All right. Good afternoon, everyone. I'm Sanjit Singh. I'm the Infrastructure Software Analyst on the Morgan Stanley Software Research Team. Super happy to have the management team from JFrog. We have CEO Shlomi Ben Haim. Shlomi, thank you for joining us. Chief Financial Officer Ed Grabscheid. Ed, thank you for joining us at the TMT Conference. I think you've been here every year. We really appreciate it. Now that we've gotten past Elon, let's talk about software supply chains, right? Maybe to kick the conversation off, Shlomi, it's sort of a basic question. You're coming off of a solid year, 25% revenue growth. You expanded margins by over 1,000 basis points, operating margins now in the double-digit territory. You are sitting at the heart of the software supply chain. I sort of ask this question every year.
Why are some of the biggest companies in the world coming to JFrog to accelerate their software delivery and secure their software supply chain?
Yes. Well, first of all, thank you for having us. It's been a wonderful day so far. To your question, what is the software supply chain? Software supply chain is about managing the assets that the developer either brings, creates, distributes, deploys. When you look at this, and what you have in mind is that nobody's building from scratch anymore. No one here in this crowd comes from an organization to build software from scratch. So you bring software packages from outside. And then you start to build your own software packages. You merge them. Then you distribute them after you secure them. All those software packages are binaries, what we call software packages, images, binaries, models. Call it whatever you want. This is the asset that you manage. These are the different quality gates.
What JFrog provides is an end-to-end solution that makes you faster and more secured from the developer keyboard all the way to your runtime environment, managing your binaries. The enterprise, I think, starts to understand that that's the primary asset to maintain, to manage, to store, to distribute, to deploy, and so on. In the binary world, the folks are the best.
Awesome. And so as we think about the year that you just completed, can you sort of draw the trend lines on how the year started in terms of your customer spending intentions and how did they end? Where do you see the hesitation that's still lingering? And where have things improved as the year has progressed?
So the starting point is obviously the adoption of the single source of record philosophy. This is where things are happening. I'm always using a metaphor looking at Salesforce, for example. Assume that you have 1,000 sales reps, and 100 sales reps of them decided to work with a spreadsheet aside. It can't scale. So you need all of them to use the same single source of record. This is Artifactory. This is your repository. On top of that, obviously, we added the different capabilities of security to secure this asset, distribution to distribute it all the way to the production environment. We moved left to secure source code that creates binaries. We moved right to secure your runtime when the binaries are going there. And with that full suite, we're also answering a demand that we get from the market that has to do with consolidation.
It's just too much to have 20, 30 different best-of-breed tools. What we hear from the CIOs and the CISOs in the enterprise, we want a comprehensive solution to consolidate around one asset.
Can I ask a follow-up question on the consolidation point? Vendor consolidation, tool consolidation is a big theme in software, particularly in infrastructure software. When you say consolidation in the sort of software delivery pipeline, that space, that market, are we talking about 10 different tools going to one? Or how do we think about the magnitude of consolidation?
Well, first, every company that I meet now is speaking about the platform. And why? Because things need to be consolidated. So let's first answer this. What can become a platform? A platform can become something that is focused on a centerpiece. And then on top of it, you're building different capabilities. Otherwise, which is a different methodology, you have an integrated set of tools. You don't have a platform. So what we identify is that Artifactory became the single source of record for our customers. And on top of that, we started to build the different capabilities for security and distribution, MLOps, MLSecOps, and so on. What happened now is that the CIOs and the CISOs of the world need to answer the crazy best-of-breed period, 20 years of best-of-breed that are now facing.
On the security side, most likely, if you will meet a CIO or CISO that's coming from, let's say, 200 developers and more, they already have more than one tool. If there are 10,000 developers and more, they already have more than 10 tools that are doing the same. Binary repository, they would probably have multiple of them. Source code repositories, they would probably have Bitbucket and GitLab and GitHub. So it started to be impossible when you scale and when you release more a day. It started to be impossible. Therefore, they are looking for consolidation. If we needed another tailwind for that, the recession helped because now they also want to be cost-effective. If they are migrating to the cloud, they want to know that they are betting on the right platform.
