Varonis Systems, Inc. (VRNS) CEO Yaki Faitelson on Q2 2021 Results - Earnings Call Transcript

Varonis Systems, Inc. (NASDAQ:VRNS) Q2 2021 Results Conference Call August 2, 2021 4:30 PM ET

Company Participants

Jamie Arestia - VP, IR

Yaki Faitelson - CEO

Guy Melamed - CFO and COO

Conference Call Participants

Sterling Auty - JP Morgan

Matt Hedberg - RBC Capital Markets

Joe Gallo - Jefferies

Saket Kalia - Barclays

Ben Schmitt - Piper Sandler

Mike Cikos - Needham & Company

Hamza Fodderwala - Morgan Stanley

Chad Bennett - Craig-Hallum

Shaul Eyal - Cowen

Dan Ives - Wedbush Securities

Mark Schappel - Benchmark Company

Jonathan Ruykhaver - Baird

Shebly Seyrafi - FBN Securities

Erik Suppiger - JMP Securities

Roger Boyd - UBS

Andrew Smith - Berenberg Capital Markets

Operator

Greetings. Welcome to the Varonis Systems, Inc. Second Quarter 2021 Earnings Conference Call. At this time all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. [Operator Instructions] Please note, this conference is being recorded.

I will now turn the conference over to your host, Jamie Arestia, VP of Investor Relations. Thank you. You may begin.

Jamie Arestia

Thank you, operator. Good afternoon. Thank you for joining us today to review Varonis’ second quarter 2021 financial results.

With me on the call today are Yaki Faitelson, Chief Executive Officer, and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question-and-answer session.

During this call we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our third quarter and full year ending December 31, 2021. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned Forward-Looking Statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission.

We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our second quarter 2021 earnings press release which can be found at www.varonis.com, in the Investor Relations section.

Also, please note that all common stock and per share data have been retroactively adjusted for the impact of the three-for-one stock split effective March 15, 2021. Lastly, please note that an updated investor presentation, as well as a webcast of today’s call, are available on our website in the Investor Relations section.

With that, I’d like to turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Yaki Faitelson

Thanks, Jamie. Good afternoon, everyone. Thanks for joining us to discuss another strong quarter, as we continue building on the momentum from Q1 and the end of 2020. With the backdrop of the current environment, I want to focus today on two topics: First, why data protection is such a hard problem for organizations to solve, that is only becoming harder with the digital transformation; and second, why our platform and technology offer a durable competitive advantage. I will then turn the call to Guy to discuss our Q2 results and guidance.

Let’s start with the threat landscape. Simply put, companies of all sizes and industries are facing high-profile attacks on a daily basis. This is not surprising, as organizations put sensitive data in more places, and access it in more ways, making it harder to lock down data and detect threats. Hackers are taking advantage of this new environment, and with the rise of cryptocurrency, the theft of data has never been easier to monetize. Companies also face growing risks from rogue insiders and ransomware, given that the average employee has access to 17 million files on their very first day of employment, most of which aren’t relevant for them.

As we have been saying for many years, security of the perimeter and endpoint is critical but insufficient. Perimeters are hard to define, and even harder to monitor. Endpoints are interchangeable. In reality, most data is moving to centralized, sanctioned repositories, and as cybersecurity risks surge, companies are thinking more strategically about data protection, and are increasingly turning to Varonis to help protect data where it lives.

Data protection is an immensely difficult problem to solve, and in conversations with our customers and prospects, we ask three simple questions: One, do you know where your important data is stored? Two, do you know that only the right people have access to it? And three, do you know that they are using it correctly?

To keep data safe, you have to be able to answer yes to all of these questions, but most organizations that turn to us can’t answer yes to any of them. Let me drill into this a bit more. First, identifying important data takes sophistication, given the complexities of data storage. Second, to understand accessibility, most companies don’t realize just how many millions of folders, files, records and groups need to be analyzed to discern permissions, and how many functional relationships there are between them. And lastly, in terms of data usage, every system is different, many lack fidelity or granularity, and all lack important context. Without the significant enrichment that we offer, companies can’t build a baseline of normal user behavior.

Furthermore, when we show our customers that by integrating data importance, access and usage, they can finally understand and safely reduce risk in a holistic way that can’t be achieved with only one of these dimensions, the uniqueness of our solution becomes clear. For data to be secure, you need to be able to answer yes to all three questions, all the time. This is why our platform and underlying technology provide such a durable competitive advantage, and why we believe we have a 15-year head start. Data has always been our primary focus, and we start by building context around it where it’s stored, what it contains, who can access it, and from where. Automation and machine learning connect these dots to build visualizations of risk and profiles of normal usage.

