remaining on our previously announced share repurchase authorization. Our plan remains to leverage our share buyback program to offset dilution resulting from equity compensation over time. Moving on to Q3 guidance. We are projecting Q3 revenue in the range of $845 million to $860 million or up 7% to 9% as reported or 6% to 8% in constant currency over Q3 2020. Foreign exchange fluctuations are expected to have a negative $3 million impact on Q3 revenue compared to Q2 levels and a positive $5 million impact year-over-year. At these revenue levels, we expect cash gross margins of approximately 76%. Q3 non-GAAP operating expenses are projected to be $257 million to $262 million, and we anticipate Q3 EBITDA margins of approximately 45%. Moving now to depreciation. We expect non-GAAP depreciation expense to be between $120 million to $121 million. Factoring in this guidance, we expect non-GAAP operating margin of approximately 31% for Q3. Moving on to CapEx. We expect to spend approximately $135 million to $140 million excluding equity compensation in the third quarter. And with the overall revenue and spend configuration I just outlined, we expect Q3 non-GAAP EPS in the range of $1.37 to $1.41. This EPS guidance assumes taxes of $38 million to $39 million based on an estimated quarterly non-GAAP tax rate of approximately 14.5%. It also reflects a fully diluted share count of approximately 165 million shares. Looking ahead to the full year, we are raising our guidance for both revenue and EPS. We now expect revenue of $3.42 billion to $3.45 billion, which is up 7% to 8% year-over-year as reported, or up 6% to 7% in constant currency. We now expect Security revenue growth to be in the low to mid-20% range for the full year 2021. We are estimating non-GAAP operating margin of approximately 31% and non-GAAP earnings per diluted share of $5.54 to $5.65. And this non-GAAP earnings guidance is based on a non-GAAP effective tax rate of approximately 14.5% and a fully diluted share count of approximately 164 million shares. Finally, full year CapEx is anticipated to be approximately 16% of revenue, consistent with our prior guidance. We are very pleased with our excellent financial results in the first half, and we look forward to delivering a strong second half. Thank you. Tom and I would be happy to take your questions.

Thanks for taking the question. Can you talk about some of the seasonality around the business, second, third quarter? Obviously, the Olympics is happening right now and sort of how you see the impact on the business, given how the traffic patterns have been so far? And then it seems like operating income 31% is moving up a little bit. Can you just talk about some of the dynamics and where you see that going as security maybe becomes a bigger part of the business?

Jim, thanks for the question. This is Ed. In terms of seasonality, Q3, typically we tend to see a little bit of slowdown in traffic over the summer months, we were calling for sort of a flattish quarter to Q2 here with the guide. We'll see a little bit of slowdown in August. I would expect — I've got the Olympics in there. Not expecting a ton from the Olympics this year, it's a couple of million bucks that we have in the quarter. We did see in terms of seasonality in Q2, we did see a bit of a lighter gaming quarter in Q2. We would expect to see that probably pick up a bit here in the back half of the year. And then obviously, in Q4, that's our most challenging quarter to call, which you've got really two seasons there. You've got the commerce season and then the — we typically see a large media season as well. So we're expecting that in Q4. And we'll update you as we go and we'll get more information as the year goes on. And for the next call, we'll update you on what we're seeing for the Q4 seasonality. The margin question, yes, we had a better quarter from an operating margin perspective. Hiring was a little bit lighter than normal. Just a couple of things to keep in mind on the margin front. July is when we have our annual merit increase or our salary increases, so that comes into effect beginning in Q3. Then also, we do expect that we'll see some travel expenses and some costs related to offices reopening in the back half of the year as well. Tom and I have talked about, we plan on operating the business in the 30% range. This year, we'll do a little bit better, but we do want to continue to invest for the opportunities we see in front of us in Security.

Great. Thanks.

Yes, thanks. Hi, guys. I'm curious to understand how you're thinking about the investment on the go-to-market, specifically sales headcount in the security side of the business, given the strength that you're seeing?

We do have a specialist team for our newest security products. And that's very helpful until the field can get up to speed. But our entire go-to-market operation is now well-versed in selling security products. So they really only need the assist for the newly released products. And so we don't have a bifurcated sales force now.

Understood. And then just one follow-up in terms of the security competitive landscape, especially on the newer solutions like Page Integrity Manager. Who is the point person you're selling into? And are these uncontested, or what other solutions do they tend to consider when they're looking at it?

