Yep. Awesome. We will jump on in. Thank you for being here. I'm Roger Boyd. I'm a cybersecurity analyst here at UBS. Happy to have the team from AvePoint here. Thank you, gentlemen.
Thank you.
Thank you.
Thanks for having us.
Yep. Mario at the end over there, then Jim and DJ. So, glad to have the team here. And I think maybe just to frame the conversation, maybe to go back a little bit. I mean, AvePoint was founded, I think, 20 years ago. It started as an Exchange SharePoint backup service. Obviously, that's expanded quite a bit over the past two decades. It's a much more comprehensive SaaS and data management platform. For investors who are just coming to the story, can you just kind of go through that timeline, what that kind of advancements looked like, and where you're at today?
Yeah. So, thank you, Roger, for having us. Yeah, we started 20-plus years ago in the, like you mentioned, SharePoint space, which is Microsoft's enterprise content management platform. And the nature of that is really highly targeted towards regulated industry, very large governments and banks and pharmas. So because of that, we expanded globally. It's a high-touch direct sales process. We are where our value add is to focus on all the data capabilities for that platform. So whether it's data backup, data archiving, data migration, classification, labeling, and then, of course, build it as a full-fledged document management, record management, knowledge management platform. And then when Microsoft went to cloud, in 2010, 2011, it was called BPOS.
Mm-hmm.
We invested the earliest because we were able to, by staying close to the customer, forecast that this is our opportunity to really have a massive expansion of TAM for us. So instead of only focus on regulated industry, enterprise content management play, we were able to, by shifting to cloud, to address the entirety of Office. So Microsoft Office products, the foundation fabric.
Mm-hmm.
For collaboration, for multi-editing, for co-authoring, is actually SharePoint. So fast forward to today, we are the largest SaaS data protection, data management, data governance player for Microsoft Office Cloud. We have our SaaS platform running in Microsoft Azure, which is their compute cloud.
Mm-hmm.
and we have a very significant relationship with Microsoft in that regard. So we're both a large customer of Microsoft as well as global partner. And because of our physical expansion years ago to go after the regulated industry, today we have about 20% of the overall regulated industry from a user seat coverage perspective.
Mm-hmm.
But outside the regulated industry, there's still massive headroom for growth, in addition to regulated industry. So that's where we now, because we have a global presence and because we also now, in the last, since we've gone public since 2021, invest aggressively into channel.
Yep.
to scale. So we're able to not only sell to the Fortune 20, but also to the medium, to small businesses. And now industries outside the regulated industry really care about data curation, data quality because of AI.
Yep.
So, good data leads to good AI. And of course, not only have we done the unstructured data governance and management aspect of it, we also get into the space of agentic. So application governance, starting with Power Platform, Power Apps, and now, of course, now agents.
Yep.
This is the evolution of the company. While we are still relatively small, about $420 million revenue this year, we have all the markings of a much larger, multinational corporation.
Yeah. Makes sense. I wanna get to agents and Agent Pulse in a second. But just to frame out the purview of the company, you talked a lot about the roots you have with Microsoft, but it's expanded beyond that, and it's been much more of a multi-cloud story. What does that % of business look like, that's tied to the Microsoft ecosystem, and how do you think about longer-term targets for the non-Microsoft piece?
Yeah. So today we see fantastic growth in the Microsoft ecosystem and also outside the Microsoft ecosystem because every customer today are, by definition, multi-cloud.
Mm-hmm.
Right now, about just over 90% of our revenue come from the Microsoft ecosystem. But where we foresee the opportunity for growth outside of the Microsoft ecosystem could be potentially as high as 30% of our revenue mix by 2029.
Yeah. Cool. And yeah, jumping to Agent Pulse, relatively new announcement. How does that kinda fit into the broader strategy and the vision for governance and AI in the cloud? And you know, it's relatively early, but how have customers responded to that offering? I know some of the offering, some of the parts of the offering have been in the market for a little bit.
Yeah. We're very encouraged to see the convergence of the market pretty much shakes out how we have always viewed the continuum of data, first from management, right, data protection.
Mm-hmm.
