Mimecast Limited (MIME) 2019 Q1 法說會逐字稿

Good day, ladies and gentlemen and welcome to the Q1 2019 Mimecast Earnings Conference Call. At this time, all participants are in a listen-only mode. Later we will conduct a question and answer session and instructions will be given at that time. (Operator Instructions) And as a reminder, today's conference call is being recorded.

I'd now like to turn the conference call over to Robert Sanders, Director of Investor Relations. Please go ahead.

Welcome to Mimecast's earnings call for the fiscal first quarter of 2019 ended June 30, 2018. I'm Robert Sanders, Director of Investor Relations. With me on the call tonight are Peter Bauer, our Co-Founder, Chairman and CEO, and Peter Campbell, our CFO. Tonight's conference call is being broadcast live via webcast. A replay of this call will be available on the company's website approximately 2 hours after the live call has ended.

We will make forward-looking statements tonight regarding future events and future financial performance of the company. These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those in the forward-looking statements. We caution you to consider the important risk factors that could cause actual results to differ materially from those in the forward-looking statements contained in today's press release and this conference call. These risk factors are further defined in Mimecast's most recent Form 10-K filed with the Securities and Exchange Commission.

During this call, we will present both GAAP and non-GAAP financial measures. These non-GAAP measures are not intended to be considered in isolation from, a substitute for, or superior to our GAAP results, and we encourage you to consider all measures when analyzing Mimecast's performance. A reconciliation of certain GAAP to non-GAAP measures is included in today's press release, which can be found in the investor relations section of our website.

The date of this call is August 9, 2018. Any forward-looking statements we make today are based on assumptions that we believe to be reasonable as of this date. We undertake no obligation to update these statements as a result of new information or future events.

Now I would like to turn the call over to Peter Bauer. Peter?

Good evening. Thank you all for joining our first quarter 2019 earnings call. I'll start tonight's call by highlighting our strong start to the year and share some of our accomplishments. Next I'll discuss our platform expansion with the introduction of our new services of Web Traffic and Security Awareness Training. Then I'll cover some unique technology that we've acquired to extend our security capabilities and strength cyber resilience for our customers. As we've done in past calls, I'll touch on some new customer engagements to give you a sense of our progress too, and then I'll hand over to Peter Campbell, our Chief Financial Officer, to cover our results in more detail.

This Q1 has possibly been one of our most active in a long time from a strategic perspective. I'm delighted that while we were executing on many fronts with new product introductions, M&A activities, and expanding our presence in Europe, all programs that set us up for even greater medium and long term opportunity, we've also executed very well in the current period, gaining market share and delivering strong financials.

First quarter results exceeded our expectations. Revenue of $78.4 million grew at 35% year-over-year as reported, and 31% in constant currency. This better than expected performance was the result of high customer retention, sales of additional services to our base of now 31,300 subscribers, and the addition of 900 net new customers to our platform. While we continue to have success with larger accounts, completing a 7 figure up-sell with an existing customer and a new Fortune 500 relationship, we won marquee engagements in each of our regions, collectively strengthening our reputation as the cyber resilience leader globally.

From a technology perspective, we continued to build out our unified suite of products on top of MIME OS, our multi-tenant microservices-based SaaS operating system that all of our offerings are delivered from. We announced the public B tier of our first Web security offering. Mimecast Web Security leverages the power of MIME OS, including the vast telemetry and intelligence that we gather through protecting our significant global email security customer base.

Our web security offering provides this new service to customers in a simple, cost effective format inside the same single pane of glass, consistent policy management, and reporting environment that they enjoy from all our other products. We're excited about this nascent opportunity and the extremely fast time to value that we can show our customers when they choose this service in addition to our email security offerings.

IDC estimates the market for Web security software was $2.9 billion in 2017, and we see an opportunity to evolve our product and gain a share of this spend, especially within the base of customers that have already chosen Mimecast as their cyber resilience partner for email.

We introduced new capabilities in Security Awareness Training too. Security awareness training and testing is fast becoming a must-have capability for organizations, as increasingly attackers have found success in exploiting uninformed, apathetic, or careless insiders. They're co-opting or compromising them to gain access to sensitive data, system credentials, and all too often hard cash. By helping organizations understand the unique risk profiles of their staff and focusing training and policy efforts in the most important areas, we can meaningfully improve customer security postures.

Now, according to Gartner, this market represented $370 million of spend in 2017, and it grew 50% year-over-year. So we're excited to have launched a very compelling offering here from the acquisition of a Ataata, which we announced last month. Our solution is effective in improving adherence to security best practices and keeping employees aware of constantly evolving methods being deployed by adversaries. In addition to training, we offer a risk scoring methodology aimed at identifying high risk individuals and measuring risk mitigation over time.

So we're selling Security Awareness Training to our new and existing customers today. Web Security is available to early adopters today, and will be generally available during calendar Q4. We're encouraged by the initial reaction to these announcements, and we look forward to updating you on our progress.

I'm also pleased to mention that TTPS continued to enjoy strong sales, and our 2 newer products introduced last year, Internal Email Protect and Sync & Recover, have both continued their strong adoption trends. We also released new functionality for our Google apps customers to enhance their experience of our platform.