When we show companies how our platform provides best-in-class threat detection while automatically fixing the damage that a single compromised user or system can do, what we refer to as “reducing the blast radius”, we become a top priority.

Our subscription offering, which aligns perfectly with customer demand for our platform, is why we say that “more is more” at Varonis. Customers buy a larger number of licenses upfront than under the perpetual model, realize greater automated value, and in turn not only renew but expand their deployments. Let me provide a few examples of some key customer wins from this quarter.

One of the country’s largest Fortune 500 insurance company and financial services provider became a Varonis customer in Q2. We were initially brought in after an internal audit uncovered the risk of fines for regulatory non-compliance, but our risk assessment also found 65% of their folders were open to all 40,000 employees, and 40% of their sensitive data was exposed. After proving that we could classify their sensitive data for multiple regulations and remediate open access issues in three weeks, they purchased 10 licenses, and we are already discussing additional DatAdvantage licenses as well as Edge to further strengthen their deployment. At the same time, we remain underpenetrated with our existing customer base, and the team had another strong quarter closing substantial expansion opportunities.

A great example of this is a North American healthcare company which was concerned with the potential leakage of patient data as they migrated to the cloud. While they have been long-time Varonis customers with a focus on protecting their on-prem data, in Q2 they purchased the entire Office 365 suite, Edge, and Automation Engine, doubling the number of licenses from 8 to 16. Building trust doesn’t happen overnight, and expansion examples like this one reflect the confidence we have instilled in our customers after helping solve their most urgent data protection problems over the last 15 years.

In summary, we founded Varonis because we recognized that enterprise capacity to create and share data far exceeded its capacity to protect it. This has never been truer than it is today. Because we have aimed to keep pace with the relentless growth and complexity of data, we believe that our platform is uniquely positioned to address the data protection challenges facing all companies, providing Varonis an enormous opportunity to capitalize on the market opportunity we see, while deepening our competitive moat.

With that, let me turn the call over to Guy. Guy?

Guy Melamed

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today.

We are once again extremely pleased with our second quarter results, as we continue to capitalize on both, the short and longer-term opportunities we see. Financial highlights in Q2 include 33% total revenue growth year-over-year, driven by strong ARR growth of 39%, to $328.2 million.

Demand for our platform continues to be driven by both new customer acquisitions, where the average new customer is now buying approximately 5 to 6 licenses, and continued expansion from our base of existing customers. As we discussed last quarter, these trends continue to dramatically increase customer lifetime value.

As of June 30, 2021, 68% of our total customers with 500 or more employees purchased four or more licenses, up from 58% a year ago and 48% two years ago. At the same time, 35% of our total customers with 500 or more employees purchased six or more licenses, up from 24% a year ago and more than double the 16% we had two years ago. The strong growth of these KPIs validates the demand to consume more of our platform, while also illustrating the continued opportunity we see to get every Varonis customer to a double-digit number of licenses, much like the customer examples Yaki just provided.

The path to this number has never been clearer than it is today, as we know that customers who land with a higher number of licenses, which is exactly what our subscription model allows for, see more value upfront through automation, leading them to consume even more of the platform with additional purchases. All of this significantly increases our customer lifetime value compared to the perpetual model.

Turning now to our second quarter results in more detail. Total revenues grew 33% to $88.4 million. Subscription revenues grew 70% to $58.1 million. Maintenance and services revenues were $30 million, as our renewal rates remain strong at over 90%.

Looking at the business geographically, we again saw strong revenue growth across North America and EMEA. In North America, revenues grew 34% to $61.6 million, or 70% of total revenues. In EMEA, revenues grew 31% to $24.5 million, or 28% of total revenues. Rest of World revenues were $2.3 million, or 3% of total revenues.

Turning back to the income statement, I’ll be discussing non-GAAP results going forward. Gross profit for the second quarter was $76.9 million, representing a gross margin of 86.9%, compared to 86.5% in the second quarter of 2020.

Operating expenses in the second quarter totaled $75.8 million. As a result, second quarter operating income was $1.1 million, or an operating margin of 1.2%. This compares to an operating loss of $4 million or an operating margin of negative 6% in the same period last year, as we continue to drive operating margin leverage.

During the quarter, we had financial expense of approximately $918,000, primarily due to interest expense on our convertible notes. Net loss for the second quarter of 2021 was $771,000, or a loss of $0.01 per basic and diluted share, compared to a net loss of $4.7 million or a loss of $0.05 per basic and diluted share for the second quarter of 2020. This is based on 106.4 million and 94.5 million basic and diluted shares outstanding for Q2 2021 and Q2 2020, respectively.

We ended Q2 with $813.7 million in cash, cash equivalents, marketable securities and short-term deposits. For the six months ended June 30, 2021, we generated $11.1 million of cash from operations, compared to negative $10.8 million in the same period last year.