Ransomware detection, recovery, storage, management, and then governance, right, who has access to what, access control, but then more importantly, this delegated administration capabilities of IT doesn't really know what business, how they use data, and how they run applications, what purpose there are, especially in a large organization. So we give that power to the end user, the business users, to specify, to quantify, and then leveraging a framework, a SaaS framework, delimited delegated administration that actually put this all together, right? So Gartner calls it data security posture management.
Mm-hmm.
So we start that with data, and then we move it into, of course, applications and now agentic. So from an agentic perspective, we're very pleased with the progress. So some of our largest customers, global Fortune 500, as well as the biggest audit firms around the world, they're already actively promoting agents. UBS as well. Last night I was at the UBS leadership dinner.
Mm-hmm.
The top concern for UBS IT leadership is actually how to grapple with, you know, on one hand, businesses want to push more to deploy AI agents to make work more efficient and productive. On the other hand, we need to, because UBS is a regulated entity, you are from a compliance perspective is even a higher standard than most other banks.
Mm-hmm.
So that become a huge concern, right, guardrails, if you will, around applications, around business processes, around agents. This is where we see a common thread across all of our large enterprise customers and even also small to medium-sized businesses. We have been doing this for a number of years for Power Platform, Power Apps. And of course, with Agent Pulse, we're able to help businesses take stock on all the agents that's running in their environment, not only in the Microsoft ecosystem. And then once we identify them, discover them, then we bring them under control. If you think about guardrails around these business processes and these applications, semi-autonomous applications, how long they live for, what kind of other system they can talk with and interchange data with, and then what users can, you know, have access to them.
This is, very, very important because over time, these agents are gonna be much more powerful.
Yeah.
The way hyperscalers think about it, it's full-fledged digital employees. So they will have an identification. They will have a CRM, you know, license. They will have an Office license. They have an email box. They have a chat persona, and all these are fully licensed as almost if it's a real employee. So that kind of capability and power is something that brings forth a lot more complexity.
Yeah.
This is where we think there's a massive and very quick evolution towards that.
Yeah. I wanted to expand on that a little bit and maybe bring Mario into the conversation a little bit too. But where do you think we are in terms of, like, the regulatory side of AI? And you talked a bit about being exposed to a lot of regulated verticals, and European banks are probably at the high end of that. But.
Yep.
How do you see that evolving and potentially being a catalyst for your business and other security firms?
Yeah, sure. That's a great question. A good follow-up to what TJ just mentioned. So if you think about regulatory impact on an organization, it starts with, is your information secure? What are the policies that you and your industry should be following? So we actually, you know, went through all of this, many years back with GDPR, when many organizations, especially in the EMEA region, were saying, "We need to understand the privacy and security and how do we automate with software the controls for that." We're basically in a place now where for AI regulation that we're starting to see take shape, you're gonna need to have the same type of controls. Earlier this year, we spent a lot of time working with policymakers understanding what are the metadata values that you're gonna need in the application to track the agents and the behavior of agents.
So the EU AI Act, which was just launched in September in the MEA region, starts to, you know, set the framework for how organizations should think about the impact of AI and where regulation should really be applied. We are planning in our product, especially with the Agent Pulse, the Agent Pulse launch, to help organizations start to track and create an inventory of these agents. In the product already, you'll be able to apply metadata that will give you a really good way to apply the regulatory requirements no matter what industry you're in. And Roger, for your audience, it's really important to know that we've been working across regulated industries for many years.
And what we've learned is the best way for us to make sure our product has market fit in those industries is to inject a lot of the regulatory requirements in the software automation layer, which we've done. So ultimately, you'll be able to track the agents, have an audit trail, understand what identity the agent is acting on behalf of, and then more importantly, which type of data is the agent, you know, using for transfer. And if it's sensitive data, what's the right classification code? So the idea for us is to do the inventory, make sure that you have that inventory applied in the context of regulation, to be able to help organizations. And then the last point is in the U.S. market, regulatory changes are starting to take shape. We see it at the state level.
Mm-hmm.
We don't have anything yet at the federal level, but we expect that, you know, next year we'll see some changes there, and we just wanna make sure we're ready to help our clients navigate that.
