使用警語:中文譯文來源為 Google 翻譯,僅供參考,實際內容請以英文原文為主
Operator
Ladies and gentlemen, thank you for standing by, and welcome to CyberArk Second Quarter 2020 Earnings Conference Call. (Operator Instructions) Please be advised that today's conference is being recorded. (Operator Instructions) I would now like to hand the conference over to Ms. Erica Smith, Vice President, Investor Relations. Please go ahead.
Erica E. Smith - VP of Investors Relations
Thank you, Sharon. Good morning. Thank you for joining us today to review CyberArk's Second Quarter 2020 Financial Results. With me on the call today are Udi Mokady, Chairman and Chief Executive Officer; and Josh Siegel, Chief Financial Officer.
After prepared remarks, we will open the call up to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflects management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the third quarter. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the SEC and those referenced in today's press release that are posted to CyberArk's website, as well as the risks regarding the duration and scope of the COVID-19 pandemic and its related impact on global economies and our ability to adjust in response to the COVID-19 pandemic.
CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed in this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release or in the supplemental historic information, both of which can be found on our website, www.cyberark.com, in the Investor Relations section. Also a webcast of today's call will be available on our website in the IR section.
With that, I'd like to turn the call over to our Chairman and Chief Executive Officer, Udi Mokady. Udi?
Ehud Mokady - Founder, Chairman of the Board & CEO
Thanks, Erica, and thanks, everyone, for joining the call.
During the quarter, the safety and well-being of our employees continue to be our top priority. We evolved our policies and procedures based on the rolling nature of the pandemic in the countries in which we operate. Our global teams are agile and have adjusted well to today's new normal. In fact, we believe reduced travel schedules, virtual events and digital marketing have increased the overall productivity and focus across the company.
Before getting into the details of the quarter, I want to spend a few minutes talking about the trends we are seeing in the market, then discuss our Q2 results in more detail. I will recap our first ever virtual customer event held 2 weeks ago and finally discuss the integration of Idaptive and positive response from customers and partners.
We continue to see identity and security -- to see identity security and PAM at the top of CIO and CISO priority list. This was confirmed by customers at our recent Impact event held 2 weeks ago as well as by recent industry analyst reports. In today's environment, securing privileged access is more important than ever. The global pandemic is creating unprecedented enterprise-wide risk. Every geography and every industry is experiencing a sharp increase in attacks from those looking to take advantage of the distractions and disruptions that COVID-19 has created.
Our team is on the front lines. In a breach, we are often the second phone call after the remediation firm, helping lock down privilege activity, rebuilding the integrity of the environment and restoring secure operations. In recent engagements, we have seen ransomware, including Maze, adding data exfiltration to data encryption tactics. Attackers move laterally across the network, escalate privilege access, steal unencrypted files and encrypt vulnerable devices crippling organizations. This pattern can be seen in the headline-grabbing Twitter event, attackers compromised internal administrative tools, changed e-mail addresses to gain access and hijacked high-profile verified accounts.
Based on research from our labs team, we believe the privilege escalation used in the Twitter attack could have been mitigated with PAM controls, including isolating access, session monitoring, behavioral analytics and least privilege at the endpoint. The Maze, Twitter and recent COVID-19 vaccine attacks demonstrate that the privilege pathway is the attack vector of choice, putting PAM as a top priority.
Organizations have responded to the pandemic, rapidly adjusting how they support employees, how they go to market and service customers. After establishing their work-from-home operations, they are now focused on securing new environments, endpoints, applications and access across users from IT and SaaS administrators to developers and third-party vendors.
There is little debate, 2020 will be viewed as the great digital accelerator as companies embrace cloud and SaaS solutions to deliver efficiency, innovation and rapid time to value. When you look at the quarter, we were pleased to deliver results ahead of all guided metrics, with total revenue of $106.5 million, non-GAAP operating income of $17 million and non-GAAP EPS of $0.42 per share. These broader market trends resulted in positive momentum in our business with record recurring license revenue, record SaaS bookings, record growth in Endpoint Privilege Manager as well as strong demand for Application Access Manager and for our Core Privileged Access Security Solutions delivered both on-premise and in our Privilege Cloud.
We were particularly pleased with our results, especially given our revenue headwind from acceleration of our SaaS and subscription business. On the new business front, we signed more than 170 new logos, including great logos like a Fortune 100 retailer, a born-in-the-cloud technology company, a European car manufacturer and various global government agencies. Our wins in the second quarter were across verticals, geographies and customer size, including the mid-market, demonstrating that every company needs a secure privileged access.
Overall, the impact of the pandemic was in line with our expectations and was contained primarily to the speed of deal progression with prospects who more closely scrutinize budgets for new IT initiatives. Josh will talk about the new business dynamics later in the call.
At the same time, existing customers are increasingly turning to CyberArk as a trusted adviser to strengthen their security posture, given the heightened threat environment. As privileged access proliferates through the enterprise, they are first expanding their PAM footprints with Core Privileged Access, then extending the deployments based on our PAM Blueprint methodology to include Application Access Manager and Endpoint Privilege Manager.