We ended the second quarter with 1,870 employees, an increase of 76 net new employees from the first quarter of this year. Consistent with the demand environment, our net hiring has been strong for the last four quarters, triggered by the digital transformation which we recognized mid last year. We believe these continued investments in innovation and capacity will allow us to capture the opportunities we see in the market.

Moving to our guidance. For the third quarter of 2021, we expect total revenues of $96 million to $98 million, representing growth of 25% to 28%. We expect non-GAAP operating income of $3.5 million to $4.5 million, and non-GAAP net income per diluted share in the range of $0.01 to $0.02. This assumes 118.9 million diluted shares outstanding.

For the full year, we are raising our guidance, and now expect total revenues of $375 million to $379 million, representing growth of 28% to 29%. We now expect non-GAAP operating income of $10 million to $13 million, and non-GAAP net income per diluted share in the range of $0.03 to $0.05. This assumes 116.8 million diluted shares outstanding.

In summary, we are extremely pleased with our results this quarter. Looking at the pipeline, the demand environment, and the market increasingly coming to us, we are confident in our ability to capitalize on the opportunities we see, as reflected in our guidance.

Thanks for joining us today. And with that, we would be happy to take questions. Operator?

Question-and-Answer Session

Operator

At this time, we will be conducting a question-and-answer session. [Operator Instructions] Our first question is from Sterling Auty of JP Morgan.

Sterling Auty

Yes. Thanks. Hi, guys. So, this is the second straight quarter that ARR growth was just over 39%. And I think we talked about in the beginning of the year that ARR growth and revenue growth should normalize for the full year. But, I guess, what I’m asking is, looking at the back half of the year, it would indicate a pretty significant slowdown in ARR growth to get down to where you’re guiding revenue growth. So, what is it that you’re factoring into the guidance for that slowdown? Because it seems like there’s a lot of momentum with government deals, commercial deals and even international.

Guy Melamed

So, first of all, we’re really pleased with our Q2 results. I think, the contribution and the strong momentum we’re seeing in the last couple of quarters, combined with the pipeline we see and really the market coming to us, gave us the confidence to raise full year guidance by approximately $10 million. But, the guidance philosophy really hasn’t changed. We want to continue to guide in a responsible way. At the same time, we feel very good about the second part of the year. And we’re very excited for what we have ahead. So, I think we feel very confident about the second part.

Operator

Our next question is from Matt Hedberg of RBC Capital Markets.

Matt Hedberg

Hey, guys. Thanks for taking my question. And congrats really on a very strong quarter here. Yaki, I’m wondering you didn’t talk about it, I don’t think, in your prepared remarks, but I’m wondering if you could talk about the integration status on Polyrize. And remind us how you expect to monetize that as really you wire up additional cloud data stores.

Yaki Faitelson

Matt, it’s still early stages, but we’re really hitting all the internal milestones, and we are extremely happy with the initial interest. Without a doubt, the initial interest is by far exceeding all our expectations, regarding actually all the platforms that they support. We’ve grown the team significantly. We put massive investment in this part of the business. Our most senior executive in technology side, David Bass, our CTO and Head of Engineering, he is personally responsible and it was just an organic part of our roadmap. We just saw that it’s a very interesting dynamic to understand regarding the market, which you saw that the data keep exploring on-prem. But, a lot of these sanctioned repositors, what we call, a lot of applications going to the cloud, and in the cloud, what you see is a lot of the data protection that you see with file system. Obviously, we have just huge success with Office 365. And you see the same with Box, with Google. You have obviously Okta, Zoom, Salesforce is huge, AWS, just big, big, big challenges.

And this is a big blind spot for the system. If you think about it, this is where the critical data is. And these three use cases are big there. It’s very hard to make sure that the right people can access the right data, virtually impossible to understand what people are touching to do forensics, to get to root cause and to understand what is critical, and also these applications are interconnected and you see a lot of lateral movement.

So, this year, we don’t think that we will have a material revenue contribution, but we think that it will be big, both in prospects and customers. And it’s a SaaS solutions. It’s in the cloud. But, we believe that it’s increasing drastically the total available market and our ability to sell licenses to customers.

One thing we see in Varonis that more is more. You sell more licenses, you get more automated value, then customers are buying more, and we definitely see a clear path to get to higher double-digit licenses within our customer base. So, we are very excited about the opportunity. And definitely, it’s shortened the time to market in organic part of our roadmap.

Operator

Our next question is from Brent Thill of Jefferies.