The last sentence about that, Sanjit, is that it's not only consolidation as a buzzword or a slogan. It's also becoming the standard in the market. It's consolidation around expertise. And they expect to see coexisting. I want to have the best source code solution. And I want to have the best observability solution. So I would like to see a GitHub with a JFrog with a Datadog. And I'm not expecting you to do everything.
Yeah. That makes perfect sense. I want to spend some time talking about the cloud business because it's been a pretty exciting dynamic that's unfolding in that part of the business. But before we get there, let's rope in Ed to the conversation. I started off some of my introductory comments talking about the efficiency that we've seen in the business, the margins have expanded 1,000 basis points. Can you talk to some of the drivers that got those margins up to that double-digit operating margin level? And as we think going into 2025, how should we think about the pace of margin expansion versus your growth ambitions going into next year?
Yeah. Yeah. That's a great question. So I've been with JFrog for five years. And we've always been a very disciplined company. In 2022, we spent a lot of money on technology and the amount of effort around building out our security solution, which we delivered in 2023. So we were from an operating margin around break-even, just slightly over break-even. And we saw a ton of leverage in terms of our P&L during 2023. Now, part of that was we took the decision based on an uncertain environment. The first half of the year, we were faced with headwinds around potential downturn. And we paused hiring. We paused a lot of our projects, like many other software companies. And because of that, we were able to then ramp that up in the second half and had significant improvement in operating margin over 1,000 basis points, as you mentioned.
Now, going forward, I wouldn't expect that we would continue at that pace, 1,000+ basis points. We delivered our long-term model in the first quarter of 2023. And what we guided to in the long-term model is that we would be somewhere around 22% operating margin. So from today at 11% to get to 22%, we guided 2024 at 250 basis point improvement. And I would expect going forward, we would see somewhere between that 250 basis point-400 basis point improvement on a year-over-year basis. So we'll continue to invest. We'll see improvements, but not at the pace that we saw in 2022 or 2023, excuse me.
Makes perfect sense. So we'll come back to talk about that target 2027 target model. Let's talk about the cloud business because that was kind of the star of the show in Q4. I think the theme that had been going on in the cloud business is that there was kind of a string of consecutive quarters where growth was slowing down. And in the last two quarters, we've seen meaningful acceleration in that business. So it's a two-part question. One, what were the factors driving that initial slowdown, Shlomi? And then, as we've seen that re-acceleration in the cloud business for the last two quarters, what's been driving that?
Yeah. So as we predicted when we entered 2023 with the recession in front of us, alongside with us, what we projected is that the immediate effect would be, first of all, stop everything you do. This is what the CIOs will tell the teams. Everything you do, stop it right here, right now. And by the way, we did the same, to be honest. We went to our team. And this is the first thing we told them. No hiring. We want to see what's happening. No cloud spending. Just keep the business running. And then in Q1 and Q2, what started to be clear is that those companies that until 2023 already migrated to the cloud, they are now taking their time before they are fully adopting the cloud and spending more. But they are already in the cloud. And remember, this is infrastructure. It's not an application.
It's not you use it or not, we'll see. It's your pipeline. It's either you create software or not. So you cannot forever shut it down. But those that moved to the cloud is Group A, and they gradually started to grow. And this is why we projected that the second half, as it happened, the second half would be better in terms of consumption. The other group was those that strategically decided that they are moving to the cloud, moving workloads to the cloud, but didn't start yet. And then the migration was kind of froze. They never moved. Now, if you look at the JFrog portfolio around what is it now, 35% of our customers?
A third of the customers, yeah.