As an example, a large existing S&P 500 customer described the foundation of its security strategy as CyberArk Everywhere. In the second quarter, this customer added more than 2,000 Core Privileged Access users to provide visibility and access across its data centers and Azure environments. This customer will also leverage Application Access Manager to secure its robotic process automation, or RPA initiative, as well as Kubernetes and Jenkins.
As I highlighted, SaaS bookings accelerated in the quarter, and I want to highlight a few of our wins. An existing Endpoint Privilege Manager customer purchased Privilege Cloud to lock down the privilege pathway, Alero for third-party access and Application Access Manager to secure its applications as well as its vulnerability management solution.
In a competitive revenue replace deal for Endpoint Privilege Manager, a major U.S. insurance company chose CyberArk to secure more than 130,000 endpoints with our SaaS solution because of our enterprise scale to support the new work-from-home or work-from-anywhere imperative as well as our ability to block ransomware and prevent credential theft at the input.
A global law firm was reducing its data center footprint and consolidating infrastructure. Because of the increased risk of this consolidation, this customer prioritized its comprehensive PAM program and purchased our 3 SaaS solutions: Endpoint Privilege Manager, CyberArk Privilege Cloud and Alero, as well as Application Access Manager to secure its DevOps environment.
While interest has increased for PAM delivered as a service in specific verticals, the mid-market and the low end of the enterprise, I want to highlight that we continue to see strong demand in the large enterprise for on-premise delivery. However, with the macro uncertainty in the first half of 2020, more customers are asking for the flexibility of subscription pricing for their on-premise deployments, which contributed to our record recurring license revenue and bookings in the second quarter.
From a geographic perspective, while our business continues to be well diversified, we were very pleased with APJ's revenue growth of 20% in the second quarter, including early traction in Japan. Our partner ecosystem continued to play a key role in our success in the second quarter, and about 65% of our revenue was from indirect sales. Our advisory partners like Deloitte, PwC, KPMG and Accenture continue to influence new and add-on business. C3 Alliance partners, like Automation Anywhere, Blue Prism and UiPath in robotic process automation; Tenable and Rapid7 in vulnerability management; and Red Hat and DevOps help differentiate CyberArk in the market.
I'd like to make a few comments on our CyberArk Impact customer event. Our Impact event is always very rewarding for me. It is the world's largest gathering of cybersecurity professionals dedicated to securing privileged access. By conducting a virtual event, we were able to extend our reach and engage more than 11,000 individuals globally. This year, I spent considerable time with Chief Information Security Officers discussing the threat landscape and how we can help mitigate customer risk. Our customer base views CyberArk as a trusted adviser that delivers a meaningful layer of security essential to the business and execution of their long-term strategic goals.
In meeting after meeting, they reinforced their reliance on CyberArk as a critical partner in securing their business success. During the event, I shared our vision for identity security, which directly aligns with the trends we are seeing in the market. In today's mobile, digital and cloud world, along with remote workforces, access continues to grow exponentially. All identities, human, applications, machines and automation tools can become privileged under certain conditions. This expands the attack surface, if not properly secured. We believe the traditional approach to managing identities is no longer sufficient.
Our identity security strategy will provide customers with peace of mind, knowing that Privileged Access Management is at the foundation of our platform while also reducing user friction with intelligent access from Idaptive. We are taking a unique modular approach to our identity security platform, which will allow customers to leverage their investments in other technologies.
Early feedback from Impact on the acquisition of Idaptive and our strategy has been incredibly positive from customers and partners alike. The integration of Idaptive is well on its way, and our first step is to offer Idaptive AI-driven multi-factor authentication across our products and solutions. Idaptive's team hit the ground running, winning new customers and building pipeline even with virtual introductions.
As we look at the remainder of the year, we expect the uncertainty of the global pandemic to continue to create some level of headwind, particularly with new customers. With that said, we are in a market that is rich with opportunity. We are benefiting from work-from-anywhere and digital transformation paradigms, demonstrated by the record quarter for our SaaS solutions as well as the strong momentum with Application Access Manager.
Our customers are turning to CyberArk to reduce risk with Core Privileged Access. We have a robust growing pipeline of new opportunities and a loyal base of existing customers. We are making smart investments and are executing our strategy and infusing the business with more and more recurring revenue. I am confident that this combination will drive long-term growth and shareholder value.
Before turning the call over to Josh, we hope that all of you are safe and well during this challenging time. Josh will now discuss our financials in more detail and the outlook for the third quarter. Josh?
Joshua Siegel - CFO
Thanks, Udi. We are pleased to deliver results ahead of our guidance. Total revenue was $106.5 million compared to $100.2 million in the second quarter last year. License revenue came in at $47.9 million in the second quarter of 2020 compared to $52.2 million last year.
As Udi mentioned, while COVID-related headwinds persisted for new business sales in the second quarter, we also experienced positive trends, including our best-ever quarter for SaaS, increased engagement and expansion deals with existing customers and record pipeline growth across our portfolio for both existing and new customers. If we dig deeper into the drivers of license revenue, existing customers continue to move forward with their mission-critical PAM programs and add-on business represented over 75% of license revenue during the second quarter.