Joe Gallo

He, guys. You have Joe on for Brent. I really appreciate the question. Just kind of want to follow up with Sterling’s question and ask it a different way. But, how should we think about incremental ARR seasonality as we move throughout the year? Any reason it would be less pronounced versus last year? I know 2Q was relatively similar to 1Q in terms of incremental ARR at it.

Guy Melamed

So, there’s two parts to that question, and I’ll try and address it from the two angles. In terms of seasonality of the business, not so much the ARR, I’ll touch on that in a second. The seasonality of the business is very much the same where Q1 is the lowest quarter, Q4 has historically been our largest quarter in dollar terms.

I think, when you look at the ARR and the revenue, apart from the fact that ARR grew 39%, the revenue grew 33%, which we’re very happy with, when we talked about kind of those metrics converging, I think you need to look at that on the recurring revenue component, really on a 12-month trailing basis, and the revenue recurring component is the subscription and the maintenance. And when you kind of look at those two, they’re very much closer. And I think when we look at the second part of the year, we have very strong momentum. We have a very strong pipeline, and we feel very confident going into the second part of the year.

Operator

Our next question is from Saket Kalia of Barclays.

Saket Kalia

Maybe this is something for both of you to tag team. But, Yaki, Guy, I was wondering if you could just kind of talk a little bit about -- more about the increasing number of licenses per customer, right? It feels like that’s been a theme for several quarters now. Why do you think that’s happening? And maybe as part of that, specifically for you, Guy, how do you think about that sort of increasing licenses per customer vis-à-vis a metric like net revenue retention? Sorry, there’s a lot there. But, does that make sense?

Yaki Faitelson

Yes. So, thanks for the question. So, I think in terms of just number of licenses, it is very interesting what is happening. So obviously, because of COVID, you see this explosion in everybody works from home and you have this many laptops. But what happened is that you can define a perimeter anymore. You still have data on-prem, people accessing and it’s growing. This is very important to understand. And just tremendous adoption of Office 365 and other SaaS applications that they are really geared towards collaboration, that creates a massive security challenge.

And what happens also is the sanction data repository is that you’re starting to have less and less data on the endpoint. And everything is much more like your phone and everything connected to the central repositors. So, if you really want to protect your digital assets and protect it in the most efficient way, you need to go from first protect the digital assets and then go obviously to the network, and active directory and then to the endpoint itself. This is the most viable way to protect your data. And this is something that’s slowly but surely in the last two years, organizations understand more and more.

So, the one thing that is really driving it that you want more coverage, you want to make sure that you’re protecting 365, and you want to make sure that you’re on Azure AD. And then you have all the virtual machine there, Windows and Unix and all of these good stuff, you must make sure that it’s protected. So, this is one thing that is happening.

The other thing that’s happening is automation. You want to classify the data automatically. You want to make sure that you’re doing automated remediation, which is very important. And also you need a lot of enrichment. So, if something is happening, you have an alert, you really want to understand immediately what happened and get to the root cause. And these are the three things that we’re definitely doing very well.

And the other thing that happens is that we see, like 365, that’s really exploring for us, Saket, we also see it with other SaaS applications from obviously, Slack and Salesforce to GitHub, Box and the Google and stuff like Okta and Zoom, you have a lot of data, a lot of collaboration and tremendous amount of risks. And a lot of the SaaS application, you have the data protection problem, you have the insider threat problems and APT problems and also configuration problem. You can do just one mistake, because it’s so much geared towards collaboration and you open the system to the public internet, and this is why everything that’s going with data advantage cloud, based on the Polyrize acquisition, it’s just -- we believe that this is something that can be big and maybe even bigger than everything that’s related to 365.

So, I think what is happening, again, gradually is that if you want to protect your data, you need a solution like Varonis. And because of the fact that we have such a moat and it’s just almost uncontested, you need to get to us. So, this is what happens. And we see it in the reliable way that we can close deals and people with time are just buying more and more, really a standardization play.

Guy Melamed

And just from -- to add on that from a numbers perspective, I think the KPI that we provide on customers with 500 employees or more that have four or more licenses and six or more licenses, the growth there is really, really strong, going from 58% to 68% and going from 24% on the six or more to 35%, is a great indication that we’re selling the platform.

We also talked about the fact that new customers are buying in their first initial purchase between five to six licenses, and that’s approximately double the amount that they purchased under the perpetual model. And when you kind of combine these things together, when we announced the transition, we were hoping for a three-year breakeven, based on the price list. And when we look at kind of the behavior of those new customers, when we’re selling kind of that double number of licenses to new customers, we’re able to reduce the time to break even significantly. So, that’s very encouraging. But, on top of that, the fact that they’re consuming more of the licenses is actually providing them more value. And then later on, they come back and buy even more. So, all of that is kind of working for us very, very well.

Operator

Our next question is from Rob Owens of Piper Sandler.

