Hello, everyone, and thank you for joining us for our Growth Stock Conference and today's session with Akamai. My name is Jonathan Ho and I'm the cybersecurity analyst for William Blair. Our speaker today is the CFO of the company, Ed McGowan. Before we begin, I am required to inform you that a complete list of research disclosures or conflicts of interest is available at our website at www.williamblair.com. I also want to remind everyone that we won't have a breakout session today, so we will leave a little bit of additional time for Q&A at the end of this session. 9094 is not being cooperative with us in terms of the highway, so just to kick things off, I did want to have, you know, Ed just go through a high-level discussion of Akamai, and then following that, we'll go into fireside chat.
All right. Thanks, Jonathan, for having me today. Nice to see everyone. Just a quick high-level on Akamai. The company's been around for about 24 years. Went public back in 1999. We originally started the company with the idea of solving a pretty major problem on the internet, which was the performance problem. The internet wasn't designed for performance. The basic routing protocol of the internet doesn't take performance into consideration. We designed a platform that is an overlay on top of the internet, which essentially is deploying machines and ISPs really close to where end users are to avoid the congestion points of the internet and deliver a good experience for end users. We refer to that technology as our CDN, our Content Delivery Network. You probably interact with Akamai many times a day and you don't know you're doing it.
We power some of the largest websites in the world today. We carry probably roughly a third of the internet traffic. As you're shopping, watching video, playing games, you're interacting with Akamai many times a day, and you don't even know it. We're sort of behind the scenes making things work. If we weren't here, the internet wouldn't work very well. Now, when we built the company, we always knew that the CDN platform was just that, a platform that we would develop additional services on that would provide additional margin opportunity for the company and value-added services for our customers. Today, the company is just under $4 billion in sales, very profitable. We've got the high 20s operating margins. We've got a recurring revenue model for our business model, relatively low CapEx, and we produce a lot of free cash flow.
Very profitable company, recurring revenue business. One of the first things we did with our platform after getting in the CDN business and the delivery business was we created a security business. If you think about the CDN platform and the fact that we deliver so much content on behalf of our customers, we see pretty much every internet user multiple times a day. We also do over 2 trillion DNS queries every day, so we basically see what's happening on the internet. We take all that data and we leverage that to offer our customers a variety of security products, including denial of service protection, web application firewall, bot management. If you think about traffic on the internet today, the majority of traffic on the internet isn't human; it's machine.
Giving our customers the ability to understand what machines are coming to their websites and their web applications and helping them to manage that. Some of it is nefarious, bad things; some of it's good things. We help our customers there. Our firewall business, we are the market leader by far in the web firewall business. Security as a business for us is today the largest source of revenue at over $1.6 billion run rate. Been growing very rapidly, double-digit growth for the security business, extremely profitable, very high margins. It's interesting that the platform that we developed, you could be serving content, say a video, to a house and at the same time blocking an attack from the house next door that has an infected, infected device. That's being run off the same infrastructure.
There are enormous economies of scale with our security business, very high margin, very, you know, interesting business for us to get into leveraging our platform. Most recently, we have embarked into the infrastructure as a service business. We acquired a company called Linode about a year ago, a little over a year ago, that got us into the infrastructure as a service business. That was partly informed by our own use of the third-party cloud hyperscalers. We were spending way too much money. We are now gonna migrate all of that to our own platform. Also, our customers were coming to us saying that they wanted to run code on our platform for low-latency use cases, use cases where the hyperscalers did not offer enough distribution in terms of the locations that they are at. They are also looking for alternatives for the high cost of cloud computing.
Now, similar to the security business, there's a tremendous amount of synergies that we can bring to bear in the market with our infrastructure as a service business, whether it's the people that build out the CDN or the same people that can build out the infrastructure as a service. We run one of the largest backbones, so we deliver 100s of Tb per second of traffic. We can offer egress fees for if you're using a cloud and you're accessing data a lot. It's very expensive to use the hyperscalers. We'll be able to do that for nearly, nearly for free. A lot of synergies with the infrastructure as a service business, a massive market growing very, very rapidly. We'll do just under $0.5 billion in revenue this year in our cloud business.
We think this could be potentially in a few years our largest source of revenue. What we did with security, we think we can do with our cloud business as well.
Yeah. Maybe just starting out with, the infrastructure as a service business, I think I was asking you a little bit earlier, you know, a lot of the investments that you're making from a CapEx standpoint are actually going to offset some of the spending that you have with these large hyperscalers. Can you talk a little bit about the dynamics of that and, you know, is this de-risking sort of the investments that you're making upfront?