We were pleased to sign more than 170 logos, but what we did see, the combination of these customers making shorter-term purchasing decisions because of the economic environment and an increase in SaaS bookings resulted in smaller average new business deal sizes during the second quarter. On the product side, Application Access Manager and Endpoint Privilege Manager represented about 15% and 9% percent of license revenue, respectively. As Udi mention, EPM had a record quarter. Consistent with our strategy, more than 75% of our EPM bookings were for SaaS, making the revenue contribution from this solution a lagging indicator of its overall success.
In the second quarter, we generated record revenue, recurring license revenue of $12 million or 25% of license revenue amount. Our recurring license revenue breaks down to 10% of license revenue from SaaS and just over 15% of license revenue from on-prem subscription deals. For comparative purposes, in the second quarter of 2019, our recurring license revenue was $2.5 million or just 5% of license revenue in total.
Taking a step back from revenue, I wanted to talk briefly about bookings and pipeline. The second quarter was a record for SaaS and subscription bookings. Our strategy to infuse the business with more recurring revenue is working. However, our record SaaS as subscription bookings resulted in over $9 million revenue headwind for the second quarter, reducing our total revenue growth rate by about 9%.
In terms of the pipeline, we had a strong growth in the second quarter across new and add-on customers, our SaaS portfolio, Application Access Manager and our Core Privileged Access Security Solutions. We have also seen an overall shift in the pipeline towards more SaaS and subscription deals as customers look for more pricing flexibility because of the macro environment, more efficiency from SaaS delivery and increased automation from digital transformation strategies, as Udi talked about earlier.
Our combined maintenance and professional services revenue was $58.6 million, increasing 22% year-on-year. $48.7 million came from our maintenance contracts as our renewal rates continued to be strong during the quarter, reinforcing that PAM is mission-critical within the security stack.
In total, our recurring revenue, which combines maintenance, SaaS and subscription, was about 57% of total revenue in the second quarter. That's compared to about 41% in the second quarter of last year. The Professional Services revenue associated with this line was $9.9 million or 9% of total revenue, consistent with past period levels.
The business was well diversified across geographies. The Americas revenue in the quarter was $64.5 million, representing 61% of total revenue, up from $61.8 million in the second quarter last year. EMEA revenue was $30.4 million or 28% of total revenue in the second quarter, also up from $28.7 million last year. APJ generated $11.6 million in revenue, representing 11% of total revenue and growing 20% year-on-year, up from $9.7 million in the second quarter of last year.
In terms of verticals, we experienced strong year-on-year growth in insurance, pharmaceuticals, telecom and health care during the quarter. We did close deals in the industries impacted by the global pandemic, but not surprising, the bookings in retail and transportation and travel declined as a percentage of total during the second quarter.
As I move through the P&L, all line items will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release and posted to our website. Our second gross profit -- our second quarter gross profit was $90.7 million or an 85% gross margin. That's a decline from 88% gross margin in the same period last year. The decline is primarily related to the increase in our SaaS revenue mix during the quarter, including the acquisition of Idaptive as well as ongoing investments in our cloud infrastructure.
We continue to make disciplined investments across the business. R&D grew by 34% year-on-year to $19.5 million as we made key investments to deliver innovation and enhance our SaaS solutions. Sales and marketing increased 18% to $45.4 million to extend the reach of our sales team globally, and G&A increased 10% year-on-year to $8.8 million. So in total, operating expenses for the second quarter increased 21% to $73.8 million, and that's compared with $61.2 million for the second quarter last year. Still, our operating income was ahead of our guidance at $16.9 million or 16% operating margin.
Including in our results that I just summarized are approximately 6 weeks of revenue and expenses related to the acquisition of Idaptive. Overall, as Udi mentioned, we were pleased with the early traction of Idaptive. Total Idaptive revenue recognized in the quarter, net of the purchase price accounting adjustments, was approximately $1.5 million in SaaS revenue and $300,000 in professional services, totaling $1.8 million.
For context, if we had not made any accounting adjustments, total revenue from Idaptive for the same 6-week period would have been approximately $2.7 million in the quarter. The impact to our expense line from Idaptive was approximately $1.1 million in cost of goods, lowering our gross margin by about 1 percentage point and an additional $2.8 million in operating expenses. In total, Idaptive lowered our operating margin by approximately 2%. Over 70% of our operating expenses are related to headcount.
We ended the first quarter with 1,637 employees worldwide, including about 125 employees with the acquisition of Idaptive. This is up from 1,254 employees at June 30, 2019. Of our total employee count, 752 employees are in sales and marketing compared to 588 at the end of second quarter last year. Net income was $16.7 million or $0.42 per diluted share for the second quarter of 2020 as compared to $23 million or $0.59 for the second quarter of 2019.
We were pleased to generate $53 million in cash flow or 25% margin for the first half of 2020. This cash flow contributed to our strong balance sheet and when we ended the quarter with $1.1 billion in cash and investments, this cash balance reflects the approximately $67 million payment during the second quarter related to the acquisition of Idaptive.
We ended the second quarter with $226 million in total deferred revenue. That's a 30% increase from $174 million at June 30 last year. Approximately 12% of total deferred revenue or $27 million is related to recurring SaaS contracts. That's compared to 3% of total deferred related to SaaS contracts at June 30 last year.
