Very happy to be here. Hello, everyone. I'm TJ Jiang, CEO and Co-founder of AvePoint. Thank you for joining us today. For those of you here with us in person, as well as others joining us virtually from around the world, we're thrilled to host you at our second Investor Day here in New York, and we're excited to update you on AvePoint. You'll hear about our transformation since our first Investor Day two years ago, our strategic priorities over the next few years, and how excited and prepared we are to capitalize on this enormous opportunity ahead of us. Specifically, you'll hear from Mario Carvajal, our Chief Strategy and Marketing Officer, who will share with you an overview of our go-to-market motion, followed by a discussion and demo of our platform technology.
After a short break, our Chief Financial Officer, Jim Caci, will cover our financial performance and some updates to our financial targets. We'll then have time for Q&A before we wrap. I hope that by the end of today, you share our excitement and have a clear understanding of our vision of AvePoint's future and our strategies to drive shareholder value. So let's jump right in. So who are we and why are we here? Let's start with our vision and our mission. Our vision is to take organizations beyond secure. What does this mean? Beyond Secure refers to AvePoint's holistic approach to data management. Beyond Secure addresses the inadequacies of traditional ways of managing data, which are frequently characterized by piecemeal point solutions that breed complexity and erode confidence. How do we do that? By preparing, securing, and optimizing critical customer data.
We ensure a robust data foundation, enabling organizations everywhere to collaborate with confidence. That is our mission. We comprehensively tackle these challenges, enabling our customers to focus on their own innovation without worrying about their data. Specifically, the AvePoint Confidence Platform provides organizations the ability to manage their sensitive data, to monitor and prevent data breaches, and to ensure business continuity. We also help our customers reduce costs, become more efficient, and empower their employees. And now, in the age of AI, these steps are more critical than ever. The work we do and the problems we solve are not easy ones, but our results show that we are capturing a greater share of a market that is growing rapidly. At the same time, you'll hear us talk a lot today about profitable growth.
Our focus here, coupled with the strategic priorities I will talk about shortly, is how we maximize value for our shareholders. Today, I'm proud to lead a global organization of 3,000 employees across five continents, and we're all committed to positioning our customers and partners for transformational change. So let's talk more about how we prepare, secure, and optimize your data. We started AvePoint with a focus on managing unstructured data, which is human or human-generated data, which is about 80% of all data today. This is the data that each of you generates at work every day: files, spreadsheets, emails, chats, PowerPoint presentations, contracts, and so on. Our focus on unstructured data isn't just because it's the majority of all business data today. It's also the most important. Human-generated data is crucial for understanding customer behavior, decision-making processes, and business operations.
Management of this customer-specific data is essential to properly train AI models, especially in complex scenarios requiring nuanced interpretation. By focusing on these areas, we truly help organizations prepare for applying AI and optimize the use of data for business insights. Today, we are a one-stop solution for data management. And with the arrival of generative AI, a robust data management strategy has never been a bigger priority for organizations everywhere. So when we say robust data management strategy, what do we mean? The right side of the slide lists three things that we see every company focus on. First, the resilience of their cybersecurity posture. Why? Because the threat landscape has only become more dangerous, and businesses continually. It's critical when business breaches occur, and business resilience has to be there. And second, the control of your IT environment.
Do you know how your data is being used on an ongoing basis? Are you confident that your employees only have access to the data they should? And would you know if that wasn't the case? Lastly, modernizing your workforce. How can you quickly transform legacy data for use in today's modern software systems and applications and empower your employees to be more efficient? Cybersecurity resilience, IT control, workforce modernization. These are the essential components of any successful data management strategy today. These are the problems that AvePoint solves. This ties naturally to the enormous market opportunity we see. Today, we're primarily focused on data governance and security categories, which are around $20 billion. But over the long term, as current market grows and as we tap into other areas of spend, the market opportunity is approximately $140 billion.
As of today, with $327 million in ARR, you can see that we're just beginning to scratch the surface of this massive market. So that's where we are today. But now I want to look back and highlight some key strategic decisions we made since founding the company. At AvePoint, we do the hard things first. What do I mean by this? Here are a few examples. We started out building enterprise-grade software, requiring us to build it, then break it, then rebuild it. We took that software and sold it directly to the most highly regulated industry, such as banks and governments. We established a global footprint early on, including in many countries that historically have been hard for software companies to break into, like Japan. We undertook the transition to a subscription model, which always is a big cash crunch. We did this without borrowing any money.
And lastly, we went public in 2021 with just $60 million in primary capital and no debt. Why did we do these things? In part, we're naturally attracted to big challenges. But these were the key steps in a larger, more strategic vision to put the pieces in place that will support durable, profitable growth at scale. We're positioning AvePoint to become the world's leading data management software company. All these efforts were made possible by a leadership team whose experience and backgrounds were an enormous asset to us. We brought individuals on board who had direct enterprise experience in various regions of the world and who understood platform architecture and scalable systems. In other words, we assembled a team who could help us do the hard things first. And so today, we have the operational footprint and the financial characteristics of a much larger global enterprise software company.
The next few slides will illustrate what we mean by this. First, the operational footprint. It starts with our end customers, which today number more than 25,000 worldwide. That number has grown over 30% per year since 2020, driven in part by our success in the valuable SMB market. Those 25,000 customers span every industry, and we don't have meaningful vertical concentrations. While more than 2/3 of our customers are in highly regulated industries, the data management challenges we solve apply to businesses in every industry. In addition to every industry, our customers are in every region of the world. Today, about 45% of our recurring business comes from North America, 35% from EMEA, and 20% from APAC, and importantly, each region has been a strong grower for many years, so that's the operational footprint. Now let's turn to financial characteristics.
The work we have done has translated into very strong top-line performance, as you see here. As I mentioned, we ended 2024 with $327 million in ARR, which represented a 28% CAGR since 2020. We also have not sacrificed profitability in order to deliver this top-line growth. When we stood here two years ago, we said profitable growth was our top priority, and our results bear this out. Since 2022, our first full year as a public company, we have delivered more than 1,500 basis points of improvement in our non-GAAP operating margins, and importantly, we still expect to realize more leverage in the years ahead. Our aspirations have always been global in nature, and I want to spend a minute on a recent development specific to the APAC region. Many of you saw that we recently applied to dual-list AvePoint stock on the Singapore Exchange.
This will be in addition to our listing here on the Nasdaq, so I just wanted to spend a minute discussing the strategic rationale behind this, which is in part tied to the incredible work we have done in Singapore and the APAC region. These include a strong track record of IP generation in Asia, a number of key contract wins within the government sector in Singapore, a commitment to growing R&D efforts in the region, and lastly, a partnership with the Singapore Economic Development Board to further AI industry research collaboration. In addition, we have a significant physical footprint in the region. Our Asia headquarters is in Singapore, and 2/3 of AvePoint employees are based in APAC, where 50% of our employees is in the ASEAN region.
Taking all this together, we believe our consistent execution and strong financial performance, both globally and in APAC, will make us attractive to APAC-based institutional investors seeking local, high-quality B2B SaaS investment opportunities. So that's the update on AvePoint. Now let's zoom back out and focus on some of the challenges facing every company today, which illustrate the tremendous global opportunity we see. Everywhere I go and everyone I talk to, I hear the same thing. The challenges that companies must address are the same regardless of region, size, and industry. What are these challenges? The first is the move to cloud. And many organizations are at different stages of this transformation. Some customers are just starting. They have large volume data stored on-prem and need to move all of it to cloud.
Other companies are in the midst of the move, and others have finished the move but have data stored both on-premises and in the cloud, or what is commonly known as the hybrid customer. Regardless of which stage the customer is in, these transformations introduce a variety of challenges for companies. Second is explosive growth of data, and it's tied to the move to cloud. As employees increasingly depend on SaaS applications to collaborate, organizations are experiencing an explosion in the amount of data stored in cloud. This includes data created by generative AI technologies like Copilot and others, and with that data growth comes new challenges in how data is managed, controlled, and protected. Third and fourth are the threat landscape and regulatory environment.
These go hand in hand as companies face ever-growing cyber threats and must protect themselves in a world where more countries are enforcing laws to ensure data is protected, secure, and compliant. Boards of directors can no longer afford to ignore this. The financial costs can be massive, but the reputational harm and business disruption from these attacks can be even more costly. Last, and tied to every single one of these, is the need for automation. How can companies address these challenges more efficiently? They need to control their environment, to monitor for and quickly respond to threats, and do this with fewer resources. You can argue that companies have faced these challenges for years. However, the true game changer is how these challenges are now amplified by generative AI. We saw this immediate explosion of data when ChatGPT first launched, not surprisingly.
But what was eye-opening was how ChatGPT and other AI technologies revealed a stunning lack of data security and how easily they surface and share sensitive data. And what they also did was illustrate the many ways in which the traditional approaches to data management are no longer sufficient. Previously, data security could be fragmented across systems. In the age of AI, it must be centralized. Before AI, companies could get by with a data governance posture that was inconsistent in applying policies to control access to data. In the software industry, we call this security by obscurity. But in the age of AI, companies must adhere to a uniform standard. And where a manual approach used to be good enough, organizations today must rely on automation. The other dynamic at play is vendor consolidation.
When you think of all the challenges I listed on the prior slide, and you see here how generative AI only makes these problems bigger, it's understandable that customers are seeking true platform plays. This brings us back to the mission and vision we started with. Given all these challenges, how can we take organizations beyond secure? How can we enable them to collaborate with confidence by ensuring a robust data foundation in the age of generative AI? The answer is an all-in-one platform that seamlessly prepares, secures, and optimizes your data. That all-in-one platform is the AvePoint Confidence Platform. I said earlier that a robust data management strategy for any organization today has three essential components: the resilience of their cybersecurity posture, the control of their IT environment, and the modernization of their workforce.
On the screen here, you see the AvePoint Confidence Platform, which is organized into three suites of products: the Resilience Suite based on data security and protection, the Control Suite that will focus on data governance, and the Modernization Suite focused on employee productivity. Our platform solution aligns perfectly with these challenges, unifying data security, governance, and business continuity into a seamless, resilient experience. And this alignment is why we are so excited about the opportunity ahead of us. Nobody else can address these problems like AvePoint can. Looking at the competitive landscape shows why this is the case. The problems we solve: data protection, data security, data governance. So many companies are tackling these problems independently. Why? For one thing, they're big problems on their own.
But because we started with a focus on managing all aspects of the data lifecycle, we have kept pace with these challenges and built out the platform along the way. This brings us to today, where we can look at data management holistically. And it's why we are winning. The traditional way of securing data is over. Today's reality, driven by the rise of generative AI, requires a new solution that goes beyond the old ways of stitching together vendors to secure, manage, and optimize data. We help customers control how their data is being used on an ongoing basis. We also help them establish policies that watch, alert, and monitor changes to data as it's being used. And we're doing this across the organization, where data is growing rapidly and is accessible by different endpoints. All of this comes together in one integrated solution, the AvePoint Confidence Platform.
And everything you see here is interoperable so that when customers buy capabilities in one area, it's easy and quick to turn on capabilities in others. This offers us a number of advantages: a deep competitive moat, efficient cross-sale opportunities, rapid innovation, and customer stickiness. And more importantly, our customers benefit as well, including a more streamlined workflow, holistic data insights, comprehensive support, and meaningful cost reduction. Not surprisingly, these cost reductions are extremely compelling for customers, and they're just one benefit of our platform approach. Let me give you a few examples of how we offer customers a clear, tangible return on their investment in AvePoint, often right away. First, lower time to value. We can archive redundant or obsolete data right away and can deliver meaningful savings on customers' data retention costs. Second, enterprise scalability.
We manage 535 PB of data on a daily basis, and our platform can offer the same value to a customer with 10 employees or 10,000. Third, a high ROI. Simply by automating data governance capabilities and reducing manual work for the customer, we can show our customers substantial cost savings. Lastly, improved operational efficiency, as our platform automatically performs hundreds of thousands of backups and governance operations per day. Let me try to crystallize all of this with an example of one of our largest customers and their buying journey with AvePoint. This customer is one of the largest consumer goods companies in the world, with more than 100,000 employees, and their journey with AvePoint began in 2021. They initially were looking for an automated governance solution that could provision and renew data access, as well as manage external sharing.
Any solution they choose will have to meet their security requirements and also produce reports for their internal audit teams to prove compliance. They purchased the Cloud Governance and Policies & Insights solution from our Control Suite and saw a number of positive business outcomes, including end-to-end data security, automated governance, the prevention of potential fines, and drastically reduced risk of data exposure from external users. This was only the start of their journey, however. The next step came when they looked more closely at their global, highly distributed workforce and wanted to better understand employee engagement and training needs for different offices and different regions around the world. They also wanted to understand what was being underutilized of the Office 365 tools they have invested in. Our tyGraph product was a natural solution to these challenges, and they purchased this from our Modernization Suite in June 2023.