Yes. For our new solutions, you might see a start-up out there with something similar. Our normal competition doesn't have these capabilities. And it's a big advantage to be able to offer these capabilities with the existing platform because once you're on Akamai, for example, you're using our Web App Firewall, which is a market-leading solution, it's very easy to add Page Integrity Manager on top. We just take care of that. The customer says they want it, and we turn it on. And the request — the data flow is not changed. The same will be true with Audience Hijacking Protection, same thing, built right on top of the Web App Firewall and our other solutions. So it really is very convenient for customers to buy from us. And there really isn't something that's comparable in the marketplace. And these are adding great value. In terms of the buyer, Audience Hijacking Protection, that could really go the range. Probably it ends up more towards the marketing side of the house because literally, their audience is being hijacked today. Any retailer has a problem where — because of malware that's on the user's browser or plug-ins or extensions they have, that malware and those plug-ins are looking for somebody about to do a transaction. And what they'll do is put some pop-up over at saying, wait a minute, go here instead. Or even worse, it will be some fraud where they'll change the refer header and claim credit for this buyer, and our customer now has to pay more. So for products like that, it could be anywhere from the security side all the way through the website and through the marketing side of the house because it provides so much value, it reduces cost, increases revenue and provides greater security. Really, it's very nice to see that because it's a very good blend between our delivery and performance solutions and our security solutions all wrapped up in one package.

Makes sense. Thank you.

This is Charlie Erlikh on for Will. Thanks for taking my question. I had a two-part question on contract renegotiations. I guess, first, are there any big contracts coming up that we should be aware of, or is it pretty spread out over the back half of the year and into next year? And then part two, for the contract renegotiations that you've already had, I'm kind of curious what you're hearing in terms of the health of the customers? And are they still asking for price concessions, or are we closer to back to pre-pandemic levels in that respect? Thanks.

Yes. In terms of the major contracts up for renewal, we completed a few this quarter, and the remaining ones are distributed fairly evenly. If any significant contracts arise, I will highlight that information. As we mentioned on our Investor Relations day, we do not have a high customer concentration risk overall. However, occasionally, several renewals can coincide, leading to some fluctuations in a quarter, but they are generally well spread out. Regarding customer health, it varies by industry. We are experiencing standard pricing discussions. Traditionally, this industry has had a deflationary pricing trend, particularly concerning volumes, which is primarily volume-driven. I do not foresee any notable changes in that regard. It is still too early to declare an end to the pandemic. We continue to have substantial business with commerce and retailers; that's still unfolding. We have noticed some increase in volume, but we are not completely past the challenges there yet. Overall, there are no significant changes to report regarding pricing.

Great. Thanks very much.

Hi. It's Mike Wilson on for Keith Weiss. Thank you for taking our question. I'd like to dig a little bit deeper into the Edge Applications. What type of use cases you're seeing? And what other verticals you're kind of seeing traction in besides retail? You gave a nice example in your prepared remarks, but anything additional would be helpful.

Certainly. The technology is beneficial across various sectors. For instance, gaming companies are interested in making local decisions regarding player interactions and server connections. Another example is the application built for COVID vaccine registration sites. A third-party developer created a queuing system using our EdgeWorkers solution, which is currently utilized by numerous governments and pharmaceutical companies to help manage vaccine registrations. Initially in the U.S. and in many countries, the demand for vaccines has exceeded supply, necessitating a fair queuing process. When users access the site, they enter a queue and are informed of their wait time, all managed through our edge computing service. This system effectively handles increased traffic, particularly when vaccines become available in a short time frame. Our EdgeWorkers solutions are ideal for any scenario that requires localized and scalable responses. IoT applications will likely drive future demand, particularly as 5G networks expand and connect more devices. These devices often communicate extensively, requiring quick, localized decision-making, which edge computing can facilitate. Additionally, we cater to different device types and connectivity levels with our image and video manager applications. For example, if a user is on a cellular device with limited screen size or connectivity, our edge solution will automatically deliver a smaller, lower-resolution image that still appears high-quality on their device. Overall, there is a wide range of applications being utilized, and we are now processing these tasks five billion times a day on our edge platform using Edge Java.

That's really great color. And then pivoting to the CDN solutions within the Edge Technology Group, anything to call out in terms of pricing? And then how should we think about revenue from the Internet platform customers and the second half of 2021?

Yes. I'll take that one, Tom. So in terms of pricing, as I just mentioned, really nothing to call out on the pricing side. As far as Internet platform customers go, the team's doing a great job executing there, we continue to grow that group of customer’s obviously very highly innovative customer base, a lot of them have their own CDN, but we're doing a good job of growing that business and very happy with the performance there. I expect that revenue stream to continue to run along about the same pace that it's going now for the rest of the year, maybe see a little bit of upside in this fourth quarter.