Now turning to our guidance. As a reminder, our guidance does not consider any potential impact to financial, other income and expenses associated with foreign exchange gains or losses as we do not try and estimate future movements in foreign currency rates. So for the third quarter of 2020, we expect total revenue of $107 million to $115 million, which assumes about $9 million in revenue headwind from our increased mix of SaaS and subscription bookings expected in the third quarter of 2020 as compared to the bookings mix from a year ago.
We expect non-GAAP operating income to range between $8 million to $15 million and non-GAAP net income per diluted share of $0.19 to $0.33. Our guidance assumes approximately $3 million in SaaS revenue from the acquisition of Idaptive, net of purchase price accounting adjustments, and approximately $8 million in expenses for the full quarter. Our guidance also assumes 39.8 million weighted average diluted shares at a tax rate of approximately 23% for the third quarter.
In the near term, we expect ongoing economic uncertainty and the rolling nature of the global pandemic to impact our ability to predict our results, particularly for new business and various industries. In addition, while we have a robust pipeline, we also do not yet have full visibility into potential budget flush for the fourth quarter at this time. As a result, we are not providing guidance for the full year 2020. We did want to provide, though, a bit of color on our hiring in the back half of the year, and we expect to add approximately 30 to 35 people in the third and fourth quarters each.
We continue to see strong momentum in our business and a real business need for reducing risk, both from new and existing customers. We are making the right investments in the business across our cloud solutions and in Core Privileged Access that we believe will position CyberArk to accelerate growth as the environment improves.
I will now turn the call over to the operator for Q&A. Operator?
Operator
(Operator Instructions) Your first question comes from Shaul Eyal with Oppenheimer.
Shaul Eyal - MD & Senior Analyst
Congrats on results. Udi or Josh, I have a question that could be a bit tricky here. So we understand that SaaS is gaining steam, whether it's a product agility, the payment flexibility that was noted also by Udi in his prepared remarks, knowing and understanding that CyberArk carries a predominantly on-premise business model, can you maybe qualitatively talk about the potential long-term impact from your module expansion, have you looked into it? We have EPM, Privilege Cloud delivering on Idaptive that is coming as a platform or maybe slightly more in a modular manner depending on the customer. But do you have a rough estimate about the potential longer-term revenue uplift that you could be seeing from a gradual migration to more of a subscription model?
Ehud Mokady - Founder, Chairman of the Board & CEO
So I would say -- Shaul, first of all, I think -- thanks for the congrats. And we're really pleased about the quarter and especially the ability to accelerate the SaaS contribution. I would say, yes, the majority of the customer base has consumed our on-prem solution. And the infusion strategy is really working. We're seeing more and more adoption and, while in parallel, we're increasing our SaaS portfolio. So it's coming together, we've been increasing our SaaS portfolio, growing adoption, and we expect more of that with Idaptive. I think, overall, as we've seen other companies, we believe that both customers and, of course, the financial strength here will benefit from the fact that the more and more we have recurring subscription as we expand our offerings, the more value both our customers will get and, of course, CyberArk will benefit. So strategically, this is going in the right direction, the way the customers want to buy because that's been very important for us, deliver on-prem, deliver SaaS based on how the customer wants to buy. But in the long term, I think we will benefit from the fact that there's a growing portfolio, and we can get this loyalty and growth with subscription.
Shaul Eyal - MD & Senior Analyst
For sure. And also, Josh, the few dozens of employees that will be added within the second half period to your headcount, is that mostly R&D or some sales and marketing? What are you expecting to fill those positions mostly in?
Joshua Siegel - CFO
Yes. No, Shaul, there will be -- the majority will be R&D. And then the second place will be on the sales front as we start to think about already in the second half, building sales capacity for next year. R&D and sales.
Operator
Next question comes from Saket Kalia with Barclays.
Saket Kalia - Senior Analyst
Maybe first for you, Udi, just maybe a little higher level. Can you talk about the competitive landscape a little bit? I guess, more specifically, are you seeing anything from some of the players that were acquired within the last 18 months or perhaps others that have changed in the last couple of quarters? Just talk a little bit about the competitive landscape as you see it over the last couple of quarters.
Ehud Mokady - Founder, Chairman of the Board & CEO
Sure, Saket. Thanks. First of all, I would say that in general, we don't see a real change in the competitive landscape. CyberArk has really been extending our market leadership, both in PAM, again, with our growing innovation and growing SaaS portfolio, but further now with our identity security vision, after acquiring Idaptive, I think we continue to break away and lead this market. I think in this environment, the strong financial position has become even more important for customers. And so on top, of course, of the technology and leadership in the space, we benefit from being that trusted customer, that customers in this environment can continue to invest in.
I would say that the opposite applies to the piggyback ones that find it harder to invest in innovation in this environment. So I would say overall, continued market leadership, some vying for kind of the distant top 2 and 3 position between themselves.
Saket Kalia - Senior Analyst
Got it. That makes a lot of sense. Maybe for my follow-up for you, Josh. Josh, can you just maybe remind us of the cash flow profile for your SaaS and on-prem subscription contracts, if you will? Are they annually advanced or any other model? And just maybe compare and contrast that for us to your traditional perpetual license/maintenance model, if you will.