This allowed them to offer more tailored training resources, uncover gaps in employee engagement, clean up outdated content across the company, and improve the overall employee experience. As we showed them value from these products, their journey continued. As they purchased EnPower in September 2023, Opus in March 2024, and Compliance Guardian in December 2024, these investments have enabled governance of Power BI, a reduced data footprint, and the ability to set tailored retention policies, and also the ability to scan and label billions of files with sensitive data. And importantly, their purchase of Opus freed up approximately 600 TB of data, saving them $1 million in overages on a yearly basis. Today, the ARR from this one customer sits at approximately $2.5 million.
This is a great example of the many use cases we can drive for customers and the holistic approach we bring to solving so many data management challenges. I want to shift gears and talk a little bit about our multi-cloud strategy. I'll start with Microsoft, the relationship we have with them, where their capability ends and ours began, and why they rely on partners like AvePoint. It's important to start off by noting that we do not compete with Microsoft. Instead, we compete in the multi-trillion-dollar Microsoft ecosystem. Their goal is to grow that ecosystem, especially on Microsoft 365. What Microsoft depends on from AvePoint is our ability to complete that ecosystem to help our mutual customers maximize their Microsoft ROI. The data management problems we address are not Microsoft's primary area of focus. They instead look to us for this.
In doing so, we make Microsoft's products stickier, and our customers get the enhanced data governance, security, and resilience that only AvePoint can offer. So it's a mutually beneficial relationship and one that has only strengthened over the last 20+ years. So today, about 90% of our business is tied to that Microsoft ecosystem. But we see the same opportunities across other ecosystems, which is why we built a platform that was agnostic and multi-cloud. So in addition to being a category leader for Microsoft, we can replicate that success within Google, AWS, Salesforce, and others. This is why we're excited about the new data security solutions for Google Workspace and Google Cloud that we announced last week. Within the Confidence Platform, we can now offer Google customers comprehensive solutions across four critical areas: data protection, information lifecycle management, risk intelligence, and data migration.
This expansion of our platform addresses the unique requirements of multi-cloud, agile organizations, and will allow us to deliver a seamless end-user experience that builds on our proven track record of success with Microsoft. This is valuable for our customers because the reality is that most companies today are multi-cloud, and they want the same data management value across all ecosystems they utilize. This is where we see a large growth opportunity in the years to come. As we grow, the contribution from non-Microsoft cloud content providers is from 10% today to 25% - 30% in the longer term. The need for a robust data management strategy comes even more into play as the AI world continues to transform rapidly. One recent development was the rise of DeepSeek, shattering the model of spending tens or even hundreds of millions of dollars to train large language models.
This democratization of AI development is a good thing. It allows businesses of all sizes to access powerful AI tools that were previously out of reach, and this newfound affordability is great for innovation and accessibility, but it doesn't eliminate the foundational requirements of data security, governance, and quality. If anything, it simply confirms that businesses eager to use AI must ensure they have strong data management capabilities to drive their success first. Why? Because the foundation of any successful AI deployment isn't the model itself. It's the data governance and security strategies behind it. This is where AvePoint excels. We are the trusted partner to organizations around the world to provide that governance, security, and protection to maximize the potential of AI while maintaining compliance and security. Before I wrap up, let me discuss our strategic priorities for the next few years.
The first priority is to accelerate customer adoption and increase customer retention. Once customers install and use the AvePoint Confidence Platform, it becomes mission-critical. Mario will discuss our newly streamlined solution approach to selling the platform to new customers and expand adoption with existing customers who view us as a strategic partner. The second priority is the continual expansion of the Confidence Platform. Customers today are prioritizing platform solutions that address multiple use cases, and we will continue to add new solutions and strengthen existing capabilities. The third priority is to continue scaling our channel ecosystem. Mario will discuss our newly revamped partner program and how it will benefit us and our partners in a number of ways. We will continue adding new partners and deepening our relationship with existing partners.
This will accelerate our market growth and continue to be a critical part of our profitable growth in the years ahead. The fourth priority is to broaden our market and geographic presence. We're focused on driving greater adoption and expansion opportunities within our growing customer base, which is already global in nature. We're also going to drive new local acquisitions in the regions where we already have an established presence and enter new markets via our robust channel strategy where cloud adoption is starting to rise. Lastly, we'll continue to make strategic acquisitions and investments with a focus on solutions that can strengthen our SaaS business and expand our customer reach. While we have a rich history of innovation and product development, we always evaluate whether it's more efficient to build solutions ourselves or pursue M&A that accelerates our product roadmap.
And given the strength of our balance sheet, we're also open to pursuing larger, more transformational deals as well. So we have looked backwards and covered the work we have done to position AvePoint to be the world's leading data management software company. We have looked at where we are today and covered the market opportunity and our platform capabilities and how we view AI. And we have looked ahead and covered our strategic priorities over the next few years. Now is where we put all this together and introduce our next milestone: $1 billion of ARR, which we're targeting to hit in 2029. This is a big next challenge, and we're excited and humbled by the opportunity. We know that achieving this milestone will require success on a number of fronts.
You can see them here, and they're all tied to the strategic priorities I just discussed: new solutions and capabilities that drive value for customers across all segments, geographic expansion and cross-selling, and leveraging our invaluable channel ecosystem. We're confident in our ability to hit this target and know that in doing so, we'll take the same focus and execution that you now are used to seeing from the AvePoint team. I know I have covered a lot in a short period, so let me recap the key takeaways. First, we're a true platform company solving the modern data management challenges traditional data security companies cannot, and we're focused on profitable growth. Second, there are a number of strategic use cases we address for our customers. Third, we sell to companies all over the world of all sizes and in every vertical.
Fourth, we're tapping into a growing market that is just scratching the surface of this massive opportunity. Lastly, we have an eye to the future and believe that generative AI will be a long-term growth catalyst for AvePoint, and then lastly, just a quick rundown of what you'll hear from my colleagues today. Mario will open with an overview of our go-to-market strategy, what we're doing for both our direct sales teams and our channel partners to serve more customers, and how we're streamlining and simplifying the sales motion through new solution packages. Second, you will see a demo of our platform technology. The platform is the product, and the product is the platform. Mario will talk about how our continuous innovation allows us to partner with our customers to address their most urgent data management challenges. Last but not least are the financials.
Jim will review our financial performance, outlook, and strategy. You'll hear how our focus on profitable growth has enabled us to deliver ongoing top-line strength, consistent profitability improvements, and significant cash flow generation. So there's plenty to cover, and thank you again for coming. And let me welcome to the stage Mario Carvajal, our Chief Strategy and Marketing Officer. Thank you.
All right. Good morning. It's very nice to see you all in this cold, very brisk day. We all thought we were going to get spring soon, but not. I guess a few more days of cold. TJ, thank you so much for the overview. And now let's talk about go-to-market. So to set the stage first, here's what I want to walk you through today. First, the enormous market opportunity we see both today and in the years ahead. Second, how we segment our customers.
And I'll talk both about size and our two routes to market. And third, our go-to-market, including new solution packages that TJ just mentioned, which we are already rolling out. And lastly, our channel strategy, including the recent launch of our Elements Platform earlier this month and our newly revamped partner program. And along the way, I will talk about a number of things we're doing that tie the strategic priorities TJ mentioned. Okay, so how do we think about the market opportunity? Well, we start with customers' needs today. And so what are those needs? Customers need a platform-first strategy, ensuring every feature and solution works together to maximize interoperability. They need the benefits of robust policies that really help them secure the perimeter of their sensitive data, ensuring that data is not just protected, but that it is strategically governed.
The need for a platform that combines data security and governance, because you know what? Workspaces, where we spend most of our time, that needs to be managed and governed as well, and ultimately, their business continuity depends on the ability to bring resilience and quality into a single, seamless experience in one platform. And in delivering all of this, our goal is to inspire trust, ensuring organizations can focus on innovation without worrying about their data. That's at the heart of our Beyond Secure philosophy. Security is the foundation, but empowerment is the goal, so we don't just solve problems at AvePoint. We are helping companies redefine businesses so they can manage and they can secure the most critical assets. You see, it's not just about security. It's about delivering a transformative experience that empowers organizations to go beyond traditional security means, so let's talk about the market opportunity.
As TJ discussed, the data management challenges we solve are vast, and they do impact companies everywhere in all sizes, and so when we think about the opportunity for AvePoint, it shouldn't be a surprise to you that what we see is an addressable market that's pretty large. Specifically, we see a market that's around $20 billion for the categories which we primarily focus on today: data security, data governance, compliance, and protection. Now, this is not just the dark area in the blue, but there's also a complementary side, which is the data intelligence and the data integration, and these categories also help organizations secure their analytics across all their cloud applications. That's what you see here in the light blue in the middle, and in the purple section to the right, all those categories represent a little over $80 billion in the opportunity for AvePoint.
You know what? Between now and 2028, that $80 billion is expected to grow to $140 billion, or about 50% per year. So the TAM is a reflection of how large these data management problems really are. And we built the Confidence Platform with the same thought in mind, by studying the problems that exist when a company struggles to manage critical data. And so today, as we sit here at around $327 million in ARR, you can see that we're just beginning to scratch the surface of this market. So let's talk about how we're doing that. First, how AvePoint is structured. So we're a global company solving global problems, and we have established presence across North America, EMEA, and APAC. We have five offices in the U.S., including our global headquarters across here from the Hudson River in Jersey City.
We have nine offices in Europe, as well as about a dozen offices in APAC. Our sales teams are also primarily segmented this way. Now, here's a view of the segmentation of our customers, which is primarily by size. At the top of the pyramid is the enterprise. These are the largest customers, including massive global organizations that are part of the Fortune 500. Serving the enterprise space is where we initially began over 20 years ago. Today, our enterprise segment represents a little over half of our total ARR. Enterprise customers have more than 5,000 employees, and the typical buyer is your IT leadership, which is comprised of your CISOs, your CTOs, your CIOs. The buying cycle here is typically direct, high touch.
It's an engagement led by our sales reps, and it often includes product demos, product trials and testing environments, and proof of concepts. Next, we have our mid-market customers, which are customers that are more than 500, but fewer than 5,000 employees. Mid-market customers today represent a little less than 30% of our ARR. With these customers, the buyer can also be IT leaders. But you know what? Companies today are also increasingly relying on IT consultants, system integrators, software resellers to provide trusted referrals on the software platforms that best address their needs. And at the bottom, what we see are our small and medium business, or SMB, customers. And these are where we have fewer than 500 employees. They've grown rapidly over the last few years and represent about 20% of our ARR today.
Now, the buying motion here is a little different, given that small businesses typically outsource IT to managed service providers, or MSPs, who in turn source the technology from multiple vendors and resell it as a service. We sell to SMB and customers primarily through the MSPs, as well as distribution channels and a network of resellers. And our goal is to make it fast and easy for partners to procure and sell our solutions. And I'll talk about this more in a little bit. So that's how we break down the customer opportunity. And now I'll turn to how we go to market. On the right side of the page is the customer segmentation I just reviewed. And on the left side, it has the key steps in our go-to-market motion.
And these include building brand awareness, demand generation, which translates into pipeline creation, and ultimately the closing of business. After that comes the critical steps of onboarding customers, ensuring that they see value right away, and of course, our ongoing support. So now let me talk conceptually about the platform solution. We're actually bringing to customers a platform that really pulls all of those needs together. So it all starts with the Confidence Platform, an all-in-one data management platform that seamlessly prepares and secures and optimizes your human-generated content, as TJ mentioned. And it's organized into the three suites: the Resilience Suite, that focuses really on data security and the protection, and then also the Control Suite, which complements the Resilience Suite because it brings the data governance, and the Modernization Suite ultimately affects the productivity of the end user.
So we've thought about all the different dimensions of the environment. Our platform-first strategy has a number of benefits, both to AvePoint and our customers. Because there are multiple use cases that we address and multiple problems that we solve, there are many entry points into the conversation when we meet prospects for the first time. Customers may need to migrate data from legacy systems, or they might need to transform data from old technologies. And once they do, they need that data protected. They may have concerns about complying with regulations, or they may want to put an automated policy in place around data access. Sometimes it's just as simple as they have too much data. They need data to be cleaned up. And they need our help, making sure they get rid of redundant, obsolete data. We have solutions across all three suites that address these challenges.
We're the only provider that combines all of these points of view in one platform. Unlike single-purpose point solutions, we do offer customers a full platform of solutions that interoperate and allow them to also extend capabilities. And because we arm our sales teams and partners with this platform, they can be very competitive from the initial engagement, knowing full well that they can capitalize on additional cross-sell and upsell opportunities. This is the advantage of the platform. This is why TJ mentioned that platform is the product. Now, I want to talk about something brand new and something we're really excited about, which is new solution packages for our components of Resilience and Control Suite, which collectively represent 90% of our recurring business today. In each suite, there are three tiers of offerings: the Essentials, the Plus, and Complete.
We see a number of benefits to this structure, including simplification both for customers and for our sales reps. We want to make it easy to address and solve the most common challenges our customers face: a good, better, best maturity-based model that aligns SaaS industry best practices and enables us to prescribe the right capabilities based on a customer and where they are in their journey. It also naturally provides a clear upsell path for where they're going next. Lastly, enhanced alignment with our buyer profiles, with the Resilience offerings geared towards security leaders and the Control offerings tailored for information security. Importantly, they can be mixed and matched to form the ideal comprehensive approach to data security, governance, and resilience. As I mentioned, we're also launching solutions for Google Security Cloud.