Yeah. Makes sense. I wanted to transition a little bit to the business side of things and get Jim involved a little bit. But maybe to just touch on 3Q. I think it was a record quarter for net new ARR.
Yep.
I think the commercial side of the business is doing really well. Can you unpack that a little bit? And I think conversely, it sounded like U.S. Fed was maybe a little bit weaker, a lot of that expected. But how are you thinking about 4Q and into next year and the ability to continue to sell into agencies?
Yeah. I mean, I'm glad you pointed out it. You're right. Everything you just said about Q3, the commercial side of the house, very strong, in line with really the growth we saw in Q2, which was really powerful and really strong, 42% net ARR growth. So pretty consistent with that. And you're right. It was really the public sector and more specifically the federal piece of the business that definitely had weakness, particularly in Q3, but actually for the full year, it's been relatively weak compared to last year in terms of growth rate. So, you know, that's definitely was the story kinda for the first nine months of the year. Now, despite that, we still had really strong growth overall. So we're really encouraged by that. And then for Q4, obviously the government shutdown has kind of come and gone, which is good.
The rest of the business looks really strong. We're, you know, you mentioned we had record ARR net, net ARR growth in Q3. We're expecting another net ARR record, in Q4 as well. So again, we see good growth coming from all regions, really all customer segments. You know, we talk a lot, Roger, about the balance of AvePoint in terms of, you know, our diversity and really balance, whether it's customer segments, whether it's geographies, even customers, not any one customer representing more than 2% of the business. So that good diversity continues. And we're gonna see nice growth coming from really all sectors of the business, in Q4. So we're excited about the closeout for the year. And I think that'll give us nice momentum going into 2026, really setting up the teams very well for, for a good year, hopefully next year.
And then that sets us up really well for this goal of getting to $1 billion in 2029. So, you know, we're excited about that. Teams are galvanized, and really excited to contribute to that goal.
Yeah. Awesome. I wanna come back to that target in a second. But I think last quarter you spoke pretty specifically about some of the momentum you have in the channel. And I know that's been an area of investment over the past year and beyond. What's been incremental there? And you've talked a lot about kind of the opportunity with MSPs and MSSPs. Where are you today in that segment, that channel?
Yeah. We're still very pleased with the progress there. It's our fastest growing segment for a vertical. It's our way to unlock SMB, the fat tail, if you will, the market, with our enterprise-grade focus. So because SMBs don't have IT and they rely on these outsourced IT to manage all their data estate and cloud assets. So the use case here is really for, I like how Jim puts it, we for these MSPs, we are fundamentally a revenue center. They're leveraging our platforms, what we call the Elements platform. It's to actually drive and scale their business, to manage hundreds, if not thousands of commercial customers behind the scenes, anywhere from obviously data protection, ransomware detection, to also the governance, to also now license management and cost management.
Because, a lot of what's happening in cloud is there's compute cost, there's GPU cost, CPU cost, there's also bandwidth cost and storage cost, and also license cost. If you just rely only on the hyperscalers, they will want you to buy the most expensive licensing possible, where we actually have software to say, "Hey, you know, this John has been licensed, fully, but he actually barely uses a fraction of a portion of his license." And there's economic optimization to be done. And this is something that's super keen to the MSPs. That's where they drive that additional margin for themselves. So this is where we see continued uplifting, whereas some of the larger MSPs were experiencing 140% NR just because how fast they're adding net new seat counts behind it.
There's also a bit of a PE roll-up in that market, where every time they buy a company, they bring forth 100,000 seats, for example.
Yeah.
These are not big companies, right? So, the MSP themselves. But behind the scenes, they're behaving like a very sophisticated, you know, like a UBS type of level because they have hundreds of thousands of users behind the scenes under management. So we continue to be very excited about it. We feel like we're just scratching the surface here. We have about 3,000 MSP partners in the Microsoft ecosystem. According to Canalys, the total size of the market is at least 10 times that. And of course, as we look at the multicloud space, there's MSP players in the other ecosystem, AWS, and Google, etc.
Yeah. We're talking with Mario about this last night. But how do you think about the demand for that MSP channel? And it feels like you guys are betting on a horse that is gonna continue to accelerate here. And, especially with concerns around AI, it feels like the security maturity and security posture of SMBs needs to come up. How do you think about that kind of playing out from here?