Ben Schmitt

Hi, guys. Ben Schmitt on for Rob. Thanks for taking my question. Wondering if you can talk a bit about the contract value boost that we should expect from adoption of the new DatAdvantage Cloud licenses? And related to that, as we think about more data moving to the cloud, can you just talk about how much of your business do you think these cloud data stores could become?

Yaki Faitelson

It’s still early stages, and everything is very initial. But, we believe that now we just see traction, but this is -- it’s very preliminary. We see traction around all the repositories that we are covering. And just -- what we see that is also interesting, but the data is just going on-prem. And in the cloud, more SaaS applications going to the cloud, and you have a lot of them. But, several that are core usually are interconnected. And these are the ones. You don’t need to cover everything that you need to cover. So, we just believe that this footprint, which time will increase within our customer base, and we can get more of these customers. But, we still need to see how we sell it, how customers will buy. These are initial states. But everything we see now is very, very encouraging

Operator

Our next question is from Mike Cikos of Needham & Company.

Mike Cikos

I did want to ask about, I guess, in the final comments for the prepared remarks, there was a comment around pipeline and your ability to execute and capitalize on this. And I did just want to frame it. So, my understanding here is that if you have a new customer coming on and taking more of the solutions upfront, we’re talking about 5 to 6 of these different licenses, so the offering itself is more consumable today. They realize value that much quicker and then they’re coming back and growing. And alongside that dynamic, you guys are also taking the time to make sure you’re investing both in your platform as well as in your sales and marketing and go-to-market motion. Are all these different factors playing into the strong pipeline that you guys are talking to? And maybe the other additional point, could you help us better understand the strength of that pipeline? How are customers going through their sales cycles quicker as a result of this as well? Anything there would be incremental. Thank you.

Yaki Faitelson

Thanks. So, what we see primarily, just the quality of the pipeline because of the offering and the market conditions. So, we just have overall better coverage. Enterprise sales always take time, but we just see that -- in a much more predictable way, we can go up market, this customer 1,000 to 50,000 users and lend the large deals. And once we sell to a customer enough licenses upfront, usually we can sell them more and more with time, because I think that there is this gradual realization that you need to protect your data where it lives. This is where it’s vulnerable, and this is how we are doing it with Varonis. And also that data protection and threat detection and response and compliance and privacy really stemming from the same problem and you need the same platform. And this is what we see. It is better quality of pipeline.

We definitely see that CISOs and even much more Board and the management team, just looking at the digital assets and saying how we are going to protect it. And once you do it and we are there, we can run with a high level of confidence, the sales campaign that we know how it will end. And usually, we also have a very good visibility to the overall customer lifetime value. In terms of just the quality of both of these matrix, the quality of most of these matrix really increased drastically.

Guy Melamed

And just to add some color on that from a numbers perspective. When we look at kind of the comparison between the perpetual model and the subscription model, and we talked about kind of that three-year breakeven, probably easier, if I give some sort of a simple example just to kind of break down how we’re enjoying that higher customer lifetime value.

If you take a customer that bought, let’s say, $120,000 perpetual deal with a 20% maintenance on that deal, you would get 20k in year two and year three, which would kind of add up to $160,000, overall dollars from that customer over a three-year period. And we priced subscription is 45% of that first initial purchase. So, let’s say, $54,000, which gives you that three-year breakeven. But, because we’ve sold double the number of licenses to that new customer and the discounts have really stayed firm, you’re able to sell, let’s say, roughly around 100k in that year one. But now instead of getting $20,000, which is that maintenance of perpetual, we’re getting the same revenue stream. And we have the ability to expand because we’re providing more value to that customer. So, that’s really the beauty of the model and why this model is so powerful and allows us to have that breakeven period significantly less than three years.

Operator

Our next question is from Hamza Fodderwala of Morgan Stanley.

Hamza Fodderwala

I just wanted to maybe get a little bit more color on the pipeline as it relates to federal heading in Q3 in particular. Just an update on -- can you give us any sort of rough sense of how much of your sales are coming from that vertical and how that pipeline has been coming together after some recent product announcements and some go-to-market initiatives there?

Yaki Faitelson

We are entering the quarter with a good pipeline. We have a great team in place, and we’re positioned to do very well. Obviously, this is the quarter for -- this is the quarter that federal is doing a lot of its business. And again, we’re positioned to do very well. And obviously, we are going to update on the November call.

Guy Melamed

And the federal has been roughly mid-single digits out of total revenue. We have a great team, like Yaki said, and we believe that that percentage can be higher. But it’s still to date has been in that range. I know other companies had a much larger component of their business coming from federal, and we believe we can continue to expand there.

Operator

Our next question is from Chad Bennett of Craig-Hallum.