Now I'd like to share with you some exciting technology Mimecast has brought to the platform. In July, we acquired an advanced malware detection technology through the purchase of Israeli-based Solebit. This unique and groundbreaking technology introduces powerful new techniques to identify advanced evasive malware in data files and linked content. This type of malware is a key battleground in the arms race between organizations and the adversaries that wish to compromise them.

Until now, the primary approach to identifying this malware has been through sandbox detonation and behavioral analysis. And a key challenge of this approach is that it's computationally intensive and slow, limiting the scale and scope of its use, especially in inline deployments. And what's more, it can be evaded by skilled attackers.

The technology we have acquired with Solebit has been proven through a yearlong OEM relationship that we've enjoyed with them to provide an extremely efficient and effective detection capability within MIME OS. It has been key to several of our strategic wins in email over the past quarters, and we've enjoyed a strong engineering collaboration with the Solebit team, envisioning many exciting new areas that we can work with them together on from an R&D perspective.

So we're now thrilled to have Solebit as part of Mimecast, and look forward to innovating even more closely as one company. As we scale out our email platform further and especially as we evolve our product offerings to additional protocols such as Web Security and other non-email content venues, the value of this high-speed malware detection technology becomes a significant advantage.

Let me quickly run through some of the engagement wins from this past quarter. Firstly, a U.S. based healthcare provider with over 50,000 employees selected Mimecast for advanced email protection. This included protection against advanced impersonation attacks, compromised internal accounts, URL and attachment-based threats, and sensitive data leakage. This organization had been heavily targeted by advanced malware and so rigorously evaluated Mimecast alongside other leading vendors.

Mimecast's solution was selected for having the highest level of efficacy. This organization runs a pretty lean IT team, and they found by partnering with Mimecast they could gain leverage from the in-house skills, working with our team and using a single integrated solution to seamlessly manage and solve multiple challenges.

Secondly, a U.S. based hospitality company with about 60,000 users purchased our S2 bundle and added our secure messaging services. This organization was using a competing cloud solution to protect their Office 365 deployment. Despite the layered protection alongside Microsoft, they were dissatisfied with the threats that continued to reach their employees' mailboxes, risking security and reputation of their organization. Once again, Mimecast was evaluated rigorously before being selected for superior security. Our ability to integrate threat intelligence from Mimecast into this organization's environment through our APIs was also important.

Then a UK based real estate company purchased our M2A bundle, which is our most comprehensive base bundle solution for email cyber resilience. This solution includes advanced security, data leak prevention, uptime assurance, and archiving. The customer also added Sync & Recover, our cloud data recovery service.

Prior to selecting Mimecast, threats were bypassing their incumbent security gateway, causing downtime and risk to the company. With Mimecast, they simplified IT by consolidating multiple cloud workloads from disparate on-premise vendors to the Mimecast cloud, and they achieved more robust protection. This was a 6 figure deal from a midsized organization employing only a few thousand staff.

Finally, a U.S. based technology company with around 70,000 employees purchased our S1 solution for protection from targeted and unique one-off malicious URL attacks and social engineering attacks focused on very specific people in the organization. There were attacks with and without malware that were finding their way to end users' mailboxes. So after a side by side proof of concept versus other leading security vendors, Mimecast was once again selected for superior effectiveness in blocking advanced threats. Now we're thrilled to expand our franchise here within the tech sector, where today we're already protecting some of the leading and most innovative technology and cybersecurity companies in the world.

Now I'd like to take a moment to welcome the new employees who've joined us from across the globe as we continue to attract people seeking an opportunity to do the best work of their careers. With the acquisitions of Ataata and Solebit, we bolster our in-house research and development capabilities and we speed our time to market in some key areas of opportunity. This builds on investments and organic R&D that we've continuously performed since our founding in 2003, building a consistent, contiguous solution on a unified platform that allows us to profoundly simplify IT and solve additional customer needs over time.

So in summary, it's been an exciting 3 months since we talked with you last. We've launched 2 new services, Web Security and Security Awareness Training. We acquired a unique leading edge technology that benefits customers through stronger protection today and powerful new offerings going forward. Finally, we delivered on our financial targets, exceeding the midpoint of our guided range for revenue.

With that as an introduction, I'd like to turn the call over to Peter Campbell to discuss our financial results in more detail.

Thank you, Peter. Before discussing our results for the quarter, I would like to remind everyone that we adopted the ASC 606 accounting standard effective April 1, 2018. We spoke last quarter regarding the acceleration of some revenue into earlier periods, but that we expected the overall effect on our revenue would be minimal. Because of the small impact on revenue and the straightforward nature of the impact on our expenses, we will be providing commentary under 606 only. We will provide additional clarification where the difference between the new and the old standard is material.

So now let me talk about our results. Our fiscal 2019 is off to a great start, with a record Q1 despite experiencing foreign exchange headwinds. We exceeded the high end of our guidance on revenue and achieved the high end of our guidance on adjusted EBITDA.

We generated revenue of $78.4 million, which represents growth of 35% as reported and 31% in constant currency over the first quarter of 2018. Note that this achievement was negatively impacted by $0.8 million in foreign exchange when compared to our guidance last quarter.