There were a few pieces that I think we realized would be really important for MSPs. One was managing costs. So we have.
Yeah.
As TJ alluded before, not only entitlement management but cost optimization. So in our platform, MSPs are able to identify for clients, "How do I help you reduce cost?" And that keeps them, you know, driving value for their end customers. So that's one side. The other side of it is empowering the MSPs with a set of capabilities that allows them to stand up a security practice. And a security practice could mean, you know, "I'm gonna protect your data. I'm gonna make sure that when you have, you know, inadvertent access or when you're sharing data with your supply chain partners, we're tracking, we're monitoring things." So we have that already in the platform. And then more recently, the desire from MSPs is, "Can they actually be relevant now with AI?
Yeah.
Right? And so part of what we're doing with Agent Pulse is bringing that also into the Elements edition of the platform, where they'll be able to actually do that measurement, that inventory analysis, and not only stand up these agents but also monitor and manage the agents. And that's taken a big burden off the hands of these companies that are looking to keep their IT staff quite, quite small. So our decision and intention to build more value in that relationship with MSPs is all about giving them the right IP.
Yeah. Cool. I wanna come back to the billion-dollar ARR target. And I think it implies pretty steady mid-20s growth for the next couple of years. A lot of opportunity across the table. But how do you kinda rank the key factors to getting there? What's in the secret sauce?
Yeah. Everyone asks that, that question. So, we do actually both the top-down and then bottom-up planning. So Jim can talk about, you know, the bottom-up perspective.
Mm-hmm.
But from top-down, we see multiple levers of growth. So as we talk about MSPs being one, segmentation, we think the SMB segment for Microsoft is 40% of their total revenue pie. For us, it's right now just under 20%. We could potentially, at the rate it's growing, potentially could be easily 30%, if not 40% of our revenue pie in the next four or five years. And then, meanwhile, the whole, I think aggregate, we're growing mid-20s, as you mentioned. But in addition to that, we also see the multicloud side has very high growth potential. Today it's just under 10%. We actually think it could potentially reach 30% in the next four or five years. So that's multicloud. And lastly, we also have all these different type of channel play and direct. We have different strength in different markets.
Mm-hmm.
45% of our recurring is North America, 35% MEA, and then the rest the balance in APAC. But every region will have different strength, where, for example, in America, we're very strong in direct, and SMB is fully channeled, but mid-market is still not yet fully channeled. We think that once we get that going, that will continue to drive several percentages higher growth. MEA, for example, so Western Europe and Middle East is 80% channel today, and enterprise is something that we actually now are investing to go after the bigger type of customers to drive that stickiness. That's a growth opportunity for us. Japan, for example, mid-market SMB, it's a new phenomenon because historically, businesses there are very conservative. But now they're going to cloud in droves thanks to AI. We see massive uplift there. In ASEAN, historically, we do services to generate IP.
And now we're layering a channel. So we see really quick hockey stick growth in ASEAN markets, including India as well. So Microsoft is doing so fantastic in India, $2 billion revenue in SMB. And then, of course, Australia. Australia is very much like MEA. So there's large enterprise component that we can go after. So net-net is that if we just across all the geographical regions that we have presence in, if we're actually firing all cylinders like we want to in the next couple years, we would accelerate even our organic growth. And beyond that, of course, we are looking at M&A as well as a way to accelerate the go-to-market for multicloud, and also enhance our capabilities around DSPM. So because today we cover mostly focused on unstructured data, which is 80% all data, fastest growth in data is unstructured.
And also most sought-after cybersecurity assets from a, you know, criminal syndicate perspective are unstructured data because you follow the money, right? You follow the emails, follow the accounts. That's how you do the, you know, so social type of phishing attacks. But beyond that, there's structured data that we can go after. So there's a opportunity there, both organic and inorganic expansion. So amongst all these levers of growth, if we hit all of them, we would grow comfortably faster than what we forecasted.