Here, we're shipping basically the same solution packages in the same categories of Resilience and Control to get us started. There'll be more to come later this year. So these solutions are branded, and they're new, and we're just starting to roll them out now. And we believe they absolutely will be a difference maker when it comes to competition. And the reason for that is because we're bringing these solutions together in one unique recipe. I mentioned before how we have two routes to market: the direct and the indirect. And I want to focus on the indirect route, where we see us helping partners by offering multi-tenant capabilities and by making significant investment into delivering IP to channel providers, specifically the MSPs. This is why we launched in early February the next generation of our Elements Platform, to provide a tailored experience for MSPs' persona.
Who is the MSP persona? The MSP is an IT organization that manages your IT environment. In fact, it is likely that many of the firms you work for today are leveraging MSPs to deliver IT for you to use in your business context. MSPs ultimately need technology to offer the market cybersecurity practice, to deliver data protection and security solutions that are easy to turn on, easy to see the environment. This is what the Elements Platform now includes. Let's get into the details and talk about this next generation of Elements. First, it will enhance risk monitoring to safeguard business continuity with capabilities in migration and tenant-based enforcement. You see, by integrating advanced risk monitoring tools in our platform, we will enable the MSPs to identify, assess, and mitigate risks in real time for their customers. We do this with cyber protection and identity management.
In the last two categories, which are workspace management and change management, we will reduce the operational downtime, maintaining customers' trust and unlocking revenue opportunities for our MSPs, especially in highly regulated sectors like finance and healthcare. You see, the Elements Platform now offers a unique set of solutions that will allow MSPs to reduce implementation timelines, improve service reliability, and scale the offerings to meet evolving customer demands. This makes the MSPs much more competitive. That's an overview of Elements and our focus on MSPs, which ties naturally to a larger discussion of the channel opportunity and how we expect it will drive even more profitable growth as we continue to scale. Ultimately, channel is tied to all aspects of our business. It is the goal that the percentage of our ARR generated by channel continues to grow every year.
Now, here's a close look at the progress to date. In 2020, 43% of our ARR came through the channel. This was 55% at the end of 2024, and as TJ mentioned, we think that long-term, this percentage can approach 75%, with most of our direct sales taking place at the enterprise level, and growth in this percentage is also tied to the number of partners we work with. That's what you see in the middle. In 2020, this was just over 2,000, and today, it's just about 5,000 partners, and lastly, MSPs, they're really going to be more loyal to us because of the Elements Platform, because we offer a unique one-stop shop for them to increase value. On the right side is ARR we have generated through MSPs, which has shown tremendous growth as well since 2020.
At that time, we had around 6 million of ARR tied to MSPs last year, and that number was about 40 million. And this is a 60% annual growth rate, so while today we have about 5,000 partners, here are some of the largest partners we work with. Our goal is to continue growing this overall number while deepening the relationships with the partners who can be the most valuable to us. Now, some of you may ask, why focus so much on the channel? Why double down here, and here are a number of statistics from a third party that we think supports our strategy. First, Canalys seems to see that the estimates of the 2025 addressable IT market are nearly 75% of it will be done through the channel, through partners in the channel.
Secondly, virtually all of Microsoft, if we take them as an example, their revenues today are measured as partner assist. They're almost entirely through channel partners. And lastly, about 85% of sales reps say that selling through partners has had a greater impact on revenue compared to a year ago, according to Salesforce. And if we go one level deeper into the MSP specifically, our focus here has allowed us to show meaningful growth in the number of MSPs we work with. In 2020, it was about 1,200. And this has more than doubled to over 3,000 as of 2024. At the same time, there are approximately 45,000 available pure-play MSPs out there, which illustrates the opportunity we still have. 93% of this market is still available to us. And we are actively going after every opportunity.
And then lastly, on MSPs, which are a critical part of our ecosystem, which enhances our access to the vast SMB market. However, I want to point out that this ecosystem also includes other partners like system integrators and consultants. You see, with all of this in mind, I want to talk about our newly revamped Points-Based Partner Program. This program is designed to reward engagement. And it's about winning together with our partners. The program will help us look at the entire ecosystem in an interconnected way so that we can foster a channel network that is profitable for everyone. And how do we do this? Well, as you can see here on the left, partners can earn points across three engagement categories. And we purposely are using the word engagement to move beyond typical transactional-based resale models.
As they earn points, partners move up through three different levels, each having their own benefits. So let's talk about the engagement categories. The first is a Partner Development. We know how critical it is to get our partners certified and educated on the overall value proposition. And this category measures partners' competency, proficiency, knowledge of AvePoint, and ensures that our partners have the tools and the knowledge to make it easy to sell, deliver immediate and long-term value to their end customers. Next, we have Pre-Sales, where we help with lead and demand generation, which in turn develops into pipeline opportunity. And this is looking closely at productivity for our future growth with partners. And then last is Partner Success, where we reward the partners based on business they capture, renewals, cross-sell opportunities, and other financial metrics.
This is how collectively we demonstrate to the partners we are committed to their success. So overall, we feel that the structure to our channel properly aligns the incentives of our partners with AvePoint's incentives and establishes strategies to allow us to win in market together. The points earned then translate into three different levels, which is how we categorize our partners. And the three levels are: we have Authorized Partners, Managed Partners, and Invested Partners. Let's start with Authorized Partners, which is the initial stage of the relationship. We provide them access to discount levels available to our entry-level partners, as well as comprehensive training on how to sell our solutions. And as they build their AvePoint knowledge and grow their reach, they become Managed Partners. And here, we're closely measuring their activities. For example, how partners are often running webinars or hosting events to cultivate customer interest.
In doing so, the relationship grows even stronger and then they become Invested Partners. This is our top-tier partners who are the experts in selling our platforms and commit to certain growth targets. We frequently will do co-selling activities with them, so when you bring all of this together, you see that we're enabling partners to bring solutions to market in an effective way, and by categorizing them into these three levels, we can better analyze our vast channel network, and we can incentivize our partners to unlock more benefits and resources in a structured way. With those strategic goals in mind, here are the high-level outcomes we're seeking to validate our strategy. These should look familiar to you, as they include the strategic priorities that TJ mentioned. They include geographic expansion, revenue growth opportunities for cross-selling, and a continued improvement on our customer retention rates.
So to wrap up, we feel like this program offers some of the benefits, including a simplified and transparent reward structure, which is tied to field engagement, not just transactions, flexibility in how partners redeem rewards, performance insights that are data-driven and understandable, and of course, long-term relationship building with our partners. So before I turn to more detailed discussion in the demo of our platform, let's recap the key takeaways from this go-to-market overview. First, you've heard it a few times already today. We are aggressively pursuing an addressable market that is large, growing, and underpenetrated. Second, we're rolling out new simplified solutions for our Resilience and Control Suite offerings that will help streamline the selling motion and focus on the strategic use cases that our customers tell us matter the most. Third, we're investing in the channel to make it easier for partners to bring our solutions to market.
The next generation of our Elements Platform is a great example of this. It will allow them to reduce implementation timelines, improve service reliability, and scale their service offerings to meet evolving customer demands. Along those lines, our revamped partner program is designed to reward engagement and ensure a flourishing channel ecosystem that benefits our partners and all parties involved. Then lastly, our Beyond Secure philosophy. We don't merely want to be a software vendor. We want to deliver a transformative customer experience where we inspire trust, redefine it by managing their secure and most critical data assets. Okay, so with that, what I'm going to do is turn over to the platform and show you a little bit of this in action. I'm good. Okay, so you've probably seen this three times today. The setup here is the design of the suites is really thematic.
It's really to help you think about not only do I want to protect my information, but I also want to be able to control, and most organizations today have a challenge in controlling the information. That's where they look for IT, and they say, how can we automate all of this? The modernization side is we want to make sure that when we actually are thinking about securing data and deploying those controls, we improve productivity. We change the way the knowledge workers are interacting on information, and so I'm going to do a couple of quick demos for you in the time that we have left. I'm going to show you the command centers, which is a design that we are bringing to market that is unique. We are the only company that's offering this.
And it has to do with our history, how we built all the platform solutions, how they interoperate. The goal with the command centers is to give you a holistic view over the environment and be able to understand all of the signals that you should be watching when it comes to securing your data. We'll also talk about the approach to data protection, which is quite different. Many of you have asked us about enterprise backup players, right? So I'll talk about the difference and how we go to market. And then lastly, the time we have left, I'll show you a quick preview into the Elements Platform and why the solution packages I described are going to be a game changer for us. Okay, so what differentiates the Confidence Platform are just three ideas. The first is a complete and actionable picture.
See, the goal is to, it's difficult when you have a lot of different data repositories to take a whole view of the environment. It's very difficult to do that. We've been fortunate that over the many years, we built a very comprehensive API and a bunch of connectors, frankly, that not only allow us to connect to cloud service providers, but also proprietary data sets, and so the goal is to give you an actionable picture. This is really important for security officers, CISOs, because they really want to understand, where am I at risk? The second idea is shared accountability. It's no longer enough to say that IT is accountable for your data, for data breaches, for ransomware attacks. In fact, many have published that the biggest threat are inside actors, and so shared accountability is how do we get knowledge workers to also share in the accountability?
How do we make sure that the security officers are sharing the accountability of what policies they design for the organization? And also, how do we hold accountable the IT operators? And the last thing is a pragmatic protection strategy or approach, and this really goes back to the roots. When we first started building our platform and we said, we want to make sure we can recover an entire distributed application, we wanted to make sure we ensured business continuity. We've kept that idea over the years, but we've evolved it, and we differentiate ourselves with your traditional enterprise backup companies, so I'll talk about that as well. Okay, so the first thing I want to show you is, so this is the platform.
What's interesting about the platform is typically, to get that holistic view and that actionable insight, the command centers, which are highlighted here, we have an AI Confidence Command Center. We have a Data Resilience, Optimization, and ROI. We have a Risk and Compliance, and Security. These are designed for different personas. Sometimes we'll work with organizations. A CISO will say, I really want my auditing team to have access to not only see where there's anomalies or issues in exposing data elements that could introduce risk, but I want to be able to log that. We have a lot of organizations, IT sec organizations that are thinking about, Sarbanes-Oxley , for example. They need to produce these reports. They need to understand what controls are in place. These command centers are designed for that type of persona.
But they're also designed for a team that, for instance, says, well, we want to deploy a generative AI tool, for example, Microsoft Copilot. Is the organization ready? Can we actually deploy that? So let me show you real quick in our AI Confidence dashboard. The first thing we show you is we start with a risk score. And the risk score is nice because it makes it really easy for you to know, how is the environment if I'm about to roll this out to a department of workers? And the first thing we do is we highlight it. And we say, well, look, we understand that you've deployed a number of Copilot licenses. We understand that there are a few users that are already starting to use those Copilot licenses. And that allows you to get a sense of how adoption is taking place.
What we also do is we start to show you here how we're exposing issues with sensitivity. Sensitive files are missing classification. Why is that an issue? If the data isn't classified and someone enters a generic prompt, you might inadvertently surface HR data to perhaps an employee that shouldn't have HR data. If your data is not classified properly, you want to understand that and know that. Then you want to be able to take action. The next thing you want to look at is, are there any sensitive files shared with anyone? Up here, you can see on the right that I have, in this environment, 12 files that have sensitivity and that they're shared with everyone. How did that happen?
It happens because typically, when you first turn on Copilot in Microsoft and I set up a site where I want to collaborate with my colleagues, I may inadvertently have the everyone access in that repository. So if I put a very sensitive file there, they're all going to get access to the file. And so how would I know that if I'm an organization of 70,000 employees? How would I know that if I'm an organization of 500 employees and I don't have an IT operating team that can monitor and watch all of this? The answer is I wouldn't know that. And so I would turn on Copilot and I would have issues. I would introduce risk. But with the command center, I'm actually able to see this. And I'm actually able to take an action on this. There are other things we show you here.
I talk a lot about workspaces. A workspace is nothing more than where you spend your time working, so if you're using Teams or you use Zoom or if you're using Google Workspace, you probably start in a conferencing or communications tool, and some of these tools nowadays allow us to share files, well, behind the scenes, that file is being stored somewhere, it probably is being stored in your own personal drive that your user account has, and so when that happens, that's really the workspace that you're spending your time in, well, that workspace, I could also apply classification or policies to that workspace. I can say, Jamie is part of our IR team, and he should be working on financial data as he's reviewing or preparing for earnings with Jim.
But I certainly want to make sure that Jim--sorry, Jamie--doesn't share that information out with my creative team because maybe they're getting ready for this event today. And he inadvertently sends them the wrong file. Well, how would the system prevent that? The system would prevent that if on the workspace I had a policy. The only way you can do that is with the AvePoint Confidence Platform. So this dashboard is allowing me, in a very quick view, to understand what is happening. Now, typically, what happens is an IT operator would look at this. And they would start wondering, well, maybe I should go see why are there workspaces with a number of objects that users have access to that they shouldn't have access. Let me go fix that. Or let me understand over the past few months, do I have any other areas of risk?