Joshua Siegel - CFO
Yes. Thanks. Absolutely. So we think about our -- when we think about the SaaS and subscription, we're typically going to be seeing cash on an annual basis for those projects and for those transactions, whereas in perpetual, we saw the perpetual upfront together with a 1-year or greater maintenance contracts. So I think that's one of the things that we'll see different. So in one respect, we'll be spreading out a little bit the cash over the contract of the SaaS and subscription terms.
We were pleased in the first 6 months that we generated $53 million in cash flow from operations. That's 8 percentage points above our net income margin. And that's kind of as we continue to build out and sell more and more SaaS, that's kind of playing out nicely for us. So we see -- over time, we're going to be building in kind of a lot of future cash flow off of these -- off of the new SaaS and subscription contracts.
Operator
Next question comes from Sterling Auty with JPMorgan.
Sterling Auty - Senior Analyst
You mentioned a couple of times the pipeline. I'm just wondering if you can at least qualitatively describe where the pipeline sits versus pre-COVID or maybe a year ago, and what you're seeing in terms of sales cycles.
Joshua Siegel - CFO
Yes, Sterling, I'll start here. What we're seeing actually this year on pipeline is really across all of our products and across even existing and new customers, we're seeing really record growth in the pipeline. So -- and that was not impacted by COVID. We saw it in Q1, and we saw it continue as well into Q2, and that's compared to Q1 and Q2 of last year. So we're pleased to see really where the openings are coming from and the pipeline developing and progressing. And again, not just for core PAS, but also for our Application Access Manager for our new SaaS products and for -- and of course, for EPM, the likes. I think one of the things also we look at is coverage growing as well, which in this environment, we also like to see.
Sterling Auty - Senior Analyst
Absolutely. And then 1 follow-up. You mentioned kind of coming in after incident response has happened as kind of a first call. Are you actually being brought in directly by the incident-response companies? And if so, who are you seeing the most traction with?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes, Starting. Yes. Yes, we're often invited either by the customer or recommendation from the incident response firm. It's very interesting and often gives us the opportunity to help in the recovery, and of course, get that trusted adviser position that later follows on with Privileged Access Management as a layer. So when it's not driven by customer, I would say incident response firms that invite us the most is probably Mandiant. But we've seen several others invite us, including, I would say, vendors that have incident response arms that calls in.
Operator
Next question comes from Fatima Boolani with UBS.
Fatima Aslam Boolani - Associate Director and Equity Research Associate Technology-Software
Udi, I'll start with you. I think on a number of different occasions in the prepared remarks you alluded to the pandemic's impact to new logo and new business progression. So I just wanted to get a little bit more detail on what were -- or what are some of the gating factors around new logo and new business activity, particularly if the priority for PAM and PAS projects have catapulted to the front of the line? And then I have a follow-up for Josh.
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. No, absolutely. So I -- first of all, I think we're really pleased to see the add-on business muscle really behave normally and with normal cycles and be such a big lift for us, and also with the ability to bring it on and so the 170 new logos in this environment. I think we were very happy with that. But what we are seeing and I think it's natural and across the board that you can be, and PAM can be a very high priority. But just given the environment, they are much more -- there's much more scrutiny in priority, much more scrutiny in looking for budgets and longer approvals. And so that's kind of the new normal on the new logos. And therefore, we're factoring that and making sure we have a wider pipeline like Josh mentioned, and that we're factoring for, right now, longer cycles when it comes to new accounts.
But again, there's some mitigating factors on the fact that we have the SaaS portfolio to address some of them, that we can offer subscription pricing to some of them. So there's growing mitigating factors.
Fatima Aslam Boolani - Associate Director and Equity Research Associate Technology-Software
Fair enough. Josh, a question for you. If I look at the sequential compression in gross margins, I think you talked through about 100 basis points of that 300 basis point compression due to Idaptive. I'm wondering what the other dynamics were that caused that level of compression in gross margins, particularly if the recurring license mix largely skewed to TBL versus SaaS this quarter. Just wanted to parse that impact out as to why the impact to gross margins would be so dramatic. And that's it for me.
Joshua Siegel - CFO
Yes. Thanks for that. Yes, absolutely, 1% coming from Idaptive. And then really the other 1.5% coming from the SaaS business, from CyberArk as we -- CyberArk really increased its SaaS on EPM, started to sell into Alero and Privilege Cloud. So we saw a really large uptick on the organic Cyber SaaS products. So that also impacted as well on the gross margin.
Operator
Next question comes from Brian Essex with Goldman Sachs.
Brian Lee Essex - Equity Analyst
Udi, just one quick question on deal progression and the nature of some of the large deals that you're seeing on the privileged access side, particularly with regard to some of the consulting firms that you called out as partners. How many of those deals are larger -- particularly like with respect to like Deloitte and Accenture and so forth, how many are kind of multi-vendor or larger identity deals versus exclusive privileged access deals? And how often is this kind of a larger consolidated effort on behalf of the customer to just revamp their identity management, I guess, profile?