Awesome. Maybe for Jim, as we think about that billion-dollar ARR target and the associated operating profile to it, and all these opportunities to invest across multiple areas of the business, how do you think about profitability and how do you balance that against growth? Any guardrails to think about as we look into next year and out to 2029?
Yeah. It's a great question. And one that we actually spend a lot of time lamenting over and making sure we're making the right investments. You know, it wasn't too long ago. It was really three years ago.
I'm not sure if lamenting is the right adjective.
No. Well, I mean, we spend a lot of time.
Good problem to have.
Yeah. It's a good problem to have. I mean, fortunately, you know, we're, we've turned the corner, right? If you go back three years ago when we first started talking about this, we were essentially break-even on an operating margin and growing nicely. But, people were asking us at that point, "We don't see a path to profitability. How are you gonna show us profitability?" And so we, at that point, focused on profitable growth as kind of our mantra and really the story, right? And now you've seen this accelerated operating income to get us to this point. And so you're right. When we think about, "Hey, how do we, you know, move the dials? Can we accelerate the growth, maybe dial back operating income, make additional investments?" And so you will see us do that over the next couple of years.
The common question we get is, you know, "Are you going to show this 400 basis point increase year- over- year?" and just to bring everyone in, we've got long-term targets, which is really 2029, getting to this $1 billion, showing operating income at that point of roughly 27% of revenue. Excuse me. At that point, so the question is, how do we get from where we are today to 27? Is it linear? Is it a couple percentage points a year? And so I would just say that it probably will not be a straight line. There'll be a little sawtooth in there as we make investments. And so one year might only grow a point. Maybe another year grows 2 percentage points.
But having said that, we're constantly managing, "Hey, where do we need to make the investments, not only for today but really for that four or five-year period?" and this focus on $1 billion may seem a little crazy, but it has given us this unique perspective of making sure we're executing today to give us the best possible chance to hit that $1 billion. As opposed to thinking a quarter in advance or even a year, we are evaluating all of our decisions based on, like, does that get us closer to the 2029 target, which I think is a great way to, you know, be aligned as an organization and focus. You will see us make, you know, investments every year, obviously. Some years, those investments might be slightly greater.
Okay. Makes sense. I wanted to, to finish with a, a couple questions about the demand environment. How do you think about where we are in terms of AI adoption and AI utilization? And how do you think about that driving, budget availability for, for you? And, and does it look significantly different when you look at heavily regulated verticals versus non? And, I think there's been this debate of, do you see security controls come in before AI adoption or after? Do things have to break before, we see some of the, the security dials get turned on? Just very broad question, but how are you thinking about that?
That's a very good question. So Microsoft's been touting the Copilot, licensing is now 150 million.
Mm-hmm.
But the actual consumption, it's less than that. However, having said that, we already mentioned, you know, it's not to equate AI adoption with Copilot licensing.
Yep.
Penetration. It's really every companies are now experimenting with AI, whether it's leveraging Copilot Studio to design some applications or agentic AI running around, whether they design the agents via Microsoft Stack or other open-source stack. The reality is that AI is here. So last night at the dinner with UBS IT leadership, they talk about AI as its own budget. There's intentionality towards that. Now, in term of your second part of your question of, you know, which goes first, security or AI, it really depends on the posture of the business. So obviously, for someone like UBS, compliance and security is top of mind. That has to go first. It's internal deployments.
We see the majority of the company doing more internal deployment than just letting that direct AI capability surface out to clients because there's a lot more risk, a lot more liability, that because, again, there's still some of the kinks that need to be solved around accuracy, around, you know, it's, whatever offering you use, leveraging AI. You still need that human in the middle to make sure that you're providing accurate and highly confident type of services to your clients. However, we do see a mix kind of, you know, adoption risk posture, if you will, across small businesses and large enterprise. Regulated industry, we would think we see that has a better job in handling this just because, again, good AI predicate to that is good data. So the regulated industry do have, in general, a much better data hygiene practice.
So then they can deploy AI with much higher confidence than a non-regulated industry, so this we see obviously as a massive opportunity for us.
Awesome. We will wrap it there. But TJ, Jim, Mario, thanks for being here.
Thanks, Roger.
Thank you.
Yeah.
Thanks, Roger.
Thank you.
All right.