Adjusted EBITDA was $10 million in the first quarter, representing an adjusted EBITDA margin of 12.7% compared to $5.1 million, or 8.8%, in the same quarter in the prior year.

Net customer additions were 900, in line with the first quarter of the prior year but down from our fourth quarter due to normal first quarter seasonality. As Peter noted, our total customer count now stands at 31,300.

Our average order value, or AOV, was consistent with the prior quarter at $10,100, and up from the same period in the prior year at $8,800. The AOV in the current period was negatively impacted by foreign exchange headwinds from the rand and the pound in the amount 300.

The increase in our AOV was driven in large part by customers buying multiple services from us. Average services per customer across our base increased to 3, representing a $37.00 ARPU. With the advent of our new DNS gateway service and our security awareness service, we believe that we have significantly increased the total addressable market of services we can provide to new and existing customers.

Prior to the advent of these new services, customers that take all 8 of our services could pay us $95.00 per user per year on average. This represented a significant up-sell opportunity in our current base, even before we add the effect of these new products. While we are still evaluating that pricing for these products, we believe that this will increase the total for a fully loaded user by $20.00 to $25.00.

34% of our customers are now using Mimecast in conjunction with Office 365, up from 31% last quarter and 24% in the first quarter of 2018. Mimecast's Office 365 customer purchase a higher number of services per customer, 3.3 compared to 2.8 services for customers not on Office 365.

Our revenue retention remained strong at 110%, as our customers consistently renew their subscriptions and purchase additional services. Our revenue churn remains at 3%, an industry-leading retention rate we have experienced for the last 7 years.

Turning to gross margin for the first quarter, we recognized a 73% GAAP gross margin, consistent with the prior quarter and ahead of our 71% to 72% forecast. We expect gross margin will continue at or around current levels throughout fiscal 2019 as we scale our data center investments in Germany.

First quarter operating expenses were $59.5 million compared to $44 million for the same period in the prior year. R&D expense was 17% of revenue in Q1 compared to 14% for the same period in the prior year, related mainly to an increase in engineering and product related headcount as we invest and continue to innovate. We expect R&D expense to continue at this level for the balance of the year.

Sales and marketing expense was 44% of revenue compared to 47% of revenue for the same period in the prior year, but increased in absolute dollar terms. Our sales and marketing expenses in Q1 were reduced by $2.3 million in commission expense under 606, as commissions are now deferred and amortized over the expected life of the customer. Over time, this difference will reduce as each year we will see an additional year's amortization included in the expense amount.

G&A expense at 16% included certain one-time fees related to the acquisitions of Ataata and Solebit. Excluding these costs, we would see a slightly improvement over the same quarter in the prior year. We expect G&A to be a source of leverage over time.

Adjusted EBITDA in the period was $10 million or 13% of revenue, up from $7.2 million or 10% in the prior quarter, and $5.1 million or 9% in the same quarter in the prior year. Adjusted EBITDA was positively impacted by the aforementioned change to sales and marketing expense as a result of the application of ASC 606.

First quarter GAAP net loss was $3.5 million, or $0.06 per basic and diluted share based on 59.2 million weighted average shares outstanding. Our non-GAAP net income for the quarter, which reflects our GAAP net income exclusive of the effects of stock option expense, was $2.2 million or $0.04 per basic and diluted share.

We generated $9.1 million in free cash flow in the quarter compared to $1.9 million in the previous quarter. In the first quarter, our operating cash flows were $16.6 million, which is an increase of 43% over the same period in the prior year. We believe that the increase in free cash flow and operating cash flow are indicative of the ability of our model to generate significant cash returns as we scale. However, we expect that free cash flow will fluctuate from quarter-to-quarter as we grow.

Turning to the balance sheet, as of June 30, Mimecast had $149.5 million in cash and short-term investments. Our long and short term deferred revenue balances decreased by $8.5 million during the period, resulting from reductions due to foreign exchange and the elimination of certain balances related to the adoption of ASC 606 of $11 million in the aggregate. As we adopted ASC 606 using the modified retrospective approach, these changes were applied on April 1, 2018.

We bill our customers monthly, quarterly, and annually depending on the location of the customer globally as well as their preference. We operate in many different currencies. Both of these items can affect the timing and amount of deferred revenues, particularly in times of sharp fluctuations in foreign exchange. As a result, deferred revenue does not always provide a good forward measure of our progress.

In connection with the acquisitions of Solebit and Ataata, which we announced after the close of the quarter, we closed a $100 million term loan and a $50 million revolving credit facility on July 23. This will not impact our financial results until the second quarter. We expect that interest expense related to this facility will be approximately $3 million in fiscal 2019.

Now let me turn to guidance. For the second quarter of 2019, we expect constant currency revenue growth to be in the range of 28% to 29%, and revenue to be in the range of $80.4 million to $81.2 million. Our guidance is based on exchange rates as of July 31, 2018, and includes an estimated negative impact of $0.2 million resulting from the strengthening of the U.S. dollar compared to the prior year.

Adjusted EBITDA for the second quarter is expected to be in the range of $9.6 million to $10.6 million. Full year 2019 revenue is expected to be in the range of $329 million to $335.9 million or 26% to 29% growth in constant currency. Foreign exchange rate fluctuations are negatively impacting this guidance by an estimated $1.2 million compared to the rates in effect in the prior year.