Chad Bennett

Great. Thanks for taking my question. Nice job on the quarter again. So, just maybe now that we’re maybe in our second yearish of kind of scale, net expansion in the business, maybe I’m cutting you short, but just -- are we at a point just because you’re seeing so rapid license expansion, whether it’s upfront or just on cross-sell, upsell, are we to the point where we might be seeing kind of co-terming or early renewals that may either, good or bad, impact kind of billings for a quarter positively or negatively, or is that not a real issue at this point in the model transition?

Guy Melamed

So, we don’t really provide any color on the billing. And I wouldn’t say that we’ve experienced any changes that are related to billings being pulled into the quarter. I will say that every renewal is an opportunity to upsell, but we are seeing many customers that aren’t even waiting for that renewal period and are expanding and therefore, co-terming their deal and extending that, and that’s been very positive for us. But we see that continuing, because the more licenses we sell, as we said before, the more value the customer is benefiting. And the more automation they’re getting with the product, the happier they are and therefore, they’re coming back and buying more.

Operator

Our next question is from Shaul Eyal of Cowen.

Shaul Eyal

Thank you. Hi. Good afternoon, guys. Good job. Yaki, I wonder, you gave an example of a Fortune 500 company in your prepared remarks. And, is some of that acceleration has to do with you guys going higher within the enterprise? And even the enterprise could be categorized into, let’s say, a couple of buckets, employees, with 5,000, 10,000 and above. But, does it have something to do with that as well, the nice acceleration that we’re seeing? I know you’ve indicated that enterprise sales are a little longer. That’s understood. We all get that. But, could it be that this acceleration is also hinged on that?

Yaki Faitelson

Definitely going upmarket, we always sold to large accounts, but now they understand very well what we do, they use the product. So, we definitely go there and can reliably go there and know that many times in a predictable way, we are winning the business. But also, customers with 2,000, 3,000, 5,000 users just buying more and more. So, the most important trend that we see is once you have licenses, you’re just buying more and you get this automated value. So, just the overall customer lifetime value is increasing, and we just see an expansion of the platform of the use cases. So, it’s just a bit of everything.

Operator

Our next question is from Dan Ives of Wedbush Securities.

Dan Ives

Can you just geographically just talk about U.S. versus Europe in terms of penetration, different trends that you’re seeing there, especially when it comes to expansion of license deals?

Yaki Faitelson

Obviously, the U.S. is a much bigger business for us. But, the overall trend we see, the overall trend is the same. If you have critical data, someone wants to steal it. And as a data-driven enterprise, your capacity to create and share information really far exceeded your capacity to protect it. And this is something that everyone understands. So, just in terms of the opportunity, we definitely see that we can get to double-digit licenses within the customer base, all the platforms that we cover is where they run the business and it’s very important that if you want to protect your data, you need Varonis. And this is just a gradual process that is happening in the last few years and works very well for us, but it’s just happening worldwide.

Operator

Our next question is from Mark Schappel of Benchmark Company.

Mark Schappel

Nice job in the quarter. Yaki, I realize that data protection cuts across all industries, but are you seeing certain verticals accelerate adoption of data production more so than others over, say, the last couple of quarters?

Yaki Faitelson

It stays fairly the same. We also see that other verticals that may be harder to close large deals are really starting to participate. We just saw a digital transformation that has a lot of benefits, but can have a lot of diminishing returns if the data is not protected. So, we just see this. Everything that is happening is gradual. It’s a gradual process, really pushing the organizations to think about how they need to protect their data. Then you really need a trust foundation in order to function as an organization with critical data, intellectual property, customer data, business partners, data, employee data, and this is something that Varonis enables organizations. And we just see -- we see it across all verticals. And just across verticals, we just see that gradually, it’s becoming a top priority.

Operator

Our next question is from Jonathan Ruykhaver of Baird.

Jonathan Ruykhaver

So ransomware has been a rising threat vector for several years, and we know it’s a clear use case for Varonis. So, I’m wondering if you can just talk about that use case in light of the increasing number of vendors that have capabilities to protect against ramp somewhere, including EDR vendors, XDR and SIM vendors. Just what are the competing technologies do you see the most? And how does Varonis perform relative to those different approaches?

Yaki Faitelson

Yes. Thanks for the question. So, ransomware is a form of malware that comes in and encrypting your data. You try to sometimes encrypt the data on the local disk, but with time, you see less and less data on local disk and then it’s going to the share repository. And where these files reside on file shares, on file servers and NAS devices, and also on a collaboration platforms, like a 365, SharePoint and OneDrive. So, the way that it works, if you are able to bypass the endpoint, which that it works, if you are able to bypass the endpoint, which is not such a hard task because of you can bypass the EDR or you have a machine that is not patched or machine open to the internet, or just some VDI that you can put an endpoint. There are a million ways to a million ways to get in, then the problem that we have is the blast radius.