Ehud Mokady - Founder, Chairman of the Board & CEO
So Brian, I think it would be hard to generalize. But if I would -- if I -- if we look at the engagements, very often what the big 4 and the consulting firms do for us is actually drive the PAM practice at those firms, we may have a beachhead of the account or we're coming together to the account and they would drive a PAM program. And so kind of we see that phase very often. It could be part of a larger identity initiative. And more and more in recent years, there's a PAM-first approach. Let's get the -- let's secure the keys to the kingdom first before doing the others. But you're right. In some cases, if you zoom out, we can see that, that is part of a larger identity initiative. And then in these firms, the group that's working the PAM effort is also collaborating with their -- the Deloitte or PwC team that's doing identity. With our expansion to identity security and with the acquisition of Idaptive, we, of course -- we'll continue a modular approach and to collaborate with other identity initiatives that have started with other vendors, but believe we'll also be able to take an even greater share of those identity programs.
Brian Lee Essex - Equity Analyst
Got it. That's very helpful. And maybe just as a follow-up for Josh. Maybe could you put a little bit of a finer point on the guidance for the third quarter operating expenses, elevated costs relative to Idaptive seem to be a little bit higher than this quarter. Maybe just kind of pointing where we should expect, I guess, outside of sales and marketing headcount, R&D headcount, I don't know if that's the lion's share of it, but how we're thinking about spending for Idaptive's expansion integration relative to other potential OpEx increases throughout the business?
Joshua Siegel - CFO
Yes. Brian, thanks for the question. So as we called out in the call, we're talking about $8 million of total expenses, of which $6 million are in OpEx, right? I'm sorry about -- because if you recall, when we talked about the increased expenses in the first -- for Q2, it was only for 6 weeks. So that's the jump in the expenses for the full quarter of Idaptive. And when we think about where we're going to see those increased expenses, it's really going to be on the R&D from the recruit. Like I talked about, the majority of the headcounts will be on the R&D side and as well as on sales. And the R&D is really focused on still building out our SaaS infrastructure for our SaaS products, but also for the integration of Idaptive products with CyberArk products. So I would say it's going to come out of the R&D and then next in sales.
Operator
Next question comes from Jonathan Ho with William Blair.
Jonathan Frank Ho - Technology Analyst
Congrats on the strong quarter. I just wanted to maybe start out with the cross-sell opportunity that you're seeing with Idaptive in your core products. And maybe how often do you think the 2 will be purchased together? Will Idaptive be sort of a separate tip of the spear? I'm just trying to understand how you think about that go-to-market motion?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. Jonathan, it's relatively new, but the timing for us was great because we announced the acquisition in May. We're able to gear up initial integration and then really come out with it in our Impact event, and really test the water with customers. So I think kind of ideal to have an acquisition, begin to integrate and then have the opportunity to showcase it to our customers. So I think the strategy right now will -- and -- is really to leverage the amazing customer base that we have. And they've selected CyberArk for this critical layer in PAM and now extend with Idaptive to other use cases around their regular users.
As I mentioned in my prepared remarks, first out of the gate, we'll be offering integrated, I must say, into the CyberArk solutions, but we will be able to upsell the rest of the Idaptive suite to the cyber customers. In parallel, we're going to keep the muscle that -- and enhance the Idaptive muscle to also go after stand-alone opportunities. But that would be a new element for us where really the bigger access to market is leveraging our customer base.
Jonathan Frank Ho - Technology Analyst
Got it. Got it. That makes a ton of sense. And just as a follow-up. When we think about the opportunity in the mid-market, I think you called that out as an area that saw some strength this quarter. Can you talk about maybe the dynamic here and what's making that market more attractive?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. I think what we're seeing is we can be very strong in where we're coming from in the enterprise space. But that PAM demand is also growing in the lower -- in the smaller enterprise and the high end of the mid-market. And the fact that CyberArk now has a SaaS portfolio makes it easier for us to go after that market as well. So I would say dynamics are obviously smaller deal sizes, but often shorter sales cycles and nicely augmenting the enterprise approach, which is still the most strategic for us to keep the leadership and expand it.
Operator
Next question comes from Rob Owens.
Robbie David Owens - MD and Senior Research Analyst
It's Rob Owens from Piper Sandler. Thank you for the visibility in and around the headwinds created by the SaaS business. And I appreciate you unpacking that for us. But can you give me a sense of, relative to the Q3 guide and the headwinds, given your commentary around pipeline, why it would be a flexed quarter-over-quarter headwind in terms of dollar amount?
Joshua Siegel - CFO
Rob, this is Josh. Good to talk to you. I think, again, we're anticipating certainly some transition headwind also in the Q3 guidance. And I think what we tried to do here when we gave a range on guidance was really to capture, also knowing that we're not certain exactly where that mix is going to come out. The pipeline is growing. As you said, it's robust. We have good visibility, particularly on the add-on customers, on the existing customers. But as we've said in the call, when it comes to new customers, the progression through the pipeline and the visibility for when those are going to close becomes a bit harder to predict. And then on top of that, you have the mix of whether or not they're going to go off the SaaS or the subscription or the perpetual. So I think we feel comfortable with where we are on the guidance. We tried to provide a range that captures kind of a few different types of scenarios for us and we like where it's heading over the next several quarters based on the pipeline.