Yeah. As I said, one of the reasons we got into this business is we had, our spend with third-party clouds was starting to become unmanageable. It was growing faster than our revenue, dramatically faster than our revenue. It was putting pressure on our gross margins and our operating margins of the company. We said, "We have to do something. We have to find an alternative." You can imagine when you're in the security business, a lot of what you do is process an enormous amount of data, right? You're applying analytics, maybe some AI, some machine, some data science on massive amounts of data. You're using a ton of CPU. It doesn't make sense to do all of that out on our edge servers, so we bring that to a more central location. Our spend was getting out of control.
We're spending today well over $100 million with third-party clouds. By the end of next year, we should be able to migrate the majority of that off of third-party clouds and save well over $100 million. The economics for us, I said on one of our earlier conference calls that we'd spend roughly $100 million in CapEx. That will get me more than enough capacity to migrate all of that over. The economics are enormous in our favor. That's one of the things that we're doing. If I think about the value to shareholders, one of it is to be able to save on third-party cloud and to be able to scale that capability at much better economics, but also now offer this to our customers as well.
Yeah. It makes a ton of sense. And, you know, as you go through the process of learning how to shift the cloud for your own resources, you know, doing that for your customers seems to become quite a bit easier, so.
It does. Yeah. So there's a ton of learnings. And, you know, one of the things that we're doing is we're taking a fresh look at not only the architecture of how we will move from using, say, an AWS or a GCP to our own system, but also how we're using the cloud. Are we using it efficiently? You know, what are we doing from a sampling size? How much data are we storing? How long are we storing it for? And be able to test how we, you know, our products were working, in a prior mode with doing something different. And we're finding a lot of efficiencies, not only with just the cost savings, but also just in how we use it and how efficiently we use the cloud.
I think this is something that we can share with our customers, and you'll find that not only can they save money, there's probably a more efficient way they could be using the cloud as well.
Yeah. Are there specific use cases that you've identified where you have these significant advantages over the traditional hyperscalers? You know, can you maybe, you know, help us understand how that incrementally grows your business over time as well?
Sure. Yeah. So, you know, if you think about just our own customer base, we've always focused on the top of the pyramid in terms of the largest web properties. We do about $1.5 billion- $1.6 billion in our CDN business. If you're spending, say, $30 million with Akamai on CDN, you're probably spending 10x-15x times that with your cloud. The opportunity within our customer base is massive in terms of how much they spend relative to what they spend with us today. Now, in terms of use cases, one of the early use cases that we're finding and what sort of pushed us into this business, I talked about customers coming to us asking us to run their code on our network. It was not designed for people to just put their code on our network.
The acquisition we did now enables us to do that. We did some custom builds for a few customers that said, "The third-party clouds today do not offer enough locations. I have a pretty latency-sensitive use case," meaning I need to be closer to where the end users are to be able to deliver the type of performance that I need. You do not have the performance in the third-party clouds. There are a couple of interesting case studies on our web page that talk about some big customers that have used us for this. Low latency is certainly one use case. Another use case would be data sovereignty. That is becoming a bigger issue for a lot of companies. If you do not have a cloud offering in a particular country and we do, we are the better option.
and that we hear from that from a lot of customers that say either they're expanding into new territory or they, you know, are concerned about data sovereignty. One of the hyperscalers doesn't have a physical presence in country A; you do. That's an opportunity for us.
Yeah. Can you also maybe compare and contrast the CapEx investments that need to be made, you know, versus maybe your traditional CDNs? Like, how does this differ or what are the similarities?
Yeah. The main CapEx associated with the way we're doing building on our cloud infrastructure is really servers, servers and network infrastructure, routers, switches, etc. We're not buying data centers or building data centers at this point. We're going and getting third-party co-location facilities, 2-5 MW in size. Some of the distributed sites will be probably about a half a Megawatt to a Megawatt. We're just putting in racks of servers, essentially, into those locations. It scales up very nicely. We've been able to work with our supply chain to be able to get the build time down to 60-90 days so that if I get a big order from a customer and I need to expand, I can do that pretty quickly. We've been able to take our CapEx down to be much closer with revenue.