Out of 7,400 customers, 35% are in the cloud. 65% is self-hosted on-prem. So on one hand, a huge opportunity to grow. On the other hand, these guys are not investing in self-hosted now because they know that they moved to the cloud. So there is no growth on the self-hosted. But they are not yet in the cloud. So this is what we projected. This is what we discussed during 2023. We were extremely happy to see that the low-hanging fruit that the cloud users picked and optimized came back as a consumption in the second two quarters. We predict that in 2024, we will see kind of the same behavior, a slowdown of migration. It will not be yet the days of 2022. But consumption with the seasonality, with everything we saw in 2023, will be repeated in 2024.
Therefore, we provided the guidance with the growth for 2024. 2023 obviously ended up with a very strong tone because of the consumption of the big enterprise that came back.
That's a great way to frame it. We upgraded the stock in December. And the acceleration of the cloud business was one of the reasons why. And I had to apologize to you for waiting for three years to upgrade the stock. That's my fault for being a little bit aloof. But to me, the re-acceleration of the cloud business was important because I think it kind of speaks to a central debate that's been going on in this market since the IPO, is that as this category, as the software pipeline moves into the cloud, does it get reconstructed in the way that it was on-prem with this fragmented, stitched together best-of-breed? And would JFrog be, or does it get consolidated in the cloud? And would JFrog be part of the cloud stack, if you will, the cloud software delivery stack?
When we see this cloud business start to re-accelerate, it's now becoming a more meaningful part of the business. Does that put that debate to rest that as this category moves to the cloud, JFrog will be at the heart of cloud software delivery?
Well, Sanjit, the evolution of disruption since we founded JFrog keeps happening. One of the very important strategic points that we took in 2018 was to be a cloud-first company. And it's demonstrated in the numbers. But the efforts on the company side were extremely, extremely hard to kind of free. It's not only one cloud. We provide a multi-cloud solution. It's not just multi-cloud solution. We provide a multi-region. So it's actually the freedom of choice is in the hand of our user and also a hybrid solution. So JFrog was one of the first and only companies in the world of DevOps and security that went that early to the cloud and bet everything we have on having a multi-cloud solution. And now, we are picking up the fruit.
So I think that I will just share a few use cases in order not to sound biased with what I'm saying. AT&T moved to a cloud, DevOps and DevSecOps. While moving, they displaced Sonatype Nexus, Black Duck, and other tools, taking JFrog. But that could only happen if we will take them the full journey with them to Microsoft Azure. Vimeo moved to JFrog Artifactory from a JFrog Artifactory only to a full subscription with security and everything, but only if we move them to the cloud. So I think it's coming together. It's very hard for me to think, OK, so security is not happening in the cloud. And DevOps does happen in the cloud. It's coming together because it's a strategic decision of the enterprise to move to the cloud, to be more efficient, to be more secure, to be faster.
Yeah. If we look at the trend line to the business, right, you're targeting sort of 40%-plus growth in cloud. The overall top-line growth for next year, 2024, is sort of low 20%. So if you do the math, maybe by this time next year when you join us at the conference, the cloud business may be sniffing out 50% of the business, maybe a little bit less, maybe a little more, but certainly on that pathway of crossing the chasm. Show me, what are the implications for the business? And then maybe that could speak to the financials of when JFrog gets the majority of its revenue from cloud? How does that change the business? And does it make the business better?
I'll start with the financial side. So I'm sure most people know the model. But the self-hosted, or I'll start with the cloud, the cloud is based on a consumption-based model. So we generate revenue based on consumption as well as storage. The self-hosted is based on the number of servers. So from a financial perspective, we benefit much greater from the cloud because that business continues to grow based on as more usage and more products are adopted, we see more consumption driving higher growth. In terms of the expansion, we see much better net dollar retention rates in our cloud. It's still only 35% of our business today. So to move our corporate net dollar retention rate, I need three points of growth in the cloud.
But in terms of the long term, as that growth in cloud becomes a bigger percentage of our revenue, it's going to benefit us in terms of our financials.