And so the goal here is, as the organization is getting ready to deploy Copilot, they're really understanding how ready am I? Where is my risk? The thing that we've done in the platform is we've also introduced a recommendations engine. So very quickly, we decided to ship with the platform these recommendation templates that make it super easy. In this case, there's an enable AI readiness policy. There's also one that says you may want to archive redundant obsolete data. You probably don't want Copilot to show a bunch of files that are old, right? Files that are from four years ago because maybe they're outdated. False information, miscommunication could be getting. Or you simply may want to look at a policy that says you have not set your sensitivity labels. And if I'm a Microsoft 365 customer, I may be using Purview.
So many ask me, aren't you guys competing with Purview? The answer is no. We don't compete with Purview because Purview doesn't give you this dashboard. Purview also doesn't have the ability to say, yes, we have sensitivity labels. But we understand that those sensitivity labels are also deployed across workspaces or places where users that shouldn't have access have access. Purview doesn't do that. What Purview does give you is the sensitivity label. So we are interoperating here with Purview. And in this case, to keep things simple, if I decide to choose the AI readiness, I also have shipped the package with a few of these classification policies already set up for the organization. And if I take a look at the highly restrictive one, what I'm basically saying here is, look, we could take a look at your entire environment.
And there's about 84% of this data repository that has sensitive data. And you're about to turn this thing on for Copilot. Before you turn it on for Copilot, why don't you actually look at how you're doing classification for that data repository? Who's the owner of that data repository? Right? That's also important. In fact, a lot of organizations don't even have this concept of data owner. Believe it or not, the data owner concept is really important because it's the people that really understand what the use of that data is for. And then also, there might be privacy settings, especially if you're in health care. You care about privacy of information, patient health care data. But in this situation, maybe I'm in a hurry. And I need to get this deployment going. So I say, you know what? This configuration policy looks pretty good.
And so what I do is I apply and I run this. Now, what's happening here is our Confidence Platform in this organization's environment is actually going out. It's finding all those data repositories across all the applications of Microsoft 365. Or if I'm also using Microsoft 365 and I happen to be using another instance over here and I use maybe Google Workspace or Box or Dropbox, which, by the way, does happen, the same policy will go across all these different data repositories and apply the controls. So when I spoke earlier and I said, we actually apply the controls, we take a pragmatic approach to protecting the data. This is unique to AvePoint. This is not done by competitors that say they do governance. OK? So here, what we've done is we've helped the organization get ready for their AI deployment.
And if I come back real quick, what you'll see is my score went up. And the point is that the application is constantly monitoring the environment. And it's saying, look, five minutes ago, you actually had all these issues. But now you've actually started to make some corrections. Now, typically, what happens is that I come down to my dashboard here. And I start understanding these graphs. And I see that, look, I made a couple of changes. I still need to fix a few more changes, make a few more changes in a few areas. This has been very helpful for us. This has helped us unlock the potential of Copilot in an organization. Organizations are paralyzed. And Microsoft, by the way, is not doing this. And it's OK. This is not to compete against Microsoft, as TJ said.
This is us bringing a unique set of capability into the industry, helping organizations go further with the investments they've made. This is about going further. We at AvePoint deployed Copilot, and you know what we used? We used our Confidence Platform so that our CISO was confident in saying, yes, you could turn on Copilot. You could turn it on for the different departments. It's been very helpful. By the way, the same thing will apply with other Gen AI capabilities, such as Gemini, and the reason for that is, remember, the entire application, the platform, is multi-cloud, so before I leave the AI Confidence Platform, I want to show you that there's something else I can do. I said before, well, what if I have a data repository or some files that have been sitting there and I surface some information?
We had a case with a customer where there was a file that came up in a discovery through a prompt, and that file basically talked about layoffs. What happened was everybody got all frenzied about the fact that it was a workforce reduction, but the file was old, and it was from several years back, and that's because there was an old data repository where data had not been cleaned up, so what we do is we actually can come back in here and say, look, we have rules for redundant, obsolete data. We know that there's data that has not been actioned, data that's been sitting there dormant. We know that some of that data has also not been classified properly. Would you like us to either do an archive, or would you like us to completely purge and remove this data?
There are some industries that actually are big on cleaning out the data, removing data. There are other industries that have these incredible long multi-year retention cycles, right? Seven-year retention. The software can do all of that. It could apply long retention policies. It could also move data around. It could also archive data. In my case here, I can say, look, there's a couple of files that are obsolete. Maybe I don't need these legacy Office files. Let's get rid of those, and so by applying this rule, what happens in the background is this taxonomy you see here, it's actually going across all of the different data repositories, and it's saying, look, we're going to remove from the scan, from Copilot, this data repository or this area of information in your corporate data. This is powerful. This is really important.
This allows the organization to have a very phased approach to rolling out AI capabilities. By the way, this is also very powerful for organizations that are thinking about building their own AI models or building AI agents to talk to different data repositories. So this is not just about Copilot. So now that we've done that, maybe one more thing I can show you is workspaces. This dashboard is also showing me that there's a few workspaces that don't have owners. Now, once again, what's a situation where this is a problem? I'll show you. I'll share a great example. So at AvePoint, for our M&A work, we have a team that does M&A. And so we do a lot of discovery on proprietary data, data that's under NDA. Especially if we start doing diligence on an asset or a deal, we start packaging all that information.
We control who has access. We work with third party, right? Sometimes we work with bankers, with legal. And so typically, what will happen is we have a workspace. And then I assign an owner. And so that owner knows what's happening with the information, when should the information be archived, what are the corporate policies to purge information, et cetera. But in many cases, sometimes workspaces that don't have owners could also become risky to the organization because it's data that's sitting there. It's data that's sitting there that could also be discovered through one of these AI agents. So with this, I could give you a quick view. I could show you not only where there's a workspace policy deployed, but I could also allow you to slice and dice based on the application you're using.
If you happen to be using Microsoft 365, maybe you're like, look, let me actually understand in channels of my Teams. I need a channel report to understand where there's actually owners that are missing. Maybe you want to do that. Or maybe you want to also investigate call quality, right? So we go really deep in all of the controls that we can give you when you think about the workspace. And the reason why this is important is because, once again, we're putting in the hands of the administrators all of this capability so that when they're finally ready to roll out Copilot, they're much more confident. And that confidence is important for the organization. OK, so talked about the AI readiness.
I also want to talk really quickly about our Data Resilience dashboard, which, what I want to highlight here, is so we've actually been able to go beyond just a few of the applications. I often get this question. Don't you guys compete with Microsoft's backup offering? The answer is no. In fact, what Microsoft will do is they'll say, hey, we have a solution because customers came back to us and said, look, you've got to really give us some data protection. Sure, we'll do that. So what they did is they only cover SharePoint, OneDrive, and Exchange. That's it. That's all you get. That's all you get. But that's not enough, and most organizations don't really just work in those three applications. In fact, the idea of M365 is that you go across all the different applications.
Typically, what happens is when we think about data resilience, the continuity of data, we slice and dice. And we break up all of the different applications we see in any cloud service provider. In this example, it's Microsoft. If I was showing you the dashboard for Google, it would be Google. We would show you all the different locations in which Google is working and operating. What's nice about this is that we also even go down to Power Apps, right? We've had so much success with Power Apps. Organizations that really want to empower citizen developers, right? You've heard that term. And the importance there is that with a Power App capability here, you could just design a data resilience policy just for the data of that Power App. And that may be different than the one you have for Teams.
It certainly will be different than the one you have for the end user, OneDrive. This is the reality. Organizations need the ability to guardrail the entire environment based on the department or the regulations of their industry. That's our data resilience. I also want to show you back on this optimization section here that we also are showing you what's under protection, what's under a protection policy. That's also important. We also can show you how much data have you been restoring. By the way, the amount of data that you've been restoring is a hint at which is the most active data, what's the most critical asset of your entire information or data estate. Here, in this case, I'm showing you also active entitlements across Google, Microsoft, Salesforce. I'm helping the organization get that holistic view. Remember that first point I mentioned?
We want to make sure we empower you with a full view. So as we continue down into our Risk and Compliance, what I really like about this one is it shows me my top drivers for my score, sharing links. We love sharing links. Well, sometimes a lot of links could also introduce exposure into the environment. When you have a bad actor, when you have a hack happen, it usually comes through a bad actor or a dead account, an account that's been sitting there. Many firms will hire contractors. And those accounts do not get cleaned out from the environment. And that could become a backdoor for you to come in. And so we show you here not only where you have sharing links, but we also show you what items are at risk based on those conditions.
In this case, I'm showing you that across your Microsoft, your Google, your Salesforce environment. This allows the organization to be much more strategic about the security policies they're going to deploy, right? This helps you really remediate the environment. You notice here we also have untrusted users. These are users that really are not part of policies for access to information. The reason they're untrusted is because they probably have something that was manually configured. It was set up temporarily. It should be investigated immediately. Those are moderate risks. The other thing that is important about our security approach is that we could detect ransomware attacks, right? We could help you identify these ransomware events. The thing that got confused, I think, a long time ago is that we've been doing ransomware for a while.
Just because we weren't marketing ransomware, people thought we didn't do any kind of detection for ransomware. Fact is, we've been doing it for a long time. We do it down to the workspace level. We also are able to identify a data lineage of that ransomware attack all within the platform. OK, moving on. When we zoom out from our command centers and we think of the entire platform, what you're hopefully getting a picture of is that whether you're an organization that's starting to migrate data or you're an organization that has a lot of data sprawl and you want to start cleaning it up, we can take a look at it from your command centers across the entire environment.
If you're thinking about what's the best way to approach data protection across my critical data assets, we give you the ability to look at your data very differently, not just by saying, apply a backup job and restore it. When you think about the policy framework, a governance framework, we do it at the workspace level, the individual level, and we also do it across areas that are of high risk, and then, of course, there is the ability for the shared accountability model that I talked about before, so we are bringing to market these areas of value with really plays that are designed, organizations need to understand how do I think about my AI deployment, so we have a play called AI Confidence. This is how our reps will go in. They'll have a couple of capabilities that they highlight.
That helps us start telling the story, get customers into the platform. We talk about compliance and regulatory changes that are happening in the environment. We have the policy mechanism. We're able to actually identify different policies based on industry. Or if you're simply saying, look, I want to reduce my costs and I want to be more efficient, we could also help you by looking across all of the different data silos that you may have and find a better way to interoperate the data or to even start to archive and purge the data. And then lastly, with the risk and resilience, we're really helping the organization identify their risk posture. What I want to do next is I asked John Peluso, our CTO, to cover three key areas that I want to talk about.
But before I show you his demo, let me set the stage. So there are organizations that are designing products and solutions for a reactive security approach. There are others that are saying we're proactive. Our focus here at AvePoint has been all around strategic security. And strategic is really taking a holistic view at what it means to be a true data protection company. But I want to first set the stage with enterprise backup I mentioned before. And I need your help in really clarifying, I think, the confusion that I feel still exists, which is that why are we competing with enterprise backup players? We actually are not competing with enterprise backup players. This is a very generic how an enterprise backup player approaches the market. They look at disaster recovery. They look at a backup recovery across SAN/ NAS, physical servers, even virtual machines.
They'll even make copies of data and put it inside of the hyperscalers. It is true that we have an engine that can do this. But that's not really why customers come to us. They come to us because they say, look, we want you guys to give us a more comprehensive approach to protecting the data. So traditional players, enterprise players, only look at it from a continuity of information. We zoom out and we say it's not just about the continuity of information. It's about looking at the security of information. It's also about the lifecycle of information. That human-generated content data that TJ talked about, that's data that constantly changes. Think about your chats. Think about your meetings. Right now, every meeting is being recorded, right? Transcription services are great. Think about all your files. It's 80% of that data, unstructured data, right? Human-generated data.
That's always changing. And there's a lifecycle to that data. And if you don't understand the lifecycle, how could you apply a continuity technology? Well, you're missing something. And we believe that it's better to bring the three together. And so when you bring the three together, what you'll get are three different points of view. So to really, really illustrate this, I'm going to have John walk us through three different examples. He's first going to talk to us about security, how we look at security. And then he's going to talk about lifecycle and then finish off with the risk side. So let's hear John.
Let's take a quick walkthrough and see the advantages in the Confidence Platform that we can bring when we're looking to do security and access governance. I'm going to go to Risk and Remediation into Insights, and one of the things that Insights is going to put for me right here, front and center, is an overall view of my landscape from a sharing and risk perspective. What Insights is trying to highlight for me is where do I have files that have the highest level of risk, and how can I prioritize looking into those situations and bringing those files into a better security posture? Risk and the way that we allow you to tailor a risk profile to your organization largely involves three different things. Number one, is the file or content sensitive in nature? Number two, how broadly exposed is that piece of content?
And number three, does it have any current protections applied to it? In this case, my highest areas of risk are these three files. They are high from an exposure and sensitivity standpoint. Right from that point, I'm able to click in and bring them under management. I can individually or in bulk change the permissions. I can apply sensitivity labels, which would bring these files now under protection and also secure them for Copilot interactions. I can even further investigate what's going on. So we're bringing together not just visibility that I have risk, but the ability to actually investigate and do something about it.