Hey guys, thanks for the questions. First, on the external and internal-based cloud access solutions, which one is really leading the charge at this point? And what has been the pushback from customers that are evaluating other solutions that may pick a competitor? And do you plan on building or acquiring into the rest of that SASE stack like in DLP or CASB?

So yes, we're interested in the entire SASE stack. I would say we're really focused though on stopping malware, stopping these ransom DDoS, ransomware attacks, stopping data exfiltration. And that puts us in the direction of a focus on access to make sure that we do the access control of the application layer, not as it's traditionally done at the network layer, and that makes a huge difference in terms of the malware getting inside in the first place. Also, we have Secure Web Gateway capabilities, probably market-leading DNS capabilities, which makes a big difference in terms of data exfiltration. And we do have some DLP capabilities today with our newest version of Enterprise Threat Protector. CASB, less capabilities there today, potentially of interest, but not the primary mission in terms of stopping the data exfiltration, the ransomware attacks, the malware attacks on enterprises. And of course, ransom DDoS, which our Prolexic solution helps a lot with — along with Kona. So good traction there. As you see the growth on the access side of the house now, well over 50% organically. And of course, if you account for the Asavie acquisition, over 160% year-over-year. We plan to continue investing there organically, also through potentially M&A, we're always looking there. And I think that has a lot of future potential for us.

That's helpful, Tom. And I guess I'll be the one to take the bait. Obviously, two outages during the last couple of months here. Can you just walk us through, maybe add what the financial impact could be in terms of any SLA refunds or what you heard back in terms of feedback from customers regarding the DNS and the DDoS issues? Thanks?

Yes. In terms of financial impact, de minimis. We lost, at the peak, about 2% of our traffic for up to 1 hour. So not any financial impact per se. That said, we care a lot about reliability at Akamai. It is core to everything we want to do. And we've put a ton of effort into making our solutions be reliable over the last 10-plus years. In fact, you have to go back to 2004 to find anything comparable in terms of what's happened on our platform. In 2004, we actually took the entire platform down for about an hour, which was disastrous. That didn't happen in this case, but we did hurt hundreds of our customers, and we deeply regret that. We impacted them and their users, and that's unacceptable. In both cases, there was an update that caused a problem. And we have invested a lot in infrastructure to make sure that updates are done safely. In this case, the updates were totally different and totally different systems at Akamai. But as a result of this, we are taking a fresh look at how we release updates to make sure that something like this won't happen again. And meanwhile, we've locked down all update channels as we do a thorough investigation of each one. People don't often realize it, but we are constantly doing updates. We have a platform with dozens of services. We have many, many thousands of customers. Any given customers maybe wanted to make an update to their site on an hourly basis or more. And so it's just thousands and thousands a day of updates that are taking place on the platform. And because of the really very intense work that we've done over the last decade, we have had an excellent track record of keeping any problem with an update from spreading. Humans making updates will make mistakes. And our goal is to prevent — to catch them early and prevent them from spreading. And in this case, there were 2 different channels where that didn't happen the way we want it to. And so we are putting in a lot of effort to look at every possible channel and make sure it is working the way we want to. And not only do we not want to have any more incidents this year, we don't want to be having this happen in the next 10 years. And so there's a lot of effort going into making sure that's the case.

Thanks, Tom. I have two high-level questions. Can you discuss the significance of edge computing in the cloud regarding specific applications? What percentage of these applications will incorporate some edge components? Additionally, how does your infrastructure compare to competitors in facilitating edge computing? On the security side, another broad question: Do customers recognize the advantages of cloud-based security over on-premises solutions? Where do we currently stand in that process?

Yes, good questions. I think edge computing is really important in the future. And when I say edge, I really mean edge, and that's a big difference with the competition, none of whom really have an edge platform. Of course, for the last couple of years, everybody says they have edge everything. It's just — it's not true. We're in over 4,000 locations, in about 1,000 cities and 135 countries, and nobody is anywhere close to that. And we offer native Javascript support now, which a lot of the folks that talk about edge computing don't. And we spin up our apps in a few milliseconds, and that's a factor of 1,000 better than some of the folks that talk a lot about edge computing out there. So, I think we stack up very well against the competition there. And I think you see that reflected in our very strong growth. That segment now well over 30% growth year-over-year. We think we can maintain that. And on a reasonable size number, last year, $150 million, we're now almost up to a $200 million annual revenue run rate for our edge applications business. So, I think very strong future potential. And as you grow in your 30% a year on a number that's about $200 million now, after a few years, that starts really being meaningful. And I think that drives accelerated growth for the CDN business. And remind me again of the security question you had.