Due to the fact that there were some profound rate moves during the quarter relative to the pound and the rand, I'm going to provide you some additional information with respect to our guidance. Our initial revenue guidance for fiscal 2019 provided in May was $332.5 million at the midpoint. Since then, foreign exchange has negatively impacted this guidance by an estimated $7.5 million.

However, our overachievement in Q1 of $2.5 million, coupled with the strength we have seen in our business, is leading us to raise our full year guidance by $5 million, exactly offsetting the effects of foreign exchange. Said another way, we are reaffirming our full year guidance despite a $7.5 million headwind from foreign exchange.

I would also note that while we are excited by the potential of our recently announced services, including our platform extension to Web security and security awareness training, we do not expect a material revenue impact in fiscal 2019 related to these new services.

Full year 2019 adjusted EBITDA is expected to be in the range of $47.7 million to $49.7 million. We have revised our adjusted EBITDA guidance down by $1.3 million mainly related to the negative impact of foreign exchange in the amount of approximately $1.9 million.

We are also planning to increase the amount of investment in research and development related to the Ataata and Solebit acquisitions. This has been offset by the additional leverage we expect to generate in the model this fiscal year.

In summary, I am happy to once again deliver results that exceed our expectations. I am also very pleased with the way our global teams perform together to launch new products, acquire new technologies, and remain focused on legendary customer service.

So with that, I would like to thank you for your time and open the line to your questions. Operator?

[Operator Instructions.] Our first question comes from Gabriela Borges of Goldman Sachs.

Maybe for Peter Bauer, I know you're get asked about this every quarter, but the incremental color is always helpful to us. Could you talk about win rates in the mid-market and larger end of the enterprise customers that you're getting today, 5,000 seats and thereabouts, and maybe just give us an update on the pricing environment too?

Yes. So once again, we've had a great run in our huge mid-market opportunity, and as I pointed out in the prepared remarks, some really nice wins up market as well that we're very pleased with.

So this mid-market opportunity we really see as being in that sort of 50 to 5,000 seat space. That's where we're doing about 75% our revenues today. There are many organizations in each of the global markets that we operate in that we are very successful at selling to. And our product and our go-to-market motion is optimized for capturing that opportunity, so we remain very focused on that.

At the same time, we do continue to be pulled up market into some of the larger opportunities, and I think for some of the reasons that I spoke about with some of those larger wins a few moments ago. It's down to the quality of our product, the superior security efficacy that we're able to demonstrate and deliver to these customers, and also because of the comprehensive nature of our suite and how it can really help even larger organizations to simplify their IT environment, and particularly larger organizations which have what we think about as a lean IT staff, so not a particularly large team of IT and security folks in many cases.

From a pricing environment point of view, we've seen that being pretty consistent over previous quarters. We've continued to see customers buying more products from us and buying into the suite, and that's giving us some nice flexibility because of the differentiated nature of our bundles and the differentiated nature of the sort of multi solution capability that we offer. That makes it really nice for our sales organizations to be able to control the pricing conversation with customers.

And a follow up, if I may, on one of the strategic announcements, specifically the initial foray into Web services. Could you just talk a little bit about the decision to start adding on that type of functionality specifically as it pertains to the multi-tenant architecture that you have? Why is that the right fit in addition to the email services that you already provide? And to the extent you can share a little more about the roadmap along the time on Web, that would be really helpful.

Yes, great. Absolutely. So obviously email is a huge security threat vector. And we've specialized on that and we've gained a lot of knowledge and experience. We have a huge amount of telemetry and a big network of customers and exposure to the threat landscape through our email business. We've also built all of these solutions, as you mentioned, in a multi-tenanted microservices architecture. And there are some generic capabilities, security capabilities, that we've built out in MIME OS for our email products and our targeted threat protection products in particular that are highly applicable to the Web security threat vector.

And so we took a look at this market opportunity and felt that it has some similarities to the email market in that there are many legacy competitors in the space. Just like we've seen historically in the email market, there's many appliance-based deployments out there. There are many first generation cloud offerings in the market.

And we felt that we have a unique advantage in leveraging MIME OS to extend our suite to deliver something that's both simpler and cheaper but also a more powerful solution to our customers, and that we would have somewhat of an unfair advantage, in particular taking that solution to the 30,000 plus customers that we have in our base as an extension to the email solutions that they've chosen with us.

So we started the journey. We've announced that. This is a V1 of our product, and the roadmap and the investment will continue. And we think that some of the developments that we've put in place around Web security will also play back and be complementary into our core email products as well. So we think that they're highly synergistic from an R&D perspective and obviously bring great value to customers, being able to buy both of those solutions within the same suite.

Our next question comes from Saket Kalia of Barclays.

Maybe first for you, Peter Bauer, just picking up on the Web security announcement, can you just talk a little bit more about your go-to-market strategy for kind of building the business, and also just as importantly, frankly, how the competitive landscape looks specifically in the mid-market customer base? I think we all know sort of how it looks in Web security more broadly, but is that landscape any different in your customer base, and is that something that you could take advantage of?