Yeah, and the reason why that visibility is so important is because oftentimes this is true. This happens all the time. An IT point of view would be just apply a protection policy to all one-stop shop. And over time, it's no longer adequate to do that because information is changing so often. And there are so many different data silos. So that's why for us, the security is always about what's the file telling me with the characteristics of the file? How often is this file or this piece of data or information being used? And who is actually accessing the data? And where are they accessing the data from? And that's what John was showing here. In this next demo, he's going to walk us through how do we think about it as it's going through that lifecycle.
Let's take a look at information lifecycle and explore how proper information lifecycle can give us better data quality as well as compliance with all of our responsibilities and regulations. I'm going to come into Information Management and into Opus. On my home page of Opus, I'm seeing the overall landscape of my information management efforts. I can see formal information management practices like records management, even physical records management, as well as all of the associated compliance workflows for content that needs to be disposed of, et cetera. But I can drill even further down and get into data quality. When I go in and I take a look at my current status of my environment for redundant, outdated, and trivial data, you can see that I've got a lot of information here about files I probably don't need anymore.
Maybe they're early versions of files that are taking up lots of space, or maybe they are files that are redundant across the organization, as everybody downloaded 70 copies of that one PowerPoint file, for example. Also, old obsolete data, which could really create a problem with Copilot and AI grounding on data that is no longer accurate, and lots of trivial data, and as we discussed before, every bit of data I have more than I need creates burdens in my data continuity plans, in my data security plans, and of course, in my information lifecycle plans. I can even see down to the individual file types that I have. If I want to take action, all I have to do is come over to my Optimization Profile, and now I can proceed with archiving or destroying information based on a profile that I can set up.
If we want, we can have business users be responsible for assessing this content before it's destroyed.
Yeah, so the last point he makes, the idea is also a lot of organizations were saying to us, you know, we're stuck. We really don't know. We've got to talk to the business owner. And that's going to be a process. And organizations, believe it or not, would set up a big project. And this process would take about five months to roll out. And it was just too cumbersome. So the idea that you could actually truly, in real time, understand what information could be purged was never a thought. We are changing that. We actually do empower the business owner. And that's that shared accountability model, which is also unique. And we do that through an application. Some of you may have heard of us talk about MyHub.
MyHub gives you an experience where the end user gets notified and says, "you know, hey, Tom, listen, you have a couple of files that no one's really been using. Or you, in fact, haven't been even opening these files. Do you really need these anymore?" A lot of times, people make copies of files all the time. Actually, you know what? You're right. That's the old copy. I don't need that copy anymore. Despite the fact that we can do co-authoring, there are a lot of organizations that it's too cumbersome to co-author. Or there's still some users that don't get comfortable with co-authoring. So the replication and duplication of files is a real thing. And yes, at a big scale, there's deduplication technologies, et cetera. But that doesn't solve the problem at the end user.
So what we're doing here with the application, as John mentioned, is we're really allowing you to see and tweak the environment so that it's optimal. That's why we often talk about in our tagline, collaborate with confidence, right? You, as the end user, should just collaborate. Don't worry about what you're doing. Let the software behind the scenes go clean up the mess. And then the last demo is going to be a little bit more about that.
MyHub is where data owners and non-admin personnel will be part of the shared accountability model we have in the Confidence Platform. For example, as a user, I have the business responsibility for a number of collaboration spaces, and I notice that this one has a large number of sensitive, high-risk items. MyHub will allow me to drill directly into this particular workspace to view all of the details that the Confidence Platform knows about the files and risk in these workspaces. I can see that I've got high-risk items, and just as I could as an administrator, I can review these documents, dig into them more deeply, and bring them under permission or protection through the use of sensitivity labels, which, again, will help secure information even from scenarios where Copilot could be used to reference or create new documents based off this one.
Similarly, as a business owner, I also can be involved in decisions around data lifecycle. Here in my OneDrive, I've got a number of documents that are slated for archive or deletion by the Confidence Platform. I can get more information about this document. And if I want to, I can select one or more of these documents and signify that I need these documents for a longer period of time, which will make them not show up in subsequent requests for review until the date I specify. If I'm OK with these files being deleted, I can simply approve. And now I have a shared accountability model where my policies are set by administrators and operations teams. And the business users responsible for the data are part of the overall data lifecycle, security, and continuity strategy.
What's nice about that last use case is by making the exception, the data owner making the exception, that those files that he said, look, I don't want these files to be archived, they get picked up by the other policies that are in place, which is, again, all done by the software, so once again, what you're really looking is it's really a comprehensive view, and I hope I sort of, in this less than 10 minutes, dispel the myth. Yes, there is the traditional enterprise backup player. Yes, there are companies that will say, I'm looking for that capability, but the reality is that the higher value work is how is the business interacting with that data. I'll never forget, a long time ago, I was at a CIO summit sitting next to the head of all of storage for JPMorgan Chase.
And I was trying to sell him the idea that we could do backup at scale. We had just released a new capability for increasing recovery point objective, recovery time objective. And he said to me, listen, it's not interesting for me to just hire another provider that does backup at speeds that are pretty high. That's OK. What's more interesting to me is if you can tell me what's happening with that data, if you can tell me how that data could be leveraged by the organization to improve decision-making, if you can tell me if that data is actually introducing more risk to my environment. And that set off this entire discussion at AvePoint that we needed to really differentiate ourselves. It's the reason why companies still come to us and say, yes, I've invested in this legacy player, or I've invested in this technology for enterprise backup.
But I actually prefer your approach because you're giving me that holistic management capability. You're thinking about the data protection strategy in a more comprehensive way. You're giving me a governance framework, not only about the workspace, the end user, but the data. And truly, this is one of the reasons why we've been able to go to market and see the demand. And the reason why I think organizations over the last 36 months have realized that the quality of data matters is because finally, there are systems like this that are smart enough to see that data. And so we're kind of shining a flashlight on the data that was dark. And we're saying, look, this information could be of value to you. But it could also be of risk.
If we can help you in a scalable way, in a smart way, be able to maintain the continuity of your business because you are resilient to change, because you also have the risk capability management in place, that's one of the reasons why we win against our competitors. This slide just really captures the principle. Identify and protect is super important. The optimization is super critical. Keep good hygiene on your data. I wish I could do that. You know how many files I have that are just tons of photographs, right? We're all taking photographs. I don't know how many photographs are duplicates, right? Defensible and destroy. That's also important for your legal, your compliance teams. And then drive insights. What's the data telling me? I didn't get a time here today to dive into the insights analytics and the adoption and behavior of your applications.
But we do that as well. That's also very important for organizations so that they can actually invest the time in the right training sessions for knowledge workers. And then lastly, the responsible collaboration piece is you should be able to just work, focus on the output of your work, and not worry, did I send a file that was highly sensitive to the wrong person? Or am I using this prompt? And am I actually going to see data that I shouldn't see, which are real concerns for organizations? OK, so that was the Confidence Platform. And then I do want to spend just a few more minutes before I wrap up and we break on the Elements Platform. So now, a little bit of a switch. Everything you saw, let's package it up. And let's hand it off to our MSPs.
So the first thing is for an MSP, so now you're an MSP. And you're like, I'm running IT operations. And I would love to be able to offer my customers a better experience, basically charge them more per month. Enhanced risk and safeguard business continuity. Super important if you're an IT service provider of a fund, a legal firm. They manage sensitive data. Optimize workspace management. Let me optimize the environment with a couple of clicks. MSPs also don't have a lot of teams, personnel, on staff for their customers. So they really want to see something that, within a few clicks, I could actually execute change. And then streamline baseline configuration, which is when they first take on a new account, they need to set up the environment. Well, it takes a lot of hours to actually go tweak all the configurations of the environment.
With our application, we have these baseline configurations that allow them to do it with one single click. So in this demonstration, what I want to show you real quick is the dashboard of Elements. And so in this dashboard, the first thing is remember, I can see multiple environments. And in this case, I'm going to go look at risk. And I'm going to look at a bunch of rules that I've already configured for all of my tenants. In my case, maybe I have four or five different customers I manage. These are all of the different policies that I manage for them. When I come back out and I see that I have Big Data Risk, Financial Planner, these are two different tenants, I can go into Big Data LLC. And I could start to analyze their environment more specifically. Are they at high risk?
What kind of sensitivity labels are they using if they're using sensitivity labels? Or how are they classifying their information? I could specifically come down and say, where should I make remediation on this environment? By the way, this is all done without disrupting the customer environment. This is done by the MSP IT persona right from the dashboard. In some cases, we could also send notification to the business owner or to the customer if we want them to actually make the change on the policy. The other thing we can do here is come back out and do security posture management, right? DSPM, which is how do you actually ensure that the posture of their security is in place? What we did is we actually removed some external users, and then what typically the MSP will do is produce a report.
And the report is important because it's evidence that I'm actually monitoring, watching your environment. But it's a very comprehensive report on the overall risk of all of the IT applications. We break it down into exactly which users are at risk, what we just did this past week to clean up the environment, how are we making sure we're preventing any hacks or attacks on the data set. And then ultimately, we're able to show you an audit log of all of the activities we did. And this is great for the MSP because, again, this is part of their billing cycle and allows them to come back and upcharge for more work. The next thing we do real quick is the environment should be optimized. And so we take a look at the ability for us to do workspace management.
So once again, I'm working on Big Data LLC in the platform. By the way, this is all security trim. So I'm only working on Big Data as my customer. And I'm able to come out here again. And my point of view now is how is the workspace behaving? In this case, they have about 55 workspaces, 100 are active. And I can actually go in and start seeing per workspace where perhaps there's issues. I can look at it by the different applications if they're specific to SharePoint, OneDrive. And this is very healthy because the MSP is able to look at every application individually. The MSP is also able to come back out and identify from a data security posture management perspective where exactly I should be making quick changes to prevent any data leaks or hacks in the environment.
And frankly, this is where an MSP could be saying, I'm going to offer you a cybersecurity service every month. And I have the tools and the mechanisms to watch the environment, monitor it 24/7, and be able to come back. I could also in real time manage your data protection strategy by watching how frequently your data is being used and utilized. And in some cases, if that end customer is also working with other partners in their supply chain, it's very important to have this insight. And this is a critical way for MSPs to be able to, once again, maintain that monthly service. And then the last one that I'll show you is the baseline. So the baseline is I have to set up the environment. And so setting up the environment could take many hours.
Oftentimes, MSPs will have to do more work because they realize I can't charge a lot at the beginning. I actually want to win this account. What we've designed is a baseline configuration that's designed around the experience we have and how these environments behave. In this case, there are templates. They're designed based on the application. It makes it super easy for the MSP to say, this customer of mine is using Intune for their authentication. Or they're using Microsoft 365 or Microsoft ID. Let me really quickly turn on all these configurations, enable them for the tenant. Within a few clicks, applies. These are the customers. I'm going to apply it to this customer, this customer, sets it all up.
The beauty is the MSP goes back and says to the customer, it will take me only a couple of hours to set you up. By 3:00 P.M., I'll be up and monitoring your environment. This is really possible because remember, this is a platform that's connecting to the customer tenant. It is also doing the security trimming so that the MSP is able to isolate each tenant individually so there's no data contamination. This is why the Elements Platform is really exciting to us because it really allows the MSP to say, you know I'm going to use AvePoint as my central pane of glass or central management console. I'm going to start delivering a cybersecurity service to all of my end customers. Very powerful.
There's other things we're doing as well as monitoring changes in the environment, which is also critical for how the MSP will bill their clients. But again, hopefully, this is showing you some of the direction we're taking, and what I wanted to do is there's actually a great quote that I'll show you in a second from one of our channel partners, but before I do that, let me zoom out. The goal here is you've probably seen us talk about data security, protection, and governance. We basically grabbed the Elements Platform and said, we do not want to lose sight of the fact that we want to offer the MSPs this capability, but we really want to simplify it for their needs.
The bottom boxes really are the way we're packaging the quality of the product and so that this starts the conversation and vocabulary to get the MSP ready. Oh, yes, I can now do workspace management. That's awesome. I could actually manage changes and track changes through your application. Or I could go out to market with a strong cybersecurity protection program. This is pretty amazing. And so I'm going to play a video from, again, Regina, who is a great partner. And she'll, in her own words, tell you a little bit of what the impact this has on her business.
When we look at how we've been partnering with you and we did an analysis, we actually generate $5 of services revenue for our organization for every $1 of AvePoint technology that's leveraged across the customer space.
Yeah, so $5 for every $1. And the reason that's powerful is because I wanted to show you and close out with an example. So this is what a typical line card looks like for a managed service provider. So here is the setup. So I have my own IT shop, right? And I have expertise in these technologies. Now I need to come up with my service offering so I can go out and sell to my end customers. I may say, look, I'm going to have an onboard service. It's really basic. And we're just going to do eight hours of consulting to come in, assess the environment, see what's going on. And maybe I'll start using some of AvePoint's insights tools. Now remember, I'm paying AvePoint probably $1 or $2. But I'm actually doing an upcharge on the eight hours of consulting. But that's not really interesting.