Robbie David Owens - MD and Senior Research Analyst
Great. And then following up, given we are in the third quarter, any high-level thoughts around the U.S. federal opportunity? And would you expect this to be a normal U.S. federal quarter? Or do you think that COVID will have an impact on that?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. I think it's a new normal for everyone. So I think it's the first federal quarter in this environment. We've had a lot of success throughout the year in federal. And so again, we're counting on a close to normal in this normal -- in the new normal environment and leveraging some of the, I would say, access to customers that we've gotten. We're also investing in getting our SaaS products Fed-ready to be able to take that to the federal market as well.
Robbie David Owens - MD and Senior Research Analyst
Is there any time frame around when those might be Fed-ready? And how long it typically takes?
Ehud Mokady - Founder, Chairman of the Board & CEO
It's a process. I'm not ready with an answer here yet. And Idaptive, it's just gotten on board, but it's super important for us. Some of -- it's a pipeline, like some of our solutions are already in play, and now we're adding Idaptive to the Fed ramp mix. But we've successfully sold, of course, our core PAM, our Application Access Manager, our EPM to the federal market. Super strategic and important for us.
Operator
Next question comes from Hamza Fodderwala with Morgan Stanley.
Hamza Fodderwala - Research Associate
So I just -- first question for Udi. I wanted to dig into a little bit more on the prioritization of PAM and the more distributed work environment. As far as what you saw in Q2, did you start to see that increased demand and prioritization sort of come later in the quarter? And is the expectation that it will start to translate more to the actual results into the back half of next year as budgets start to come back. Is that the progression that you see as it relates to your PAM portfolio?
Ehud Mokady - Founder, Chairman of the Board & CEO
Hamza, Udi here. So I would say that the linearity is the linearity in our quarterly sales and not really the reflection of the PAM opportunity. As we walked into COVID, it was important for us to see -- first you saw organizations really just trying to get that initial connectivity going, but that was last quarter. In this quarter, we saw that, when you engage with the customer, they understand that the perimeter basically evaporated overnight. And there is no perimeter. And it may take 1 step, it could take 2 steps, but -- and the attacker can get privileged access to the heart of their IT infrastructure. So the priority is up there. It's also in, I would say -- the analysts in the industry are putting it really as the top thing to do. But with the new account, we obviously have to go through the regular education and prioritizations that we need to go through. I think it's only getting up there over, if I look -- if I reflect it couple of quarters ago in terms of awareness. I look at meetings, at Impact with Chief Security Officers, they start with, this is my most critical control. Some say, this allows me to somewhat sleep at night. CISOs don't really sleep. But -- so we're seeing that continue. And -- but we have to navigate the COVID environment when it comes to new logos.
Operator
Next question comes from Andrew Nowinski with D.A. Davidson.
Andrew James Nowinski - MD & Senior Research Analyst
Congrats on a nice quarter in a tough environment. I want to start with a high-level question. It just looked like the Twitter attack that happened this quarter was largely a Privileged Access Management attack. So I'm wondering if that resulted in any improvement in the pipeline when it hit because it does highlight why PAM is such a high priority.
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. Yes, Andrew, I think once every couple of months, there's just an event that is a Super Bowl commercial for PAM. But I think when -- in the CECL community, it's -- this will be an incremental effect because they get it. So I wouldn't say that this would dramatically drive pipe. Pipe is growing because the awareness is there. It's just another example for organizations to help prioritize this, to just get into the nitty-gritty of understanding that 2 hops and you're -- and it's down to privileged access to defend from a takeover. So I would say it's another positive and it's kind of latching onto the education of past events, industry reports and so.
Operator
Next question comes from Daniel Bartus.
Daniel Bartus - Research Analyst
I guess I'll just ask one for Udi. Nice quarter on the AAM side of the business. Curious, has the competitive landscape changed there at all? And who are you seeing most in the market competitively on this side of the business?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes, absolutely. So when I answered earlier that no change in the competitive landscape, I kind of referred to the regular PAM vendors when it comes to PAM. But you're right at your point, the 1 vendor we see with regards to securing secrets is Hashi, which comes from the, I would say, the developer world and less from security. We've seen great growth especially in -- and that's the most strategic piece of our portfolio in the product lines that's securing modern applications based on our acquisition of Conjur in 2017, the dynamic applications and securing secrets. And we're coming in more from security. We see them often seated through open source in accounts, but we get a lot of wins when it's a security-driven approach. And it's a very important piece of our portfolio, and we can tell a full PAM story and platform, deliver a full PAM platform to the customer for humans and for applications. And we'll continue to invest in this line. We'll -- and also continue to invest in partnerships like the partnership with Red Hat.
Operator
Next question comes from Daniel Ives with Wedbush Securities.
Daniel Harlan Ives - MD of Equity Research
Just a question in terms of hiring. I mean could you talk about maybe just you get a lot more inbound from a sales perspective than you were? And just maybe talk about the type of sales personnel that you're looking for in the field, especially given the broader sales approach..