Yes, absolutely. That's a great question, Saket. So in the mid-market, there -- a large number of customers, and certainly when we look within our customer base, customers that are relying on on-premise based Web security solutions. Now, those may be unified threat management capabilities that they are using through their firewall vendor, or those may be endpoint-based Web filtering and Web security offerings, or they may be full-blown Web proxies that sit on the edge of their network.

The challenge with all of those is that they are part of a legacy generation of technology. So the efficacy and the responsiveness that they can offer is less but also the coverage that they provide, as increasingly users and applications and devices are moving off the network and organizations are going through changes such as M&A and other forms of expansion.

And so the appetite for a more flexible cloud-based solution, much like what we deliver to our email customers, we found to be pretty good. So we're going into this market I think with a good proposition, a good V1 proposition. We're going to learn and we're going to grow within the space. But we think it's a long game, and we think that the market can be served better by a more integrated solution.

From a go-to-market point of view, we expect to sell the SKU very much like all of our others, as a subscription-based offering. We think that it's somewhere between $10.00 and $20.00 on a per user per year basis. We think the market's pretty big. There's a few hundred million users out there like with our email solution that we can sell to. IDC recently updated their numbers on the market sizing. I think you had a note out about that as well, $2.9 billion spent in this area. So we think that it's a nice market that can probably support several strong players in the space.

Our existing salespeople, along with all of the other products, our sales teams are all trained to be able to sell the whole suite. They're all multiproduct trained, and that's particularly effective in the mid-market. And our initial focus naturally will be on our existing customer base where we have something of an unfair advantage.

And just to add to that, I mean, I think for this product, as Pete said, it's the V1. It's still early days. I think we're going to learn a lot this year and we're going to continue to develop it, so we don't expect to see significant revenue achievement on that product in this fiscal certainly. I think we'll spend this year kind of developing and learning and evaluating the way in which we can best attack this opportunity.

Maybe for my follow up for you, Peter Campbell, with the acquisitions in the quarter, Ataata and Solebit, can you just touch a little bit on any potential revenue and profitability impact that those might be having? It doesn't seem like it is based on the guidance, but I was just wondering if you could talk about sort of annual run rates, whether the model is digesting any sort of purchase accounting impact, and sort of anything related to those deals vis-a-vis the guidance.

Sure, sure. So, I mean, first off, I'd say we're really excited about the possibility and the potential of these new technologies that we've purchased, both Ataata and Solebit. Both of these acquisitions are technology acquisitions. We acquired a small number of customers. Ataata has less than 100 customers. Solebit has less than 10 customers. So we acquired a small number of customers, not a material amount of revenue particularly once we take into account the deferred revenue haircut we're going to have to take on the purchase accounting.

I think the benefit here is the increased competitiveness in our core and emerging products that we're going to see. And particularly with a subscription model, we're expecting to see the effects of that in fiscal '20, which begins in March. But we don't expect to see a material amount of revenue this fiscal year related to those acquisitions, but we do expect to see that kind of start to build a hill of steam and start to affect our next fiscal year.

With respect to the bottom line, I did mention in my prepared remarks that there is some additional engineering investment for Solebit and Ataata, particularly the engineering team that we picked up from Solebit. I didn't -- I don't expect that to have an effect on -- I do expect it to have an effect on the bottom line. But as I mentioned in my comments, that the gains that we saw and the leverage that we saw in the model in the first quarter, and we expect to see in the rest of the year, is offsetting the additional expenditure that would have hit the bottom line in fiscal '19. So we'd expect that to be fairly flat.

Our next question comes from John DiFucci of Jefferies.

It's Joe on for John. You've organically and through M&A done a great job broadening the product portfolio in the context of the breadth Mimecast's existing offerings. How should we think about it going forward? Are you happy with the current portfolio and monetizing it, or is there any other solutions or low hanging fruit of areas of capabilities that you'd like to add?

Yes, Joe, I think we're also -- we're really thrilled with the progress that we've made introducing new offerings. I think at the time of the IPO and shortly after, we spoke about introducing an additional billable module sort of roughly every 18 months or so.

If we look back at last fiscal, we had 2 new billable modules with IEP, or Internal Email Protect, and Sync & Recover. And both are continuing to gain traction and grow as products. And then this fiscal, we've already announced 2 new billable products with the Ataata product as well as our Web security product. So we're really pleased with how we're executing and innovating and bringing new propositions and offerings to market on the platform.

Naturally, the journey will continue. There will be additional capabilities that we deliver in the following fiscal, no doubt, and there's things that we're working on. We think the MIME OS platform gives us real leverage into new areas that we can develop organically. And then naturally, we'll be looking from an M&A point of view at opportunities that might catalyze ability to expand.

Having said that, we continue to invest the bulk of our R&D resources in the core cyber resilience for email proposition. And we think there is still a very large opportunity in advanced email security and in the email and unstructured data archiving space, and some of the other smaller adjacencies that we've already entered into around that space. So you will also see in our product announcements a number of improvements and upgrades that we've introduced to our existing customer base in each of those areas, new capabilities that we introduced in targeted threat protection around impersonation and various other things like that.