What's really interesting is once I now onboard you as a customer, and I now sign you up for a recurring monthly subscription service because you've chosen the Mario company to actually give you the cybersecurity protection so that you can go on with your business. And so I show up and I say, I'm going to give you Secure, which is my advanced offering. I will be charging you $25 per month per user. But that's because I'm also charging you for the service that I'm providing. Underneath the covers, I'm actually using the workspace management technology from the Elements Platform. And that's allowing me to bring a differentiated offering to you as my end customer. Now I take that same advanced offering. And I show up to my next client. And I offer the same thing.
And so the idea is that MSPs are going to market this way. That's why that stat I mentioned before about Canalys, the incredible opportunity with managed service providers. They could also design a more comprehensive mid-market organization, a little bit more sophisticated. They probably need more control. Or maybe they're an organization that wants to roll out Copilot. And so in that one, I include both workspace governance as well as change management. And I deliver that service for $35. So the reason why I wanted to share what Regina said is because with Crayon, we're doing some incredible work.
They're not only going to market with a comprehensive catalog of services, but they're super excited about the fact that now they have the technology in place that will empower them to not only scale their reach to customers but also be able to deliver all of the capabilities that, quite frankly, we have been scaling and shipping with multinational organizations in a very simplified way for their SMB and mid-market customers. So this is why we're excited about this. And again, the reason why this is also unique is because our Elements Platform interoperates with our Confidence Platform. And if our Confidence Platform is going out and also touching all of the different data repositories, all of that benefit is received through the Elements Platform.
And then, of course, the Elements Platform has an opportunity to also offer more capabilities for end user management with the recent acquisition we did of Ydentic, which is where we're going to slot more capabilities into the Elements Platform. And so again, we're super excited about this solution as well. And I think I don't know if I'm over time. I stopped watching the clock. But I do want to thank you all. I know I covered a lot. We talked about how we go to market, how we think about our customer segmentation, the challenges that customers face. I showed you a couple of demos. Jamie and I have been speaking about following up with a more comprehensive demo session for you where we spend more time. There's a lot more I can show you about the platform. As you can see, it's quite sophisticated.
There are a number of areas. But we do believe that the addressable market that we identified is really reachable through the technology and the vision we have for the platform. And hopefully, this also added some answers to many questions that you've had on the side of the enterprise backup and data protection strategy. So I think there's a break, right? A 10-minute break. And then we'll have Jim Caci come up and close us out. Thank you all.
And the chart on the left demonstrates the operating leverage we have delivered. Over the last eight quarters, we added about $100 million in incremental revenues while only adding about $30 million in incremental operating expenses as we closely managed spend and improved efficiencies across the business.
As part of that commitment to profitable growth, we laid out two financial targets for 2025: first, achieving GAAP operating profitability, and second, achieving the Rule of 40. Let's start with GAAP profitability, which we actually achieved for the full year of 2024, so we are very pleased to have delivered on this commitment a year ahead of schedule, and the second is the Rule of 40, which for AvePoint is the sum of ARR growth and non-GAAP operating margin. At our first Investor Day, we had just delivered a 27 for 2022. We then delivered a 31 in 2023 and a 38 for 2024, composed of 24% ARR growth and a 14% operating margin, with both components improving versus 2023, so we are pleased with the steady progress we have made toward this goal, and we expect to achieve this important software threshold this year.
That's an update on the commitments we made two years ago. What you now see up here are some of our full year 2024 financial highlights. We are proud of the team's focus and execution, and I'll just quickly make a few callouts. We ended the year with ARR of $325 million, representing 24% growth year- over- year, or 25% when adjusted for FX, both of which represented an acceleration over 2023. SaaS revenue growth accelerated to 43% year- over- year, or 44% on a constant currency basis. Our free cash flow margin was 26%, more than doubling the 12% margin we delivered in 2023, which at the time was also a record. Total revenues for the year were $330 million and total revenue growth of 22%, accelerated meaningfully from the 17% revenue growth in 2023.
We ended the year with more than 25,000 total end customers, including 666 customers with more than $100,000 in ARR. Our Non-GAAP operating margin was 14.4%, representing year- over- year expansion of more than 600 basis points. And lastly, as I just discussed, on a Rule of 40 basis, we delivered a 38 for 2024. So when you combine these highlights with what you have heard today from TJ and Mario, it adds up to what we think is a very attractive and compelling financial profile. And I would summarize it with these three points. First, growth potential. As you heard today, we are just scratching the surface of the addressable market we see, which is enormous, growing, and largely unpenetrated. And we have a number of levers to capture that market opportunity as we move closer to that $1 billion ARR target. Second is our customer base.
Our customers span every region, industry, and size. This validates that the data management challenges we solve apply to everyone, as well as how much greenfield opportunity there is for us. At the same time, our existing customer base is a significant growth opportunity given the underpenetration we see. We are doing more there to streamline the selling and expansion process. Lastly, but certainly not least, is our strong financial performance. Our steady track record of execution, especially over the last eight quarters, has been highlighted by durable revenue growth, improving profitability, and meaningful cash flow generation. Many of you have seen this slide before and probably have heard me say that it is my favorite slide. This is a breakdown of our ARR in multiple ways. The balance you see in each pie chart is the strength of AvePoint and makes us unique within enterprise software.
When we say that we have characteristics of a much larger company, this is an important part of that. Starting on the left side of the page, you can look at our performance by industry, where more than half of our ARR comes from highly regulated industries like financial services and public sector. This is important because these customers truly need the incremental value we offer above and beyond the native capabilities of the hyperscalers, as well as other point solutions. You'll also see in the chart that we are not reliant on the performance of any one vertical. Then moving to the right side with the smaller charts, at the top is by geography, where 44% of our ARR comes from North America, 35% from EMEA, and 21% from APAC.
Most software companies of our size do not offer such a balance in the footprint of their global business, nor do they see each region growing equally the way that we do. You heard Mario talk about our direct and indirect routes to market, which is the split you see in the next chart. Today, 55% of our total ARR has come through the channel. And in recent quarters, the channel percentage of the incremental ARR has been as high as 72%. This dynamic will push that 55% higher. And longer term, as TJ mentioned, our goal is that 75% of our total ARR comes through the channel. And the direct selling is primarily done at the enterprise level. Next is the incremental ARR coming from new logos versus existing customers.
This has been pretty balanced in recent years, but is now starting to shift more to existing, which is a good thing for us in that we are seeing our base of customers consume more of the platform. This also is reflected in the increase we've seen in our net retention rates. Next, you see the breakdown by product, really by product suite. The Resilience Suite remains our largest contributor today, but we expect that contribution from the other two suites, especially Control , which was the fastest growing in 2024, to continue to increase. And lastly, by customer segment, where you see we have healthy contributions from all three. And our largest customer today represents just over 2% of total ARR. One last reason why this slide is my favorite slide. I really think it visually represents what TJ said about how at AvePoint we do the hard things first.
The balance you see here wouldn't have been possible without the tremendous collective efforts of our teams over the last 20 + years. We have stressed that ARR is the key metric investors should focus on, but I want to quickly walk through the composition of our revenues and provide a few points to keep in mind. Our largest and fastest growing revenue stream is SaaS, which is the purple portion in each period, and you can see how it's grown over the last few years as a percentage of total revenues. SaaS revenues grew at a 45% compound annual growth rate from 2020 to 2024, and today, about 70% of our revenues are SaaS, which is more than double our SaaS mix in 2020.
Term license and support revenues are the blue bar, which has been on an expected decline for the last two years as more customers opt for SaaS. We expect that dynamic to continue. Services revenue in gray relates to non-recurring project-based work that today for AvePoint is primarily in the APAC region. Services was 13% of our 2024 revenues, and our long-term goal is that services will represent less than 10% of total revenues. Last are our maintenance revenues, which are tied to the legacy perpetual products that we no longer license today. Because of that, we don't expect to see future incremental maintenance revenues and expect the decline in maintenance to continue. So a growing SaaS mix has led to a stronger financial profile for AvePoint, represented by the growth in our recurring revenue mix, which you see along the bottom of the page.
87% of our 2024 revenues were recurring, and this will move closer to 90%+ as services continues to decline toward our target of less than 10%. I want to turn to some operational metrics on the next few slides, starting here with our largest customer cohorts. Every quarter, we provide the number of customers with $100,000 or more in ARR, which you see here on the top left. We ended 2020 with 256 such customers, and at the end of 2024, we had 666. We are pleased with this growth, but what is even more exciting are the improvements in the larger customer cohorts. At the end of 2024, we had 225 customers with more than $250,000 of ARR. We had 81 customers with more than $500,000 of ARR. And lastly, we have 26 customers with more than $1 million in ARR.
And this compares to just six back in 2020. Another set of customer metrics we monitor closely are our gross and net retention rates. Let's start on the left with gross retention rate. As I mentioned, we delivered an 89% GRR in 2024, which was our highest result yet and is approaching our target of 90%+ . The recent improvements to GRR that you see are the result of enhancements to our customer success function. Specifically, we've emphasized greater attention to our long-tail ARR. Those are our customers without a dedicated customer success rep. In early 2024, we began utilizing pooled CS resources to efficiently service this cohort of customers and started seeing results in the third quarter when GRR improved a percentage point to 88%, and again in Q4 to 89%. I'll talk more about GRR in a moment on the next slide.
On the right side, you see our net retention rates, where we ended the year at 111%, another all-time high. The improvements in NRR have been driven by our success in selling more of the platform to existing customers, as well as to the improvements in GRR. Lastly, I want to call out that we are now updating our net retention rate target from the prior range of 110%-115% to simply 115%. I want to dig into GRR a bit more and call out a few dynamics which are important to keep in mind. The first is that we price our offerings by headcount. So when we calculate GRR, we factor in not only customer churn, but downsell as well.
So for example, if a customer with 1,000 employees renews their contract but had reduced its workforce by 10%, the renewal would only be for 900 employees, creating a downsell and negatively impacting GRR. The second is that included in these retention rates is our migration business, which is much more project-focused than our other products and therefore has a meaningfully lower renewal rate. Including them in our ARR does put pressure on our GRR. And I would point out that if we had excluded them, we would already be at the 90%+ target I mentioned a moment ago. This is what you see in the bar chart on the left. Our GRR for 2024 was 89%. This is for all products, all customers.
But if you exclude migration, which was a two-point headwind last year, that 89% becomes 91%, with the remaining 9 percentage points attributable not just to churn, but to downsell as well. And the reason we include migration when calculating ARR is that first and foremost, it is a subscription offering. But more importantly, despite its lower renewal rates, it's a mission-critical product, and we increasingly see migration customers purchasing additional products as we demonstrate the value of our offerings. Lastly is the table on the right, which provides more color on GRR at the segment level. As you might expect, the larger the customer, the higher the gross retention rate.
So we are pleased that our overall GRR is moving closer to our target, but also think it's helpful to call out this incremental detail, namely that we are already at or above our target with our largest customers, and our product stickiness supports strong logo retention. So far, we've covered a breakdown of our ARR and revenues and discussed some of the customer metrics we closely monitor. Now I want to come back to financials and turn to the expense side, focusing on our margin expansion and our strong track record of driving non-GAAP operating profitability. If we start with gross margins on the left, you can see the improvements relative to our revenue growth, which were primarily driven by two items: the growth of our SaaS mix and the reduction of our services mix, and a reduction in our SaaS costs.
Moving to the middle, you see our three OpEx lines as a percentage of revenues over the last few years. Sales and marketing, the purple bar, is our biggest expense line and also where we have shown the most improvement. Sales and marketing was more than 44% of revenues in 2021 and came down 1,000 basis points to 34% in 2024. At the same time, we expect to deliver continued leverage here, driven by ongoing sales efficiency and the maturing of our channel strategy. The dark blue bar is R&D. This is truly the lifeblood of the company and where we have increased spend over the past few years. Today, our R&D development teams represent a little more than half of our total employee base, yet only about 25% of our people-related costs.
This cost efficiency has proven to be a meaningful competitive advantage for AvePoint over the years, leading to accelerated product and platform development. More importantly, this cost efficiency will allow us to maintain that competitive advantage going forward. At the top in light blue is G&A, which has continued to improve as we realize the ongoing benefits of growth and scale. We invested quite a bit here in 2021 and 2022 as a new public company, but those expense levels did not need to increase as much thereafter and now are around 15% of revenues. The output of all of this is the chart on the right, our profitability.
We ended 2024 with a 14.4% non-GAAP operating margin, which represented about 600 basis points of expansion versus 2023, and a meaningful increase from our negative 1.2% margin in 2022, our first full year as a public company. Overall, our focus on profitable growth has allowed us to realize more of the embedded leverage in our business over the last two years, but we still see opportunities for incremental efficiency across the company in the years ahead. I also want to quickly touch on the Rule of 40 by illustrating AvePoint's performance, not just on our components of ARR growth and our components, which are ARR growth and non-GAAP operating margins, which you see on the left, but through other valuation components as well.