Well, it seems like security is rapidly moving to the cloud. I guess the customers understand how much better that is, where do you think we are in the process?

Yes, that's an excellent question. It's noteworthy that we began with application firewall technology. If we look back five or six years, most companies purchased a device and managed it in-house. Today, while a few enterprises still do that, the vast majority of major B2C companies are now utilizing Akamai as their cloud service provider for this purpose. We are clearly the market leader in application firewall. When we consider DDoS protection, five years ago, it was primarily managed either on-site or through a single carrier, but that approach is no longer feasible due to the volume of attacks. Now, Akamai leads the market significantly in providing this as a cloud service. I anticipate that a similar transformation will occur with enterprise security. Currently, organizations typically rely on VPNs and devices managed within their data centers, which is a flawed method that has led to numerous breaches. For instance, a recent breach in a major pipeline company is just one example among thousands of enterprises facing similar risks. When VPN credentials are compromised and appear on the dark web, malicious actors gain access to entire networks, which is unacceptable. This highlights the importance of our solutions that provide application layer access. While it's possible for someone to steal credentials, implementing multifactor authentication ensures that access is limited to the application level. Moreover, with Akamai, users cannot directly access the application; they must go through us, allowing us to prevent malware and address vulnerabilities effectively. Referring to the exchange server incident I mentioned earlier, having Akamai's Enterprise Application Access helped protect our email despite the presence of vulnerable software, similar to what others faced. We are still at the early stages of adopting a Zero Trust approach and transitioning to the cloud, particularly to the edge, which is foundational for enterprise security. I firmly believe there is significant potential ahead, as we are well-positioned to effectively mitigate breaches.

Thank you. Two modeling questions, if I might. The first one, just looking at the guide increase for 2021. Just curious if you're going to agree with how I'm thinking about it, which is it seems like it reflects a 2Q upside, maybe a little bit of upside in terms of your expectations for 3Q, but really no change as it relates to your assumptions for 4Q. And it sounds like that's more a function of just lack of visibility opposed to some type of step-down or negative impact, if you will, that you're now anticipating? Just curious, if I'm thinking about that correctly. And then secondly, it sounds like in response to one of questions, regarding M&A it may have been suggesting that you guys obviously continue to look and may even be close to something. Are you guys still holding a line where M&A is expected to be accretive within some short period of time, or are valuations getting to a point now, where if you were, in fact, to do something of materiality, it could actually be relatively meaningfully dilutive just given what you'd have today? Thank you.

All right. So I'll take the first question, Colby. So in terms of Q4, I think you're thinking about it correctly, we always talk on Q4 being the hardest quarter to call. And then obviously, there's been a bit of a flare-up here with the Delta virus. So we're going with what we see now, as I said earlier in the call, we'll update you as we get more visibility. There's two seasons to call. There's the commerce season and commerce is a very important vertical for us. And then also, as we've seen in the last several years, there tends to be a big jump step-up in media. So we'll get some more information as we go. But I think you're thinking about it correctly.

Yes. And in terms of the M&A question, we're always looking for companies that have novel capabilities that we can use to build products for our customers that are synergistic with our platform and our solutions we have today. And you're right, there are areas, particularly in security and also edge computing that have very high valuations to that. And that makes it harder to do acquisitions that make sense because we're not going to do something that's crazy. Now when you're looking at acquisition, we look at it over the long term and so that we want it to be accretive, certainly over the long term. In addition to the purchase price, we also worry about the hit margins, especially when you do an acquisition, often as you know, the first year, you have revenue recognition issues where you don't get to recognize all the revenue right away. And so in the first year, you can take a hit to your margins. And if we find the right acquisition that is really helpful to us in growth over the long term and it will be accretive to margins over the long term, there may be a situation where we would take a short-term hit to margins, and then we would improve them from there.

Great. Thanks for taking the question. Ed, I'm curious about, you mentioned headcount growth slowed and actually was down sequentially. Can you update us on your hiring plans for the rest of the year? And do you believe the company needs another phase of investment in headcount in order to sustain the current growth trajectory? Thanks.

Yeah, sure. So I talked about headcount being a little bit behind hiring. Obviously, last year, we had record low attrition. And we're still not back to the attrition levels that we saw pre-pandemic. But we're just a little bit behind on our hiring. I expect that will catch up. We're scaling the company very well. As you can see, our margins have improved quite a bit. But we still want to make investments in security. You've seen some of our newer products have grown to a pretty material size. We've got some very fast and exciting growing businesses with our edge computing business along with a very deep product bench for security. So we're going to continue to invest there. There will be some investments in go-to-market. And then, obviously, as we continue to grow, there'll be some scaling heads that we have to add. But nothing in terms of like a major investment cycle or anything like that that we anticipate coming.