And then, Shlomi, imagine a world two to three years from now when you're getting 60% of the business from JFrog Cloud. What does that mean for the business?
Well, first of all, it means that my competition with the cloud would be even more energizing. We projected on the long-term model that by 2027, around 50% would be cloud-based. We already see it on a quarterly basis. I think that from a company strategy point of view, it gives me much more flexibility to add more capabilities, to generate more consumption in the cloud, and therefore also to echo what Ed said, to see a different net dollar retention starting to climb back. This is what we bet on. This is how we add capabilities now. You have better visibility to your customers when you run the cloud for them. And by the way, let's put aside all of the strategy ideas. This is what the market demand. They want us to provide it as a service.
They will be focused on what they have to be focused.
Do you think it benefits your product engineering efforts and product engineering as you get more and more intelligence and telemetry from the usage of your cloud solutions as a potential feedback loop into product engineering?
Well, feedback is one thing. But when you have an on-prem customer, you are depending on the feedback. If they are disconnected, then you don't hear anything. In the cloud, you have full visibility to what happened. This is A. B, if you look at JFrog, JFrog is the biggest binary repository in the world, the biggest Docker registry, the biggest Maven repository, the biggest C++, .NET. The amount of data that we collect is just outstanding. It's amazing. So at some point, data would be so important for the flow of your pipeline that I'm sure that JFrog and already sharing this information coming from the data of the world, all the binaries of the world are going through JFrog.
If I'm hearing AT&T are saying, "thank God that the outage was not because of JFrog," if I'm hearing a car manufacturer saying, "we will slow down on releasing cars to the market because of software updates," I know that JFrog became a centerpiece. And part of it is because of the fact that binaries are coming with the metadata and not just code.
Yeah. It makes complete sense. I want to spend some time talking about the security opportunity because one of the evolutions that you're making is from a DevOps platform to a DevSecOps platform. At a fundamental level, what gives JFrog the license to go out and prosecute the security opportunity? I mean, GitLab's going after this, Datadog's going after this. You have private companies going after this. And there's also a ton of incumbent point solutions. So what gives JFrog the license to be a provider of DevSecOps capabilities?
That's a good question. I have a confession here, Sanjit. So.
Uh-oh.
When we first met, I think shortly before we went public, we spoke about JFrog Xray. And we were very proud of our first security solution. But JFrog Xray was built by developers for developers. And it was a security solution. So to be completely honest, this is my confession, we were naive because when we acquired Vdoo shortly after the IPO, we acquired a mature security company. These guys were trained as security people in the Israeli intelligence forces. They came in. And the first thing they told us, we don't care about developers. I said, what do you mean you don't care about developers? This is our bread and butter. And what they said is that we care about where the attacker is, where the hacker is.
And then we will reverse engineer it to get to the developer we need it and to get to different pipelines we need it, to get to a different machine if needed. And what they told us is that the only asset that you have in runtime, in production, the only asset that the attacker, that the hacker can go after is your binaries. So what's the point of having a crazy amount of quality gates protecting your source code, protecting your containers, protecting your binary repository, protecting your open source, protecting your model? You end up with so many scanners times the amount of developers you have times the amount of releases you have. You know how they end up securing the pipeline with signing an audit document saying, we did it right.
What we've built is focused on this asset that goes from the developer's hand all the way to production. When you get it not only with a security solution with a lot of different capabilities that are now point solutions, but you get it also with the repository, which is your single source of truth, then I don't see why companies will tell us we want another solution. For sure, I'm going to say something here. I hope it wouldn't sound too arrogant. For sure, five years from now, there will be no one in the crowd or on stage that will say that security can be a point solution. It just doesn't make sense. This is already checked. I'm seeing it in the market. It will take time because no security stakeholder is just switching off and on tools before they have the confidence.