So, yes, Pete mentioned in his prepared remarks that we've continued to increase our investments in R&D. We're very excited about this platform, and we're excited as more and more customers are looking to the cloud to solve more of the problems that we can help them with.

I think you mentioned to deferred revenue there was an $11 million headwind from ASC 606. Can you quantify the FX impact as well?

Sure. Well, that's the total headwind. So we had an impact on deferred revenue of $11 million, of which $6 million has to do with the ASC 606 effect, and $5 million has to do with foreign exchange.

Our next question comes from Matt Hedberg of RBC Capital Markets.

I wanted to ask about your newer German data center that came online and see how that's progressing. And then maybe more broadly speaking, how do you think about additional investments in the Continent to support additional geographic expansion there?

Yes, Matt, thanks. So as you know, we opened our German data centers. I think it was in June?

June.

Yes, I was over there. I had a look. They look really good, blinking lights, wires, servers and cool air. So it felt like a real living, breathing Mimecast data center. The team is bedded down and doing really well, and we've been finding some good initial business.

We've brought on a nice midsize accounting firm. We signed a law firm and we've brought in a great education customer, retail customer, provincial government, also a number of midsize manufacturing firms, which I think is sort of playing out as the sort of early steps of exactly how we perceived that market to be available to us.

So a great mid-market opportunity across multiple sectors, a strong manufacturing base that's certainly open to our proposition, a slightly different landscape from an Office 365 perspective, lower penetration in that market initially. And we're excited about that because we think that's a growth opportunity for us as that picks up more momentum in the coming years. So yes, we're really pleased we've put on our investment in that market, and we look forward to more.

So Matt, just so you know, I mean, we've been selling into the Continent for many years. Our office in Germany followed an office that we had in the Netherlands. And before that, we were selling out of the UK.

So we are -- now that German is a full service office with CX people, with service delivery people, with full sales teams and a grid, it is a much more kind of permanent establishment, if you will, in terms of building out a base to kind of service not only German but European customers.

And we're very kind of excited that that is now fully up and running. The data center is fully going. And Pete mentioned some of those initial wins, and it's very encouraging because we think there's a big market to take advantage of there and now we're set to do that a bit more aggressively.

And then as a follow up question, we've been spending a lot of time talking about your success in slightly larger customers, but I was sort of curious on the opposite side of that. I think we're about a year and a half away from your peak customer adds. I think a lot of that was due to smaller McAfee customers. Can you talk about the trends you've seen in that base of customers as they renew? Has there been much up-sell beyond sort of the initial conversion, and maybe how have renewal rates trended there? I assume they're probably lower given some of them were smaller, but just any additional color now that you've had some time to see some of those customers renew.

Sure, sure. So certainly very what we call micro customers have a tendency to go through bankruptcies more quickly. So just to kind of refresh everybody on our renewal rates, they were 110%. Our churn rate is about 3%, and it has been like that for 7 years. Within that churn rate, about half of that is M&A and bankruptcy.

So we do see kind of bankruptcies. We're more likely to see that in what we call the micro customers. But we did add a large number of customers through the McAfee tailwind, and many of those customers have renewed and continue to renew and benefit from our service.

I would say you are right, that when you look at really small customers they're less likely to take advantage of the full depth of the services that we can provide. The intricate connectedness of the contiguous services that we can deliver on the grid and the multiple benefits that you'll get from the aren't always applicable or useful to a 5 to 10 seat shop. But that said, those customers to represent a small amount of our revenue.

Our up-selling, like selling -- retaining our customers and selling them additional products is a core competency of the business. And we do continue to do that across the base. So there are a number of small customers that do that. We do continue to sell additional products to small customers. But as you said, the very micro ones would be less likely to take multiples of products.

Our next question comes from Catharine Trebnick of Dougherty.

Two housekeeping items before the hard one. One is the $11 million deferred revenue, that was year-over-year. So on a quarter-to-quarter basis, what would be the FX impact?

So that was, first of all, $6 million sliced off the balance sheet because of 606, ghosted and wiped into the past. So that's the first bit.

The second bit, the $5 million, was the effect from our March 31 rate until the end of June, the amount of deferred revenue that was erased as the rates changed, particularly the pound and the rand.

Okay. Thanks for clarifying that. I heard it wrong. And then the second question is you said you had 8 services that tally roughly $95.00 per user per year. Is that including the 2 new ones you just released this quarter or not?

No, it isn't. So first of all, when we talk about that, that's the net amount that we would get. And it's an average amount that would be revenue generated by us per user per year. And that related to the initial 8 products. With these 2 new products, you would add another $20.00 to $25.00 on top of that.

Our next question comes from Jung Pak of BMO Capital Markets.

It's Jung Pak for Keith Bachman. Your Office 365 customers continue to ramp nicely at 35%. Can you give us your thoughts on the adoption rate of Office 365 for Microsoft's installed base relative to yours?

Yes, absolutely. So we think that our base is actually quite a good proxy for Microsoft's own progress give or take a few percentage points in one direction or another. Our customer base represents a pretty typical Microsoft productivity tools user organization. So yes, we would guess that the fact that we have 35% of our customers using 365 and the balance largely using on-premise Exchange probably does reflect the market.