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. Dan, I would say that the people are very amazingly adjusting. I look at our sales team, they adjusted amazingly to this environment and also credit to the customers and prospects out there. People are engaging, people are meeting, people are having proof of concepts. So I would say we've always hired very dynamic people. And as you look in this environment and as we bring on the new type of sale persona is one that's able to navigate an environment where you can't have a series of face-to-face meetings, where you are leveraging the technology partnership, you're leveraging the big 4. It's always -- it's more people who know how to work in a team or an ecosystem to drive value all across. You've seen an increase in -- great contribution in our indirect business. And so really, that's a great way to navigate this environment, leverage the access that the channel partners have, bring value and close the deal.
Operator
Next question comes from Gur Talpaz with Stifel.
Gur Yehudah Talpaz - Analyst
Okay. Great. Udi, you talked about a large EPM displacement. I was hoping you could talk about what you're actually displacing. And then more importantly, how do you view the overall displacement opportunity across the business as we look into the future?
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes, Gur, I was thinking about that as I was answering the competitive landscape. One attribute we're seeing, again, there's the lot of greenfield out there, but there is a displace when customer turned -- when customers turn strategic. I would say, we're seeing a displacement across the board. In that specific example, we -- I believe we replaced an another technology that could not scale. I can't recall if that was -- that example was BeyondTrust or Thycotic, but it was 1 of them when it came to the ability to scale. And that's been a big advantage for us. Again, when the customers go for a full PAM program, EPM has been a big one on displacements. There's also more and more CA -- Broadcom CA type displacements going on. And we had some important wins in the quarter on that front, too. But that was classic PAM.
Operator
Next question comes from Gregg Moskowitz with Mizuho.
Gregg Steven Moskowitz - MD of Americas Research
Congrats on the quarter. I think it's a big deal that SaaS and subscription made up 25% of license revenues versus 5% a year ago, and that SaaS is 12% of deferred versus, I think you said 3% a year ago. And you mentioned that more customers were requesting on-premise licenses to be delivered as a subscription. Now that this is in motion, what I'm wondering is, why not go on offense and actually try to sell more term licenses? And I realize that there is a near-term cash flow headwind, but conversely, more on-premise subscription contracts would drive, obviously, more recurring revenues and very likely a higher LTV as well. So your perspective on that would certainly be appreciated.
Ehud Mokady - Founder, Chairman of the Board & CEO
Yes. Gregg, it's a great question, and you're right, we're very pleased. And like Josh said, we're very pleased to see that part of the business accelerate. And again, the infusion with SaaS is -- was very deliberate, but then also seeing that the customers, they want it on-prem, but as subscription is another way to increase our recurring revenue, so we're very pleased with that. But right now, for that example, for the on-prem as subscription, it's hard for us to determine how much of that is -- of that acceleration is COVID related and how much is going to be the new normal where they want to go term-based on -- for the on-prem. So actually, what we did is we put together a cross-functional team here at CyberArk, led by Matt Cohen, our CRO to determine how this -- if this will persist, what are their buying patterns going into the future. And right now, the leading strategy is we're going to sell to the customers, how and where they want to buy. Do they want perpetual? Do they want on-prem, but subscription? Do they want, of course, the SaaS portfolio, which we are promoting. And after we finish that deep dive, we'll decide, to your point, is -- do we further accelerate on that strategy.
Operator
Next question comes from Catharine Trebnick with Colliers.
Catharine Anne Trebnick - VP & Senior Research Analyst
Could you put a finer point for us on the split you see between licenses and maintenance for the quarter? I know you've been saying you don't need those yet. Can't really predict it, but could you at least give us a little bit more of a hint? Traditionally, you do well second half of the year on license revenue, especially in Q4.
Joshua Siegel - CFO
Yes. Catherine, I think basically, if you want to -- for further breakdown into license and maintenance, I would follow the model, which is basically maintenance will continue to be what we carried last quarter with the additional licenses going forward. And I would say that the maintenance will probably grow in line at about 20% of the licenses that we'll do for next quarter. And also kind of a finer tune -- finer point on professional services, we're still running really the 7% to 9% of that -- of total revenue will be in professional services.
Operator
Next question comes from Taz Koujalgi.
Imtiaz Ahmed Koujalgi - Director of Technology, Media & Telecom and Analyst
Question for Josh. You mentioned that a lot of customers chose to go with subscription for your on-prem offerings. Can you tell us how much deal compression happens when customers choose a subscription form factor versus, I guess, on-prem? How much is the deal size lower when you go from a perpetual to subscription?
Joshua Siegel - CFO
Yes. Taj, it kind of depends on how long of a subscription contract they take. If they're taking a 3-year, then it's going to be pretty close very much to a perpetual transaction. And if they're taking a 1-year, it's going to be closer to probably half of that.
Operator
At this time, I'll turn the call over to the presenters.
Ehud Mokady - Founder, Chairman of the Board & CEO
Hi, everyone. Udi back again. I just want to thank our customers, partners and employees for continuing and contributing to our success in the second quarter. And to everyone here, stay safe and be well. Thank you.
Operator
This concludes today's conference call. You may now disconnect.