So, as we said, in most organizations that don’t have Varonis, sometimes 90% of the files that the random employee can access is not relevant for them. And this is what they need. They don’t need to do anything just anything special. They just need to take the permissions that you have to encrypt a massive amount of data.

So once they bypass the perimeter, we’re really the only game in town. Nothing else will help you. So, we sit on this data repository and any abnormal behavior, see what is going on. So, what we are doing immediately, we’re detecting, we can stop the overall encryption. And then, we can tell you what critical data you need to restore and also with our edge product, we can help with the infiltration and exfiltration of data because you see they take the data out and then they’re starting to threaten you that they are going to release it and usually releasing it in piecemeal. This is how it works.

So, there is the outer layer, which is, you have so many endpoints and so many places that you need to protect. One misstep and they are in. And then, you have the data itself. So, we are taking the data that they will want to encrypt, and want to steal, and this is what we are protecting. So, this is something that organizations understand, and we definitely see that we are a top priority for this ransomware.

The other thing also to understand the way that markets working. Sometimes you see some kind of an attack, and then there is a lot of noise and everybody says, we can protect and you see this emergency spending. But with time, when the dust is really settling and organizations are doing this deep thinking of what I need to do in order to be protected, where is the biggest bank formula. What is the biggest return on investment, they usually come to us, and this is something that we saw -- if you saw that really the market evolved in the last four years, every time something like that happened. In the short term, we benefit but sometimes less than other companies. But over time, we benefit much more. We benefit from this. We benefit from stuff like GDPR and HIPAA and all the other regulations.

So, this is definitely a trend that we see that something external is happening, all the market is alert there is the immediate reaction, but then there is just the ongoing reaction and this ongoing thoughtful reaction. This is something that we believe is benefiting us in a big way and elevating us in the priority and really with time putting us in the place that no, it’s Varonis first. I want to protect my data, I need Varonis. Because when everything is said and done, if you look at most of the security solutions out there, they are -- in order to protect data, you have all these vectors in order to protect data. So, we’re just starting to -- in the last four years, we see this realization, let’s start from the data itself. Let’s make sure that my data is protected. And as we are as -- organizations using more and more repositories, they need the same protection on this data repository.

So, this is really what we see. And definitely, we believe that everything that happened with ransomware is accelerating the understanding that you need Varonis. And we also see that we have tremendous value in terms of ransomware protection to our customers that pays the licenses that’s related to ransomware protection.

Operator

Our next question is from Shebly Seyrafi of FBN Securities.

Shebly Seyrafi

So, I want to drill down on the gross margin line. It keeps increasing on a year-to-year basis. How much of that is because more and more customers are buying more and more licenses? And what are some of the other factors impacting the increase in gross margin? And also, related to this, last year, you finished with the gross margin, you’re 89%. Do you expect a similar kind of pattern this year as well?

Guy Melamed

So, the margin expansion is obviously -- it’s benefiting from strong renewals, and the fact that selling to existing customers is "cheaper". So, we’ve talked a lot about the fact that we’re committed to kind of year-over-year margin expansion. And you can see that in the years prior to that transition. We’re very happy with the margin expansion as we sit here today, kind of the 450 basis points expansion. But at the same time, we want to continue to focus on the opportunity we have ahead, and that’s why we’re making the necessary investments, but still bringing some of it to the bottom line. So, I think we’ve done a very good job of balancing growth and profitability. And we expect to continue to show margin improvements in the second part of the year and in the years ahead.

Operator

Our next question is from Erik Suppiger of JMP Securities.

Erik Suppiger

Yes. Thanks for taking the question and congrats on a good quarter. First off, just on the point of ransomware, can you give us a sense for how much of a topic of discussion that is for your new accounts? Is that literally every account coming at it? Are they looking at Varonis as a tool for protecting against that, or how critical of a selling point is that? And then, I’ve got a follow-up question.

Yaki Faitelson

Ransomware is like a commercial for Varonis. Think about what it does. It’s coming in, bypassing the endpoint, then exposing the excessive access control. And without you knowing it, sometimes encrypting millions of files and just stealing them, taking them out of the organization. So, you understand that -- customers understand that they can easily bypass the perimeter, then they can go in, and you have this, what we call, the blast radius, there is so much excessive access control and lack of alerting and auditing, and they can trip your data and then steal it.