The initial builds, obviously, we're building out about 15 what we call core sites, which are the 2-5 MW sites, and 40-50 distributed sites, which are the smaller sites. As I build those out, I have a bit of a disjoint between my CapEx and revenue, but we should be able to fill that up very quickly. In terms of capital intensity, think of the CDN business as being roughly, call it 4-5% of total revenue. This will be a bit higher. What we've told our investors to think about is, you know, effectively a dollar of CapEx is about a dollar of recurring revenue for us. I'm spending about $100 million in cloud. I get about $100 million of capacity in terms of what I can sell on an annual basis.
Yeah. Just to support your level of confidence in making those CapEx investments, you know, can you help us understand the visibility that you have, you know, either from commitments from customers to justify the higher spending? Like, like, what makes you comfortable that you're going to get that return?
Yeah. So it's pretty well informed. One, we were customer one, so the initial spend and build-out was for our own use, and the return is massive, right? You're talking you're depreciating your machines over six years, so you can do the math on the type of savings that we're talking about here. In terms of the customer input, we've got some customers now that are using the platform and ramping very quickly. You know, one, we've talked publicly about a social media site that's doing live ingest as customers upload their videos and such. Having that close to where the users are gives a much better experience. It's more economical. It's, you know, just a better overall experience for the customer. We've got a pretty big backlog from customers in terms of visibility for use cases.
We've got people that are doing trials now that it's a pretty well-informed bet in terms of our initial builds that, we feel pretty comfortable we should be able to fill up that capacity pretty quickly.
Perfect. Perfect. Maybe shifting gears to the security business. You know, there's clearly been some bright spots with Guardicore and Neosec, in the API space. Can you talk a little bit about how these pieces fit together with your broader security offering?
Yeah. It's a great question. You think about our security in sort of two buckets. There's application security. Think of you at your office and your company. We protect all of your web-based applications, your website. Then we have enterprise security where we're protecting your IT infrastructure. We call that our enterprise security business. The larger portion is the web security business, the application security business. There you have products like your web application firewall, denial of service, bot management, most recently API protection. I'll get back to that in a minute. On the enterprise security side, we have access, remote access. Think of that as a VPN replacement or an alternative to VPN. We have a secure web gateway which manages traffic that comes in and out of. Think of that as north-south traffic.
We have micro-segmentation which manages and traffic that goes east-west or application to application inside of an enterprise. Think of that as essentially putting a firewall on every application inside of your IT environment. Now, in terms of how this all plays together, there is an enormous synergy with the API, the most recent acquisition that we did. Right now, the fastest growing traffic on the internet is API traffic. The modern applications all use APIs as a way of transmitting data back and forth. One of the biggest threat vectors that is not being addressed today by any security companies in the market is these API attacks. You have probably read a lot about certain companies that have been under attack. APIs are a significant vulnerability, and there is not a lot of great solutions out there today.
There's a few companies that provide visibility, so I can understand two things. One, what is the universe of APIs and open gateways that I have? Number two, I can take that information, analyze it, and identify certain threats. There's no good solution out there to offer protection. Now, what's interesting with this API security product, we can actually offer, be the first company to offer real protection. We can do that in two ways. One, if you're using our web application firewall, or even if you're not using our web application firewall, you can run that traffic through us. By us identifying where there's threats, we can start to block those threats. All of the north-south traffic, we can block that with our web application firewall. With Guardicore, we can do the same with east-west traffic.
Yeah. Absolutely. Absolutely. You know, when it comes to the traditional sort of application products like DDoS and WAF, you know, how should we think about the growth rates going forward there? You know, more importantly, is this tied at all to some of the slower delivery, revenue growth as well?
Yeah. Not as much of a tie to the slower delivery growth. Obviously, if you're doing less transactions with bot management, that can have somewhat of an impact. Generally speaking, those tend to be more, sort of platform-as-a-service recurring revenue type, and less of a unit volume type product. There's some correlation, but it's not very tightly correlated. In terms of the growth rates for some of the businesses, what's interesting with DDoS, it tends to be pretty episodic. The DDoS business in general has been around for a while. We bought Prolexic back in 2013. That's DDoS protection at the IP layer. That's traffic that comes into a data center that we scrub. We pass back clean traffic, remove all the bad traffic. Then there's application-level DDoS, which is done with our web application firewall at the application layer.