Hi team. Thanks for taking the questions. I wanted to focus on the security and the improved outlook you guys provided today. It seems like the security, in general, is facing broad-based demand, but are there any solutions specifically that are driving this improved outlook? And then I guess a follow-on, with the current threat environment, the headlines we're seeing, is this driving a material change in customer interest? Are you seeing any noticeable impact on sales cycles or budget flowing into this space as a result of that?

We are experiencing strong demand across all of our major security product lines. Additionally, while our new security products aren't generating significant revenue yet, there is considerable interest in them. Overall, the situation looks positive. The heightened threat environment is increasing awareness and the need for our solutions. When customers are facing an attack, the sales cycle tends to be very short. Often, we can integrate a customer within hours or days and finalize contract details afterward, which we've observed frequently. With the rise of ransom DDoS attacks, many major enterprises find themselves in this scenario and quickly become satisfied Akamai customers. Therefore, I would say the current environment for security sales across all of our security products is favorable.

Thanks for that. And if I'm just thinking about the traffic trends, trying to parse out between the typical seasonality where there's a slower leg, if you will, in the summer months. And I'm matching that up against what we have with COVID and this Delta variant we're seeing, trying to — can you guys better comment on that? I'm just trying to put those two pieces together to see what's baked into the guidance as we stand today, or how you see that traffic playing out over the last month now that we're in Q3? Thank you.

Yeah, good question. So what we've assumed here is that there really isn't going to be a major step-up in demand like we saw last year. So not anticipating major lockdowns or anything like that. So then, obviously, if something like that were to happen, it could increase our traffic in the quarter. We do see typical seasonality in the summer months, typically August in, hopefully Europe, in particular, tends to be lighter than expected. So we're anticipating that. It's offset a little bit by the Olympics. Again, I told you not a ton there, a few million bucks for the Olympics. But security growth is also not necessarily impacted by traffic. So we could see if we do see lockdowns, you could see traffic accelerate a bit. And we're not really anticipating that, it's not in our guide at this point. We are expecting to see a strong seasonal Q4. And like I said a couple of times now, we'll update when we talk to you again when we get more visibility. But traffic has got back to, what I would call, more normal growth rates. Obviously, we went through a year and a half of accelerated traffic growth with the launch of some major OTT platforms along with the pandemic. So we’re modeling what I would consider to be sort of a more normal CDN outlook.

Yes. Good afternoon. A question for Tom and then a question for Ed. For Tom, you mentioned at the outset, the Akamai Account Protector that you're working on in beta. I was curious to know if you could provide a little bit more information on the kind of benefits to customers that would come from this product that may not be available in Akamai's security portfolio currently.

Sure. Account Protector is sort of the next step beyond Bot Manager. Bot Manager detects whether it's a human being that's trying to, for example, to log into an account. And as you probably know, there's a ton of account stuffing going on. We see every day now about one billion illegitimate attempts to log into an account of some kind, a bank account, gaming account, a commerce account. And the vast, vast majority of that is bot traffic. Credentials have been stolen somewhere, and a bot network is used to check out those credentials against a lot of websites to see if you get a hit. Now the adversaries have evolved, the attackers have evolved. And now I will use humans to attempt to log in and steal accounts. Now you can't do that at the same scale as you can with a bot army. But you use things that you think may well get in, and now the human will do it. And so we need to decide, well, okay, it's human, but is it the right human? And that's what Account Protector is all about. And it will use information about the human that's been using that account before with a variety of inputs and trust scores and then using machine learning to decide on the fly based on everything we can see here, is this the right human for this account? And we give a score that is used to decide, are we going to provide access directly? Do you go to some other security mechanism, like you get asked questions or a CAPTCHA test of some kind, or do you just block? And that's what Account Protector does. So it is one-step deeper analysis that will now deal with human-based fraud and then specifically around the log-in function. Now of course, Bot Manager covers a lot of other things too, like price scraping, inventory stealing, inventory – reserving all the seats in a hotel or an airline by a competitor, that kind of thing. So this is really focused on fraud and log-in that's being done by humans.

Ben, you had a question for Ed, maybe you could restate it.

I don't think it was stated.

Thank you, everyone. In closing, we will be presenting at several investor conferences and road shows throughout the rest of the third quarter. Details of these can be found on the Investor Relations section of akamai.com. Thank you for joining us, and all of us here at Akamai wish you a wonderful evening.