Can you talk about the security capabilities of Microsoft's E5 bundle relative to Mimecast's email security capabilities and pricing as well?

Yes, great. So E5 is the premium SKU that Microsoft offers. It includes a number of additional features, telephone systems and Power BI and a few other capabilities. Included in that are some more advanced email security capabilities than you would get in E3. The SKU is meaningfully more of an investment for customers. I think it moves from being about a $240.00 SKU up to being over $400.00 for the E5 SKU. E3 is by far the most popular, but Microsoft is pretty eager to get more customers buying E5.

I think from our point of view we are successful in selling our services to both E3 and E5 customers alike. Our message to customers is use whatever security capabilities you get from Microsoft. Don't turn anything off. Use and leverage any security technology that you offer -- that you've licensed from them.

I think the reality is though that Microsoft has a bit of an intractable problem because email is such a focused on vector and such a diverse vector of attack for organizations that there are many, many attackers who are sitting all day every day with Office 365 accounts figuring out exactly how to get anything from spam, malware, phishing, impersonation attempts through Microsoft's defenses and finding out how to game that system. And so relying on Microsoft solely as your protection in such an important area as email security is often not a great idea and certainly viewed by security professionals as not being a best practice arrangement.

So we've been very welcome in those deployments to add focused, best of breed layered security on top of Office 365, help customers have a great experience with 365, help them be more confident, more secure, and more resilient, both with our additional security technologies as well as our continuity offering and our data recovery capabilities that we layer on top of Office 365 as well, so a really complementary suite of products for 365.

Just to reinforce that, I mean, we've seen that our customers and the market as a whole is applying a layered approach to security. You don't want one company to take care of something that's as critical as your data.

And so we've also noticed that we've seen customers that use us in conjunction with Office 365 buy multiple products from us, even more than customer who use us without 365. We've seen increased amounts of security, of continuity, of archiving and TTP from Office 365 customers, which has been consistent as we've monitored this quarter over quarter over quarter.

Our next question comes from Tim Klasell of Northland Securities.

First question has to do with the 2 recent acquisitions, obviously technology and we'll call them acqui-hires, if you will. Is that what we should expect going forward should other opportunities arise, or what's your appetite for acquisitions that maybe have more installed base and revenue streams maybe a little bit larger?

So, Tim, Peter Bauer here. The way we've thought about M&A historically has been how do we build products and capabilities within the design ideology that we've followed with MIME OS? So the key to this is looking at such large market opportunity denominated in hundreds of thousands of organizations, and today we have 30,000 customers, building an integrated suite so that each customers gets a very simple experience despite that fact that there's a broad range of solutions within it, but also that us, from an operational point of view, are working with a contiguous multi-tenanted platform with the same code base and the same leverage of microservices that underpin all of our products.

It means that we have had to firstly do an enormous organic development, but then secondly that we are extremely selective about how we approach M&A as well. And so that's what you're seeing play out in our M&A strategy today. So I would anticipate that our orientation would be more towards technologies and skills that are consistent with that approach, and that we are probably less likely to a company that sort of goes out and buys wholesale businesses with go-to-market functions and teams and revenues and things like that. That may be something for later down the line in our evolution as a company, but right now we're really following this methodology and looking at M&A as a catalyst for progress along that track as opposed to something that's more financially driven.

As you go into Germany, obviously a lot of midsize corporations there, but the Office 365 drivers and, I don't know, maybe GDPR and other things, what's different inside of Germany than maybe what we're used to seeing in the UK and the United States? Will the profile be different of that sort of a customer?

Yes. I think the nature of German companies, other than the large multinationals and the big public companies, I think there's a huge number of private companies, often multi generationally family owned organizations. There's a huge manufacturing and engineering sector there. And so the attitudes and the orientation towards technology investment is a little bit different from what one might see in the UK or the U.S., for example.

And so I think what we're seeing is an increased awareness around cloud, an increased awareness around the security imperatives, and a desire not to be caught short in regulatory areas, particularly things like GDPR. And so we think that, as those things come together, it provides a really nice opportunity to bring Mimecast's cloud solution into that market at a time when we would think that cloud technologies are really underpenetrated and cloud security technologies are underpenetrated.

And we have a lot of experience with that, because as a cloud company starting in 2003, we spent a lot of our time selling a cloud solution to a base that wasn't readily moving mailboxes to the cloud but was looking to simplify and was looking to offload complex infrastructure and skills in terms of workloads, like the ones that we take care of, to a cloud partner.

So we think that we can pick up nicely on that market opportunity. We've obviously hired people with good local knowledge and experience in that market, and we're building out our partner base to be able to engage with that market very specifically. And the investment in local data centers I think is another very important step in addressing that opportunity.

Our next question comes from Alex Henderson of Needham.

Just a simple one to start off with, if you could. Could you give us an update on what you think your tax lines are going to look like over the next couple of quarters?

Sure. So we had a provision of about $858,000 this quarter. I think it's going to be -- from a GAAP point of view, you're going to see that be fairly consistent. That relates to the taxes related to our South African operation. From a non-GAAP basis, we're pretty much in line with the provision on a GAAP basis this quarter, but that's going to change as we get through the year because our U.S. operations' profitability ramps up throughout the rest of the year. So from a non-GAAP basis, you're going to see another couple of million in the back half of the year related over and above the GAAP provision for the non-GAAP provision.