So, I will not say that it’s ransomware per se, but what ransomware does is really show you the problem. I need to protect my data, I need to protect it -- where it lives. I need to be able to alert on any abnormal behavior, then understand completely what happened, get to the root cause and do very effective forensics and get to the time to resolution very fast. I need a lot of automation. So, I need automatically making sure the right people can access the right data. I need to make sure I’m on all the platforms, then understand what happened and from where. And this is something that we are doing extremely well. So ransomware is just -- it’s another APT. You also need to understand the ransomware is just one kind of malware. A lot of these malwares are coming in a very stealthy way, and you don’t see them.

So, I think what happens is that also organizations understand that this is something that can happen. So, it’s just -- it’s another -- just another event that organizations understand that it’s happening.

Also, I think what folks are -- that enterprises understand is the level of sophistication. There are many drivers, but a lot of it is just also cryptocurrency, many things that are happening is because of incentives. So, cryptocurrency is very prevalent now and it lets you monetize cyber crime easily. A lot of state actors, level of cyber crime is really spilling into the commercial space. And if you have critical data, someone wants it. And you also have cyber insurance, and many times, they are getting paid easier there than in -- than a few years ago.

So, there are just a lot of stuffs that are really happening that folks understand that if you have critical data, someone wants it. There are many ways to get in, and you need something like Varonis. And again, it’s part of this gradual process that organizations understand that they need it. And we believe that eventually it will be inevitable, if you want to protect your data, you need a platform like Varonis.

Operator

Our next question is from Roger Boyd of UBS.

Roger Boyd

Terrific. Thanks for taking my question. Congrats on a nice quarter. I guess, I’m curious, you spent the last couple of years starting to focus more on the larger enterprise. And I’m wondering with introduction of Polyrize, and that being a SaaS-delivered solution, does that change the opportunity you see with maybe the mid-market or SMB, or is the focus still on the high end of the enterprise for the time being?

Yaki Faitelson

We talk -- when we talk about the high end, we talk 1,000-plus. So, it’s not that we are telling 20,000 and above -- 1,000 plus, which is a massive market. But yes, we can sell Varonis. Anybody that files, emails and has critical business data with some kind of collaboration and sharing, they need Varonis. But, we just want to make sure that we can really scale in the most efficient way. And what we are doing is moving the needle. We have extremely good inside sales teams that are doing very well for us. They’re critical for us. But by and large, and we are talking about the lion share of the revenues, we are going to the enterprises. And this is really the overall sales motion. But, we can sell to everyone. And we are extending the inside sales team, they are very important for us and doing an amazing job, and we are adding a lot of value to smaller organizations.

Operator

Our final question is from Andrew Smith of Berenberg Capital Markets. Please state your question.

Andrew Smith

Hi, guys. Just understanding that it’s very, very recent, was there any benefit at all to ARR from DatAdvantage Cloud this quarter? Thanks.

Yaki Faitelson

No. This is early stages. And we also think that this year they will not have a material contribution. But usually, before we sell for a product, we know. We see the interest, we see it how works, we install it in Varonis, we understand how the marketing efforts are working, and we also see the exposure within the customer when you install it on Google and install it on Box and Salesforce and Slack. We just see the tremendous exposure and the dangers from the lateral movement. And we believe, we strongly believe that it’s the biggest blind spot systems have today. I just think that there is so much -- so much damage that when you see these breaches that organizations are experiencing and they even don’t know.

So, we strongly believe that there is tremendous opportunity there. And what we have done with 365, we can do with these SaaS applications. And we also think that with time, we will have more and more critical data with the SaaS application, and they will be interconnected. And we are very excited about what we can do with SaaS and we also think that our moat, technological moat, these functional relationships between users, data, permissions, content is very relevant there, and the data on-prem is not going anywhere. And we can really be the trust foundation of this digital transformation and just make sure that organizations can realize all the tremendous productivity benefits without the downside of data breaches, stealing data, insider threat, compliance problems, and so on.

Guy Melamed

And just to add from an ARR perspective, like Yaki said, there was no contribution coming from DA Cloud, but the fact that ARR grew 39%, and when you look at kind of Q1 and Q2, both of them grew 39%, but we see Q2 ARR is a much stronger, 39%.That’s really due to the fact that Q1 ARR growth was against the weaker comp. And if you remember, we had kind of a shelter-in-place in the last two weeks of Q1 2020, and that had an impact on our results. So, this quarter, ARR as a whole is really a strong indication of the demand environment, and the execution we had this quarter.

Operator

We have reached the end of the question-and-answer session. I will now turn the call back over to Jamie Arestia for closing remarks.

Jamie Arestia

So, thank you everyone for joining the call today and for your interest. And please don’t hesitate to reach out with questions, and we look forward to speaking with you this quarter. Have a good night.

Operator

This concludes today’s conference. You may disconnect your lines at this time. Thank you for your participation and have a great day.