No one here is coming from a security background, right? OK. So I can say that they are also paranoid. And the second thing that we will see, so no point solution, the second thing that we will see is that the CISOs of the world and the CIOs of the world will start to be one. It's already happening. It's happened in Morgan Stanley, happening in Scotiabank, happening in RBC. We see it in the banking. CISOs and CIOs becoming one. They think the same. And they want to make sure that they are secured A- Z with whatever coming, whether it's a machine that bought it or a developer. And when it comes to that, then the only asset that you have to protect in order to control your software supply chain is the binaries. And therefore, I think we bring some advantage.
Yeah. So platforms win in the long run. As a pickup on some of the points that you just made, Shlomi, you announced an Advanced Security bundle well over a year ago and now has six different distinct capabilities. I imagine we'll probably see even more over time. I guess the fundamental question coming off the last question is you may be servicing a developer, DevOps, SRE, or even a security professional. But who owns the budget? And to the extent, is the budget being owned by the head of DevOps or the head of IT? Or is it kind of CISO or security operations teams?
To the extent that it is the security operations teams and the security side of the house, where do you stand in terms of developing those relationships both with those types of purchase decision makers as well as kind of the security ecosystem, the channels, and the partners? Where do we stand in that evolution?
Yeah. So budget, I'm kind of owner. It's still the security team. But the people who spend it are the developers. It's like in our family, I'm the budget owner. But my wife spends it all. So it's the same thing. And they are bringing the security stakeholders because they know that they cannot stay vulnerable anymore. They cannot stay vulnerable. And they have to change. They have to shift gears. So we are speaking with both. We implemented a very strong enterprise go-to-market motion. We know how to speak with different personas. We know how to speak with different budget holders. But it just takes longer, takes longer. I'm sorry, the second question?
No. I mean, that was essentially the heart of it. It's like, who owns the budget? And then is there a security ecosystem that you have to plug into and invest into as well?
It's a merge. The DevOps engineers, DevSecOps engineers, and product managers, these are the main personas that we meet.
Great. Again, talking about the security strategy in this market, we talked about shifting right or shifting left. I guess my question is, how far left does the company have to shift? I mean, do we have to get to the point where, as a developer is writing code, we are in real time assessing vulnerabilities at that level? And I guess maybe you can speak to some of the product announcements you made around SAST and whether you need to go into DAST over time. But how far left do you have to be to be successful in the security vision?
So there is a huge trend in the past five years of shifting left. There is also a clear understanding that most of the budget is on the right side, the production and the runtime, right? Shifting left means the developer. Shifting right means the runtime and the production environment. But by definition, it means that there is a center. So if we are shifting left and right, it means that the binaries are at the center. JFrog Artifactory is at the center. Shifting left is getting closer to the developers in order to make sure that everything they do is fully automated from the moment they start to create binaries and to protect them. So how far left to the developer environments on, which is the IDE, the source code, and the CI/CD? How far right to the organization environment, which is runtime, observability?
That means not only with the binary distribution and management but also security for runtime and other expansion that we are looking at.
Awesome. Maybe, Ed, this could be a question for you. Or Shlomi, feel free to expand upon it. But if we take a hypothetical customer that's sort of at $100,000 in spend today looking at sort of the enterprise or enterprise-plus subscription, if they bring on advanced security and maybe you can talk about the pricing of advanced security, where does that spend go for that 100,000 customers if they're adopting all security? Is that $100,000 going to $150,000? Is it going to $1 million? I know it's early in the advanced security adoption motion. But what are some of the early proof points on the uplift to ARR?
So the security, the way that we have this priced on a per-seat basis so we align our pricing that is consistent with how we see pricing in the market, first off. But secondly, there is no company, software company today that would take security and replace what the solution that they have today. So what they would start with is a proof of concept, an introductory type of pricing. And that would be somewhere between $50,000-$60,000, somewhere in that range. So you take that $100,000 and you bump that up $50,000-$60,000 for an introductory type pricing. From there, as the developer starts to adopt and we replace point solution, then it's on a per-seat. We're working with some of the largest enterprises in the world. They've got 20,000 developers, 30,000 developers, 40,000 developers.