Some companies utilize revenue growth and free cash flow margins as their Rule of 40 components, and this is what you see in the middle of the chart. The same steady improvements can be seen for AvePoint, but it's also important to note that using these components, we delivered a 48 in 2024. Another metric of note is the Rule of X, which assigns a greater weight to growth versus profitability, especially for public software companies. This is what you see on the right side, and it's a similar story as we've showed significant improvement in 2024 relative to prior years. In general, the best public companies are at 75% or above for the Rule of X, which we approached in 2024. I'll close the review of our financial performance by touching on cash flows, as our commitment to profitable growth has translated into strong cash flow generation.
That's exactly what you see here. Free cash flow in 2022 was actually negative compared to the $86 million we generated in 2024. The 26% free cash flow margin last year more than doubled from 2023, which at the time was a record for AvePoint. Overall, we expect the ongoing margin expansion we plan to deliver will continue to translate into meaningful cash flow generation both in 2025 and in the years ahead. Now I'd like to turn to how we're thinking about capital allocation priorities. First, we will continue investing for profitable growth. As I hope today has made clear, AvePoint is a company built on innovation, and we have grown in large part over the last 20 plus years by continuously building out the platform. We know that these investments will be critical in ensuring the continued strong growth and improving profitability of the company.
Second, will be strategic investments and acquisitions. We have made six acquisitions since the beginning of 2022, and we continue to actively evaluate opportunities. I'll come back to this on the next slide. Last, our share repurchases. Here we are taking a more measured approach with a focus on managing our cash, prioritizing strategic investments in the business. While the large majority of our current offerings were built organically, we expect that acquisitions and investments will be an important growth driver for our business. The six acquisitions we've made span Asia, North America, and Europe, which demonstrates our capabilities in identifying, acquiring, and integrating suitable targets. The tyGraph acquisition in late 2022 is a great example of this. We acquired tyGraph to offer companies the ability to uncover workplace insights and measure employee engagement, which was especially critical during COVID.
These are still important goals of organizations today, but we also invested in the product to allow powerful analytics for Office 365, including Microsoft Copilot, which has only made it more valuable to organizations today. As a result, we have seen tyGraph ARR more than double in just two years, and we expect this to continue to perform well as we begin to see wider scale deployments of Copilot across enterprises. tyGraph and other deals you see have been tuck-in acquisitions, but we are open to larger opportunities if their pursuit can lead to more value for our customers and partners and can help us supercharge our growth. Before I turn to our long-term targets, I just want to spend a minute on our 2025 guidance and clarify a few points which many of you have asked about since Thursday.
The first is our top-line guidance and the wider than historical delta between ARR growth and revenue growth. As I said, we have always stressed that ARR is what investors should focus on, and I want to reiterate that we are very pleased to be guiding the year for 25% growth when adjusted for FX. With regard to revenue expectations, we are assuming that the decline of our term license revenues will not only continue, but accelerate, driven by more of our new bookings coming in as SaaS. As we have discussed many times, the actual mix of SaaS versus term can meaningfully impact our revenues, and we feel it was responsible to factor this uncertainty into our initial revenue guidance.
And lastly, our guidance reflects that services revenues will be flat to slightly down in 2025, as most of the business today is concentrated in APAC and has shifted to partners in both North America and EMEA. And then on our expense guidance, which shows incremental higher investment levels this year, this is indeed the case, but I hope that with the context of the $1 billion ARR target, these higher investment levels make more sense as they are critical to positioning AvePoint to deliver over the next few years as we progress toward 2029. I want to stress that we are committed to profitable growth, and we will certainly seek to find efficiencies across the business this year.
But after delivering nearly 1,600 basis points of margin expansion in the past two years and the stronger demand environment we see today, we believe a more muted expansion level in 2025 is appropriate, given the benefits we expect to realize from these higher investments. And more importantly, we expect the progression toward the 2029 margin target to resume in 2026 and proceed in a more steady cadence thereafter. Now I want to turn to our updated long-term targets. Moving from left to right, you can see our performance against these targets 2021 - 2024. These are followed by the targets we provided at our first Investor Day, and finally, our updated targets where applicable. The increase in our target non-GAAP operating margin is primarily driven by the improved expectations for longer-term gross margins as we finish 2024 already above our prior long-term target.
These expectations are driven by the trends I discussed earlier and which we expect to continue, namely a reduction of the low-margin services mix of revenues as well as lower SaaS costs. As the new long-term gross margin target has increased from 75%-80%, the midpoint of our operating margin target range has also increased from 22.5%-27.5%. I alluded to this on the prior slide, but I also want to tie this target to the $1 billion ARR target we have issued for 2029, as we are thinking about them as intrinsically linked. Namely, this is our target operating model when we reach $1 billion in ARR. I know at this point you've been here for nearly three hours, so we definitely appreciate that. So I'll wrap up by summarizing what you've heard today. First, growth potential.
We are here because we are solving one of the biggest challenges facing companies everywhere, and everything we see and everything you heard today confirms that the market is responding to how we do this. Second, our customer base. Our customers are everywhere in every industry and are of all sizes. This proves that the data management challenges we solve apply to everyone. But equally important is that the balance in our business is both a strength of AvePoint and serves as a layer of protection in times of macro uncertainty. We did the hard things first to get us to this point. And then, of course, our financial performance and the steadiness of our execution. We have the team and the global reach to continue delivering the durable revenue growth, improving profitability, and meaningful cash flow generation that you've become accustomed to seeing from us.
I speak for the entire AvePoint team when I say that we are excited for the road ahead. With that, thank you very much for your attention, and we can bring back up TJ and Mario, and we're happy to take your questions. I'm just going to grab a quick drink of water.
I think we have time for Q&A until about 12:00 P.M., so just start right here.
Okay. Okay. Thank you. Just the $1 billion ARR target that you guys outlined and the margin target associated with it, first of all, was the $1 billion organic revenue target? And I guess the second question is, you're talking a little bit more about those bigger strategic acquisitions, but what kind of change in terms of your framework or what you're looking at so that that became a little bit higher up in the capital allocation priority?
So maybe, yeah, maybe I'll start the first piece. You guys can chime in. So I mean, I think we've made it clear that when we think about growth, we historically have grown primarily from organically, from just our organic growth. But we clearly want to include growth through acquisitions as well. And so it is one of our key capital allocation priorities to look at opportunities where we can supplement our organic growth with acquisitions. So I would say that as we think about that billion-dollar target, we would expect that the bulk of that is going to be organic, but we will be supplementing that where appropriate in terms of thinking about our customers and potential new customers of how we can support them. We will, when appropriate, supplement that with acquisitions.
Thank you, Fatima Boolani from Citi. I really appreciate you doing this.
My first question is, I wanted to double back to Mario's segment of the presentation where I think you talked about the aspiration to double, if not almost triple, the mix of business that's derived outside of the Microsoft ecosystem. Certainly, the Google foray helps with that. But I wanted to understand and get some granularity on what would unlock that because that is a pretty big jump to diversify away from Microsoft. And then if you have any comments on how your support for the AWS ecosystem is evolving and sort of where you are at on that journey. And then I have a follow-up for Jim, if possible, please.
Sure. It's a great question. They don't turn on here. Thank you for the question, Fatima. So one way we think about it is, so the goal was to design the platform to look across different data sources.
Naturally, as you all know and have been learning our story, the Microsoft ecosystem, with its richness of enterprise capability, was a really important place for us to start, and slowly, what we've done is we've designed the platform to take on more and more data sources, so as we take on more and more data sources, and we also see the environment is also somewhat changing, organizations are saying it's not just public cloud, but also private cloud, where they may have data repositories that are powering a business app. How do we apply some of your security controls to that data set, so when we think about multi-cloud, our view of the entire landscape, frankly, is there are your content service providers, Google Workspace, Microsoft 365. It could be, for example, even an organization like monday.com, right?
But the reality is that we are also able to stretch across the other data repositories that organizations are putting that underpin their business applications. And this is specifically important in industry solutions where there are proprietary data sets that are not necessarily going through the collaboration productivity set of services. So when we think about the total addressable market, we are saying there is an opportunity for us to extend outside and bring these capabilities. The move into the Google space was because a while ago, we actually started working with clients that would say to us, "We love the framework of governance you have. I wish it would just be able to work on my Google Workspace environment." And we said, "Well, that's an interesting thought.
Let's look at that," and we're able to now translate all of those capabilities and insights, some of the products that we demonstrated in the quick demos, over, and that's why we felt we were ready to actually move. The other thing we're doing in Google is we're actually running the platform on GCP. So our platform runs on Azure, on GCP, and it also actually runs on AWS. I've been in conversations with AWS about the opportunity to surface more of our solutions in the marketplace, and so the goal for us is the hyperscalers are a strategic place for us to look at cloud computing, but the data source is what we're chasing, right? And that data source really is both in public and private cloud.
I appreciate that. Jim, really helpful GRR disclosures.
I think you take probably more of a conservative stance in the way you're calculating it, so very much appreciate that level of granularity. But the two-parter here for you is anything you can share with respect to the gross retention rates and the net retention rates that you're seeing from the channel community, largely because that seems, if I'm overly simplistic, kind of the wholesale model, and then you've got the enterprise touch. So any commentary on GRR, NRR for kind of the MSP channel, because again, that will also be a big part of your business in the next four or five years. And then just any way to lift that SMB GRR, all the other metrics look great, but that one maybe needs to pull its socks up, and maybe structurally it's going to be stuck there.
So just any comments there on if you're doing anything to help that up? Thank you.
Yeah, great question. Maybe a couple in there. So if I miss one, let me know. But yeah, I think overall, so particularly most of our SMB is coming through the channel, whether it's through distributors or through MSPs. So we definitely see a slightly higher churn rate on the piece through distributors. But overall, it's not too different channel versus direct. And particularly on the MSP side, where the MSP is actually our customer. So a lot of the information Mario provided, where really the MSP is able to utilize our technology as a revenue stream on their side, we're seeing a lot of success there. And that's leading to not only high GRR for the MSP, but also expanded NRR, where they're consuming more and more of our platform.
So that has worked out well. When we think about what else are we doing, I touched a little bit on the long tail in terms of that group that we don't have dedicated CS. We have also actually reinforced our dedicated CS teams. So I would say we're trying to tackle this challenge in both ways because we do realize that even at 89%, we've made good progress. We would like to continue to have that inch up. And the only way to do that really is to continue to ensure that customers are getting full value out of the platform and their perceived ROI is meeting their goals, not our goals, their goals. And so that additional value of the CS representatives, I think, is important.
And then the digital and more pooled CS concept, but also the digital technologies we've been employing are really giving us a lot more insights as to the health of customers. And so that's been really helpful as well. So again, we're pleased with the growth to date, but let's say we're not satisfied. We do think there's still a lot more work to do, and we can see continued improvement. But again, it's an effort and one that you can't take lightly.
So I'll just make the comment on the SMB as well. So SMB today is just a hair under 20% of our recurring and it's growing very fast. It includes MSPs and also non-MSPs. We have SMBs that buy directly from us. So we unlock that by changing the way we license. So monthly, digital marketplace, pool license, etc.
But we do see that some of our larger MSPs are now moving towards annualized contract as well. So that also helps lift up the overall SMB GRR.
Thanks. Kirk Materne with Evercore. I was wondering if you guys could just talk a little bit about how you're interacting with your customers as it relates to their investigation into Office 365 Copilot. How much of this tailwind, perhaps, are you feeling today is going or talking about your Control Platform, a prerequisite for customers going and thinking about Copilot? Can you just give us some idea about what you see today and sort of what's maybe embedded and how you're thinking about that product over the next, say, 12 months? Thanks.
Yeah, thanks for the question.
So I mean, the exciting part about organizations that are saying, "Let's have a conversation of Copilot," is that it takes us straight to the data quality discussion. What's your data state? Is that data ready to actually be surfaced? And that brings us right into the Control and the Resilience conversation. As I showcased today, our goal is to say, "We can help you if you want to start with a deployment or a pilot, let us get you ready so that we can move at your pace." The second thing is that there are organizations that are much more confident about what return on investment they're looking from a Copilot deployment. And so in those cases, it becomes part of the formula to get the environment situated so that on an ongoing basis, they can sustain the use of Copilot.
So to your point of tailwind, I think we talked about this as early as probably 18, 15 months ago. We knew there were going to be some pilots, experimentation, and we knew that eventually, because we come into the conversation of data quality, we would be able to sustain a consistency and value that we can showcase for customers, both experimenting as well as those that are taking it more seriously. But there's something else that's happening that we don't talk often about. There are companies now that are saying, "We actually are doing some projects in-house that are not just about Copilot. We're building our own small language models, and we want to be able to use a governance framework." And so our governance model also applies there.
The undercurrent of all of this is that the data quality, data resilience is allowing us to be in those conversations. For us, it is not only a tailwind. I think there's a lot of headroom for us to be able to keep adding value to those organizations.
Yeah, hi guys. Jason Ader with William Blair. When I think about the functions that you guys provide, obviously you take that holistic vertical stack approach for Microsoft, for Google, for Salesforce, whoever. But there's a bunch of other vendors in the market that obviously take more of a horizontal lens approach, which is, "I'm going to do backup or governance across all of the workloads. I'm going to have a single pane of glass for that particular function.