What you typically see with DDoS is, as there's headlines, like a couple of years ago, there was the ransomware attacks on the financial institutions and most recently the Killnet attacks, which are impacting the healthcare vertical. We actually had a pretty good couple of quarters of signing up some of the big healthcare customers, which aren't typical Akamai web customers. They were coming under attack, needed a solution. Obviously, Prolexic is a great solution to solve that problem. We do tend to see that growth rate in DDoS be a little bit more cyclical, but cyclical based on the attack calendar, if you will, not on a normal calendar. As you see big headline-grabbing attacks, that tends to be a boom for the business. We saw that back in 2020 with the ransomware attacks, and we're seeing it again now with Killnet.
You benefit from breaches.
We do. Yeah. Unfortunately. But fortunately and unfortunately. Fortunately, things happen. Fortunately, because, it's good for business.
Got it. Got it. I did wanna leave room for questioning, so this'll be my last question. I mean, how easy is it for you to repurpose some of your staff from delivery to compute? And can you talk a little bit about the margin leverage that you expect to see through some of the cost reductions?
Yeah. Good question. It's interesting. We have an enormous amount of synergy when we go from the CDN business to the infrastructure-as-a-service business. I touched a little bit on the build-out and the co-location buys. We have a team that's all they do, right? They go and they build out our platform. They buy co-location, they buy servers, they build out the network that we run. We're not spending as much CapEx in building there, so it's freed up some capacity with those people, repurposing those people to build the cloud, the cloud network or the cloud infrastructure, excuse me. There is enormous synergy there. We also have a huge network of contractors that we use on demand as we have to build in some of our distributed sites.
I can leverage the same group of people that are going and putting a rack of servers in for CDN. They can put a few racks of servers in for the cloud business. On the go-to-market side, there's a tremendous amount of synergy as well. The first few billion dollars of revenue will probably come from our install base, right? There's certainly the opportunity to do that. We have the relationship with a lot of the right buyers. The sales force will be trained up and able to sell the cloud products. Also on the engineering side, if you think about whether it's providing the capabilities for delivering compliance for, say, PCI, FedRAMP, SOC 2, the same people that are doing that on the CDN network could do that on the cloud network. Also some of the development that we're doing.
If you think about CDN, it's really a cloud application at the sort of very basic level. Some of the features and functionality and the scalability that we have and what we use in running our own platform are transferable in the cloud business as well. We will do some hiring. There's some unique capabilities. If you think about storage, we've been in the storage business for years. There's some different unique challenges with how you scale and how you think about the difference between, say, block storage and object store, but there is a lot of transferable skills. As the CDN business has been declining and growing, will be growing hopefully again, but it's a much smaller area of focus in terms of investment, we can shift that investment into the higher-growing cloud business. We have a lot of transferable skills.
Makes sense. Makes sense. All right. I'll take questions from the audience. If not, you're gonna be stuck hearing my questions.
I don't get the AI question.
We'll use that as filler. What do you think of AI?
Sure. Yeah. It's fascinating. I would say in today's meetings, I must have had a dozen meetings. I think 11 out of 12, there was the AI question. For Akamai, there are three areas where AI could potentially have an impact to our business. Number one, if you think about being in the security business and providing security solutions for an evolving threat landscape, the more sophisticated these AI machines get, the more difficult the threats will be to solve, right? As we put up protections, as we close vulnerabilities, new vulnerabilities will become, you know, come to the surface. I think the AI being a potential accelerant for bad things happening on the internet, which is unfortunate for society, good for business if you're in the security business. I think that's one thing.
Number two, just the use of AI with our own security products, right? We do, I talked about having a big data science team. If you get machines that are more sophisticated, can do things that humans can do, you can scale that better. In theory, if we can get the machines tuned correctly, your false positives, false negatives should go down because the machines can, in theory, do a lot more than a human can do. It could be better for, for that perspective. On the cloud business, we have a revenue opportunity. There's sort of two ways to think about it. There's the training, if you will, of how you train the machine or the, the, the program. That tends to be very CPU intensive or GPU intensive. That's more what you would think of in the core data centers.
There are the inference engines, which could be actually a pretty unique opportunity for us where you may wanna run those inference engines that do not take up as much compute capability, do not need it, do not require as much. You may wanna run that where the application is running. For example, if you are using data that is coming from sensors and you want to identify something, maybe it is an unusual pattern or something where you want to take an action, having that closer to where the sensors are and not having the latency and having the cost of bringing all that back to a central data center could be a unique advantage for us.
Any questions from the audience? All right. We'll let you get to the airport a little bit early.
All right. Thank you very much.
Thank you.