As that becomes widely adopted, the potential is massive for us in terms of our security.
Potentially, it's very kind of a high when we look at the addressable market of DevSecOps, we are looking at a $40 billion market. That's according to Gartner, Forrester, and IDC. When we look at the DevOps market, we are talking about $25 billion. Think about the potential of both of them, not only in terms of the potential but also the stickiness. You get to an organization and you do DevOps and security. That's the end of the story. But I think to go back to what Ed mentioned, it's important to remind the guests here in the room that what we included in our 2023 reports is still not with the material security income and input and impact.
Awesome. I've gone through 30 minutes. I haven't asked a single AI question. But now I'm going to ask a ton. So let's start with what we've seen in security thus far, right? We've seen Code Advisor, Code Copilot, right? That's addressing code generation. Shlomi, from your perspective, what is the opportunity for AI to influence, automate, make the entire pipeline better? If you could sort of break that down for us.
So the short answer is, for sure, it will impact our future. It will impact our performance, financials, and in terms of software supply chain performance. A double click on it, to be honest, I don't know how it will impact. It's too early. I don't think that anyone knows. What I hear is what I'm sharing with you is that, A, most of the CIOs that we asked and we read in the surveys one of them is your survey are saying, we will have AI in production in 2024, in production. In production means that they have to build the pipeline, build the security around it, build the testing around it, build the full flow of AI all the way to production.
The second thing that we see is that every time that you refresh your browser, you see a new solution and a new company and a new thing that comes with AI. I feel that there is too much fluff there. So we were focusing on providing our customers what they needed. And in September, JFrog was the first company that announced the native support of Hugging Face, the biggest AI repository. So AI is not just a title at JFrog. When we look at models, we look at them as packages, yet another binary. If it's a binary, it should be hosted in Artifactory, stored in Artifactory. Therefore, you need this integration with Hugging Face. Checked. You got it. And then our customers told us, and what about security?
So we added this capability to Xray to scan your models to make sure that you don't bring any malicious model, any vulnerabilities, any CVEs, or open source license that you don't want. Very basic but very practical. And therefore, we immediately saw our customers starting to use Artifactory as the single source of record for models as well, how it will impact our revenue. It's not included in our forecast. It's not included in our long term. It might be a tailwind. We might change it if we see that it requires some definition there. But currently, we are focusing on being the problem solvers and the pain solvers of our customers. And that will generate a standard by itself.
Yeah. That was going to be my next question. You sort of addressed it here. But moving into the MLOps opportunity and signing partnerships with Hugging Face, it's the same question that I asked around security. It's like, what gives JFrog the license to be part of that pretty exciting ecosystem? If maybe we can expound on that.
So MLOps and MLSecOps are all about managing your models. Managing your models equals to managing your binaries. A model is a binary. Now, a model by itself means nothing. You have to bring the data set in order to train the model. So where do you host those binaries? In Artifactory. MLSecOps means that on every quality gate, every policy gate, and every release gate, you have a checkpoint to make sure that this model is not going to the runtime environment without being blessed. It's a huge opportunity for us. And we are looking at the expansion of our platform toward the MLOps and MLSecOps because it's really reminding the days of CI/CD. So basically, you probably heard about our integration with SageMaker from AWS.
They ask us, our customers ask us, like, how can we make sure that the model that we host in Artifactory is also the model that SageMaker, the deployment tool, is taking from Artifactory and putting in production? Another announcement we made last week was with Qwak, which is an ML company. And for us, Qwak is just like Jenkins but for MLOps. So by definition, we are building the philosophy of to integrate, to fail, to provide you with the freedom of choice with, again, Artifactory at the center. And I think it's a great and it's a huge opportunity for JFrog because, as we keep saying, yet another model, yet another binary, yet another package. We see the model as a package when we look at the MLOps and MLSecOps industry.