Let's say it's governance like a Varonis, backup like a Commvault." I guess I'm just trying to understand why would a customer go one route versus the other and really help us understand why you feel like long-term, more customers are going to go your way versus the other way.
That's a great question. We do think long-term they're going to come our way. And the reason we believe that is there are solutions, as you described, that are horizontal. The challenge with the horizontal is at some point when you're thinking about the interoperability of your system, it's no longer adequate, either because the provider doesn't actually work with another provider's capability. The Purview example is a great one. I showcased how the sensitivity label that was showcased there that was showing up in our Confidence Platform, we're pulling that sensitivity label if that company is using Purview.
But if you're just saying, "We're going to give you a way to put a policy on your highly classified data," you could also do that. The problem is if you one day turn on Purview, that solution would no longer be adequate. So the difference between us and many of the companies that are coming into this space from the beginning, I think the other point that's missing is before Commvault, Rubrik, Varonis, they started working in Microsoft 365. We were the first company to build the PaaS on Azure in 2009. We were the first company to ship a product for SharePoint back in 2006. What that does is it gives us a huge head start in understanding the entire schema of how all these applications work. So you get deeper expertise in our products.
So the reason why we think long-term, Jason, we're going to win is because the CTOs that we work with today and CIOs will say, "I don't need to work with three vendors because that's more work for me. There's more expertise I have to build on my team to learn the different systems. I rather have one application that goes deep enough and that allows me to comprehensively make my CISO happy as well." And that's why our design in the product is to look at the problem of security, lifecycle, and the continuity all in one shot. And if you take that approach, you're basically designing the application very differently. So that's why we think we're going to honestly win.
And that's honestly the reason why in a lot of the big wins we have across the Fortune 500 and multinationals, which are the most complex, challenging environments to operate in, we do win. What I think we just need, what I think gets, if I'm being really honest, is the conversation sometimes a marketing conversation. It's basically the customers are confused. They think, "Oh, I think I can get it all done with Microsoft," or, "I think I can get it all done with Google." And the reality is that to be able to really apply this layer of securing your data, you should be working with a product company that actually is objective to the first-party view because we have worked hard to go deeper and give you more depth and specialty in those areas.
Why are you confident Microsoft's not going to get into the backup market?
First, Microsoft is already in the backup market. In one of the dashboards at the bottom, there's a place that says Cloud Backup Express from AvePoint. There's two things about Microsoft. We were announced, along with a few of the companies I mentioned before, as launch partners to an API framework they released for large snapshots of the data in 365. It just made it more adequate performance improvements to be able to restore large quantities of data. Once they shipped that, then Microsoft said, "We're going to ship another version of our backup and recovery for SharePoint, Exchange, and OneDrive." And that's where they stopped. Now, why do we know and why do we believe they're not going to go deeper? There's two reasons.
One is our approach to recovering data is honestly quite different. We could recover scenarios of data loss or ransomware attacks down to individual access control levels for a container. Or we can say, "We'll take the files and not the access control." We could slice and dice. And that's been over years of a lot of changes we've done. So Microsoft won't go to that depth because in order for them to go through that depth, they'd have to build a Confidence Platform. The second thing is they basically, in those programs, we've said we're a Microsoft partner and so are other companies. When we're actually sitting there and talking to the engineering team about the roadmap, there's always a choice.
They either will come in and say, "We're going to give you a value, but we can't go deeper because our goal is to stay at the user experience level," and so the partners that are building interoperable technologies actually that integrate there can take care of the last-mile problem, which is, quite frankly, where industries need the most help. That level of specificity is what you need to say, "I think I am going to run my critical sensitive data on M365 because now I have the adequate capabilities in place," so we're confident they're not going to go to that level of depth. The second thing is they're also not going to look at the three dimensions that I showed, which is the security at the axis of the individual user, the type of information, which is investigation on the data and the content.
Then the third is the full lifecycle of the data. So as we've been building our products since back in 2007 when they had another product called DPM, Data Protection Manager, if I recall, for back then what was the enterprise content management backbone, SharePoint, they did the same thing. They sort of said, "We're going to come in. We're going to give you one basic level of capability, and we'll let the partners do the rest." Now, look, I think the goal for us is not to always be sidestepping Microsoft. I think our goal is to say to customers, "What's the value that you need when you think about policy mechanisms that are applying to the regulations that are changing in your industry?" We're kind of at that place, and we're building that into the product.
And the remediation piece that I showed is a self-correct capability that the platform has, which is also unique to us. And this is what IT leaders are looking for. They don't have big teams anymore. They've done a lot of reduction in sales and workforce. And they're looking for self-healing apps, apps that actually are smart enough to say, "We know that this area of your data is out of policy, so we're going to actually make the corrections for you and make sure you're actually within compliance." So those perspectives are very different than if you look at what Microsoft has traditionally done. So we're not worried about it at the end of the day.
We feel that customers actually oftentimes will say, "I actually may not buy all of the capabilities also in Microsoft because I can also select other vendors to complement what my strategy really should be." And that's kind of our focus, is to work with clients and understand their own use of data in their environment as the changing landscape of risk always challenges them.
And I will also add that enterprise use cases are pretty complex and nuanced. So every time Microsoft releases new offerings, they also like great partners like AvePoint to be that launch partner to support that new capabilities. And then where we then add additional functionalities or we bring our existing customers right away to consume the latest Microsoft services. So that's been the case for the last 20 years.
Every time we see Microsoft release new capabilities, what we see is we see the new opportunity that we can then create and go after. So this Backup Express, for example, we're able to then consume that service to do snapshots at a much faster speed at the tenant level. But when the customer actually does also want very granular controls for the executives, especially for data theft, data loss, etc., we can cover that as well. So it's a continuum. So this is the sophistication and beauty of software, right? There's a lot of nuances which enterprise, based on the complexity and needs and industry, etc., there's always gaps that need to be filled.
Thanks. Nehal Chokshi from Northland Capital Markets. Jim, within your current ARR, about $330 million, going to $1 billion in five years, so about 3x there.
How much of that ARR do you think can expand from existing customers with your existing key products to specifically Resilience and Control?
Yeah, I mean, it's a great question. As you know, we haven't really provided any guidance even in the current year for kind of that breakout. So I'm probably going to stay away from actually guiding or committing to a breakdown. But again, we feel that our existing customer base is a huge source of growth for us. We've seen it already over the past several years. We've grown 3x over the past four years, roughly 3x. So we feel confident that we can continue to expand to get to that $1 billion. Gabriella was asking me some nice questions before the session, and I think we feel good about the way that our business is operating. It's interesting. We were talking about this the other day.
The size now of our regions are becoming the size of AvePoint only a few years ago. When we look at the billion-dollar target, it's not as scary because we're able to break it down into its components. We think of, well, North America is a subset of that, and that's been growing at this rate. It has its own targets, and we have targets for that. EMEA is the same thing. EMEA this year became the second of our regions to cross $100 million of ARR. Really good progress there. When we look at APAC, we really have multiple businesses in APAC from Australia to Japan to Singapore, each really producing really well.
And so when we start to break it down by that, all of a sudden, $1 billion doesn't seem as it's still a big goal, but it doesn't seem as far-reaching because each of those have really good plans to get to their number, which in the aggregate gets us to that $1 billion number. So I would not answer your question with saying that we feel really good about the customer growth. We're going to see tons of expansion from our existing customer base. We're still adding lots of new customers that have lots of growth potential. And then all the exciting stuff Mario was detailing in terms of just our product, we think there's a great opportunity and good support for ultimately getting to that number. And then obviously, we've talked about M&A as also a key component as capital allocation.
Obviously, that can be an accelerant and growth driver as well.
Just to be.
Yeah, I would just add we literally took 20 years to get here. We did the thing slowly, and we did the hard thing first. And we did it in a very fiscally disciplined way. Some would say that if we had taken on essentially some capital to do that subscription conversion, we would have done it faster. But we think that because we have invested so much globally and because we are now seeing massive opportunity, we have unlocked the SMB market, for example. We never touched that before. So there's multiple avenues of growth. Even the MSP business would be a $100 million business in the next little over 12 months. So these are the trajectory we see.
That's why when we do the business planning for the next five years, which is very, very detailed internally, we have that confidence.
Just to be clear, that $1 billion ARR target, that is inclusive or exclusive of potential acquisitions?
Inclusive. We haven't put a specific number as to what that will be, but I think that gives us a little flexibility of how we get to the $1 billion. We do think that there's opportunities for us to add acquisitions. The six we've done to date really were more technology-focused than growth in terms of ARR. Now they're helping propel our growth. So we're eager to continue to look at the acquisition landscape to help supplement our growth, both from a technology point of view, but also in the future, maybe increasing revenue as well.
Okay.
TJ, you talked about AvePoint being a platform company and that customers want to go with a platform play. I'm going to push back on that a little bit. I'm going to say that customers want best-of-breed, but they welcome platform companies if they're best-of-breed across all segments. With that in mind, you provide three segments of data resilience, data security, data governance. I think there's no doubt that you guys are best-of-breed on data governance. Hands down, no problem. Data resilience is a commoditized area. Nobody's differentiated. Data security is arguable whether or not you are or are not differentiated there. Can you provide us some evidence that you are indeed differentiated at the data security level, especially considering that one of the key functionalities is identity management?
Yeah, that's a great question.
Yes, thank you for recognizing that our governance is no doubt the best on the planet. That's great. It's also our fastest-growing segment last year portfolio. And on the backup side, on the resilience side, it is increasingly becoming commoditized. But I hope that you get what Mario discussed today, is that the way we think about backup differently. Your backup is not your traditional old backup because data volume continues to explode. And if you just apply the traditional backup way to think about the problem without thinking about retentions, without thinking about governance, without thinking about storage optimization, then you are actually having a lot more overage costs. So that's a different application.
I really like the story from Mario cited that several years ago, a CIO of a very large bank challenged us to say, "Hey, how do you make your backup different so that I care?", so that is where we're investing in. So at the same time that I agree with you, we have to balance between the platform as well as taking any singular product. We need to be good enough and that our win rate, when we go toe-to-toe against the specialized vendor, that we are very good, and we do. We have a very good win rate against the Rubrik of the world, against Commvault of the world. So that's why we also, in every one of our products, we need to make sure that we stay ahead of the game and be one of the top-tier products.
And of course, what's not mentioned is around this whole modernization. So while from a recurring perspective, it's only 11%, it's driving a lot of service opportunities. Much of our 14% services is in that space, but also it's spitting out service opportunity for partners. You hear Crayon, which is a global partner, talk about generating $5 for every dollar deployed. So that's also driving excitement. So while it looks like 11% recurring, its effect of bringing partners and ability to influence additional revenue, it's much bigger than the percentage suggests. So from that perspective, we are very excited. There's a lot of opportunity to develop more capabilities across the platform, especially leveraging AI to develop faster. There's an infinite amount of software to go. And we think we're very well positioned. So you know, Jeff Teper is on the Board of AvePoint. He's the President of Microsoft Collab.
He actually did a session with our leadership team recently, talked about the two top things for all companies care about: security and AI, two top things. And AvePoint is very well positioned in the midst of both. So we see the market opportunity globally, and we'll continue to emphasize our heritage being a tech provider for the last 20 years. We always over-invest in tech, our dev capacity. You've heard Jim talk about half of our employee population are developers, even though it's a quarter of the cost. We have that massive leverage and competitive advantage. We'll continue to invest in dev capacities to actually continue to improve the overall technical capabilities. So I agree with you. There's platform. There's also best-of-breed. And we also need to be, when we go toe-to-toe, be as good as best-of-breed.
So I think we're just about out of time.
Maybe one last question.
Great press, guys. TJ, maybe just a minute on Singapore listing in terms of bringing that depth in the company and that kind of geographical reach now to the business and kind of how that might impact in clearly positive ways going forward.
Yeah, so we do have a very strong ASEAN-Singapore story. Like I mentioned, a large part of our employee population, half of that is actually ASEAN, Southeast Asia. And in Singapore, we generate a lot of IP. So 90% of our revenue in Singapore is with government. So this is why when we the first question we got, earnings like, are you worried about those? Public sector is a global public sector business for us. We have very strong public sector presence in Japan, super strong in Singapore. Singapore revenue is actually more than 10% of our total revenue.
A lot of that services, but generating IP. So from that, we are generating a lot of compliance product, record product, and our edtech product to focus on education. So that's an important hub. And now we're establishing an AI research lab. They're hiring PhDs in region. So that's also at a good controlling cost as well. So that's where things are important. And also, very importantly, because we're still a pre-mid-cap company, we're not getting the level of blue-chip institutional investor attention we would like in America. But in ASEAN, in APAC, we are one of the largest B2B SaaS companies because we have a unique APAC story. So far, the conversation we had is just incredible. We have all these really great institutional investors with APAC mandate to want to support and invest in AvePoint.
We think that will then have a very good infusion of high-quality long-term investors in the cap table. And that's important to the long-term growth of shareholder value.
Great. Well, thank you, everyone, so much for coming. These slides and materials will be available on our IR website. With that, I'd like to thank our presenters and all of you for attending.
Thank you.