So you're saying to take the first quarter non-GAAP number and add a million to it by the end of the year?

Well, what I'm saying is that first quarter number of about $860,000 is going to repeat itself to about $3.5 million, a little bit more on a GAAP basis. But I would add another couple of million on top of that, $2 million to $2.5 million. Most of that's going to be in the back end of the year for a non-GAAP basis.

Going back to the Office 365 for a second, when you look underneath the surface of the customers that you're adopting -- that you're picking up with respect to that 35% number, can you talk a little bit about the splay of them relative to smaller and larger businesses and how those percentages are changing? Are you seeing any move downstream into the middle market there, or are those mostly larger companies?

Yes, I think we're seeing it very consistent across our base. So it's a pretty even spread. We don't see it deviating at all, really, from our average base.

Yes, it's pretty consistent, small, medium, and large.

And then if I could just ask one question more since that was so quick, can you explain to me what it was that's different in the advanced evasive malware protection that you're getting here to get around using sandboxes and UBEA so I can understand what the mechanics are that you're delivering?

Yes. Yes, great technical question. So what the Solebit team recognized was that malware is essentially machine executable code or fragments of machine executable code that can be pulled together, but essentially gets transported into an organization in a data file. So that may be inside the construct of a JPEG file. It could be hidden inside a Word document or a PDF. And there's either a complete attack inside that file or a component of an attack that is being executed.

And so they basically said rather than trying to detonate these files, as one would in a sandbox environment, and then look to see what happens and look to see how that interacts with the operating system and what tricks it tries to pull, they said let's just look for code that shouldn't be there and let's almost take a zero tolerance approach and say there shouldn't really be any of this kind of code inside of these files.

Now the reality is that sounds like a simple methodology, but it's sort of easier said than done because there are a lot of very advanced ways of hiding and obscuring code inside data files. And so as they developed their technology, they really also had to specialize in detecting these evasive techniques and these evasion strategies to be able to really tear very, very deeply into files and look for obfuscation and different techniques of hiding code.

And so we spent a lot of time with the team and with their technology over the past year and a bit, and really had an opportunity to run their technology and also collaborate with them on the evolution of it side by side with the greatest and the best of detection technologies that we have in our stack today, some of which are homegrown, some of which are community technologies, open source technologies, and several of which are commercial technologies that we licensed in to create a defensive death strategy.

So we really gained a very deep understanding of the unique effectiveness of this technology, how it performs relative to things like sandboxing, how performs relative to various other techniques, both from an efficacy point of view but also from a speed and efficiency point of view. And so we found it to be so compelling we decided we would like to own the technology and have the team as part of Mimecast to continue the innovation journey around this approach.

That's very helpful. It's quite clear how you could extend that into a variety of things.

Our next question comes from Sterling Auty of J.P. Morgan.

This is actually Ugam Kamat on for Sterling. So regarding your decision for going into Web security, I just wanted to ask, like you said about that the investment you are making in your core email security space. But are you kind of seeing diminishing returns on those particular investments and you want to extend into adjacent market of security, or is it more of like realizing the breadth and scope of technology so that you can go or penetrate into those adjacent areas?

Yes, I think quite the opposite perhaps to what you're suggesting there first. As our base grows and as the scale of our platform increases, both from a user perspective as well as from a number of monetizable use cases or products, if you want to put it in another way, the stronger our leverage becomes over these underlying capabilities. So as we're adding more and more users, more and more customers, and also as we're adding new regions and routes to markets, our leverage on this platform is increasing really nicely over time.

Obviously adding a new billable SKU on top of the platform is complementary to that strategy as well. It also creates additional onramps for new customers to come and join the platform, and provides even more stickiness. So there are many sort of dimensions to the leverage that we enjoy off the platform, and that also sort of really motivates us to stick to the methodology and the sort of design ideology behind this technology and this platform.

And as a follow up, if I remember correctly, earlier you had -- your entire R&D organization was mostly in UK. But just to understand the cost structure of the investment you are making in technology and the FX impact that might ensue from that, how is the R&D organization now characterized in terms of the geographical locations? Are you having more number of engineers that are being hired in United States versus anywhere you are doing in terms of like offshore -- like an offshore pattern?

Sure, sure. So that is correct. That core base of our engineering team is in the UK and continues to be in the UK. Obviously with the Solebit acquisition, we mentioned there are about 35 people, of which 33 of them are engineers. So we now have a very sophisticated and skilled R&D security shop in Israel. So you see a little bit of a change in terms of the makeup there, and we'll certainly give more color about that as we go.

I think that's the most significant change. We've always had a core of engineers in the U.S. and we'll continue to build out on that as well. But I think for purposes of your modeling and when you're looking at the numbers and you're looking at the size of the engineering team, the lion's share of that still is in UK in London.

And that concludes our question and answer session for today. I'd like to turn the conference back over to Peter Bauer for any closing remarks.

Great. Thank you. Thanks everyone for joining the call. We've enjoyed sharing our results with you, and we very much look to giving you another update in a few months time.

Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program. You may all disconnect. Everyone have a great day.