It's a great way to frame it. Let's circle back, Ed, to the long-term model. Then we'll go to the audience. If you have any questions for the management teams, just raise your hand. We'll get the mic to you. But first, on the long-term model, so if I remember correctly, we sort of take the midpoint, roughly targeting about $800 million by 2027 with roughly 80% gross margins, 21%-23% operating margins. So as we exit 2023, going into 2024 and what you're seeing, do you feel like you're on track to hit that mid-term target model? And what would be the factors that could come online that could potentially deliver upside to the higher end of that target range?
Yeah. The way that we're tracking right now, we feel very comfortable that we have a path to get to the midpoint of $800. That's based off of what we see in terms of platform, our platform adoption, and the growth that we see in those million-plus customers and the investments that were made to track on the platform, the cloud growth, and what we've seen so far, a very promising second half of 2023, although I don't know that we're totally out of the woods. We do see commitments. We guided to mid-40s for 2024. So we see a nice trend in the cloud. Then third is going to be security. With all of these factors, we feel very comfortable in terms of what we projected in our long-term model and hitting the mid guidance of $800.
Now, to answer the question, what are some of the tailwinds that we see that could go to the upper part of our long-term model? Shlomi hit on this, MLOps and MLSecOps, which is not in our long-term model. So we don't know today what that can generate in terms of how we monetize. But we see a potential there. And that could be upside for us. Additionally, migrations. Today, migrations and what we see from self-hosted, yeah, cloud migrations from self-hosted to cloud, we're not seeing them at the same pace that we saw during 2022. And we see 2024 with a similar trend to 2023. So if those migrations from self-hosted to cloud improve, that could drive additional tailwinds for us as well.
I would just remind the forum that we released the long-term model in the first quarter of 2023, deep into the recession. So everything is a tailwind.
Yeah. From there, absolutely. If anyone has any questions, we have one in the middle.
Hey, guys. Thank you for everything. One of the things that's been coming up on my customer calls is just, and I don't know if it's just a small sample size on my end. But the pricing of the on-premises, multiple customers have kind of said, look, if I look across my DevOps stack, this is really cheap relative to my other vendors. They're big businesses. But the spend might be actually kind of small for something as core. Just, how do you guys think about that? I'm thinking about it a little bit in the context of Atlassian, whatever, massively increasing pricing and forcing people. Just would be curious to hear your philosophy there and if that's a consistent trend.
That's a comment that we hear quite often lately. It's hard to compare to Atlassian because Atlassian decided that all their customers will move to the cloud. We decided that strategically, we will keep the on-prem solution. And we will give the customer the freedom of choice. And what we see on the surveys is that by 2027, 40% of the assets of your DevOps assets will still stay on-prem. Coming to security, there is an easier adoption for security stakeholders to do it on-prem. Going to the cloud is one muscle. Now, going with security to the cloud, it's a full body. So to speak about the on-prem pricing, we are looking at it in 2021. We increased the prices, not talking about inflation kind of updates. I'm talking about price updates. And we did it in 2021. And we keep adding values now to the on-prem.
On one hand, to increase the adoption and wait for the migration to happen. And then it would be consumption-based. On the other hand, all the add-ons that we added, JFrog Advanced Security, JFrog Curation, and the rest of the products are coming with a by seat. So I assumed we would see a different motion there in terms of the net dollar retention. The last piece on that is that we are also looking at the different asset that is now managed on the on-prem and how can we price something with building the right value. Now, I saw companies that changed their model because they thought that they deserve to get more and ended up with being disrupted by a cheaper solution. I need to make sure that my on-prem portfolio is moving to the cloud. That's my top priority.
Second, that I'm not losing money because this guy here wants to be profitable. And third is that every addition of technology comes with a model that scales with the adoption and not necessarily the service.
Awesome. Well, we have to leave it there. Thank you so much, Shlomi. Thank you so much, Ed, for joining us at the conference and giving us an update. Thank you.
Thank you.