If there's one certainty in business, it's that anytime
someone comes up with a new way of doing things, someone else
will come up with a new way to rip it off.
Cloud computing is no different. While the cloud has changed
the way users can access, share and store data over the Internet,
it also has opened up new avenues for hackers and other
cybercriminals to ply their trade.
Such risks, in turn, have boosted the need for precautions,
opening up new opportunities for companies that make security and
compliance applications geared to cloud computing
), one such company, has seen demand rise for its solutions as
more IT departments seek protection from security breaches that
can happen via the cloud.
Broadly, Qualys provides cloud security and compliance
solutions designed to help customers identify security risks to
their IT infrastructures and protect their systems from
The firm's QualysGuard Cloud Platform is an integrated suite
of solutions that includes vulnerability management, Web
application scanning and malware detection as well as policy
compliance and payment card industry (
) compliance features.
Its product lineup also includes Qualys Secure Seal, which
lets businesses scan their websites for malware, find network or
Web application vulnerabilities and validate the integrity of SSL
certificates, which are a key part of secure browsing.
Qualys' revenue has more than doubled in the past five years
as rising use of cloud applications has driven greater demand for
security products and solutions.
"With the shift to cloud, enterprises are increasingly in need
of solutions that can identity and prioritize threats," Rob
Owens, an analyst at Pacific Crest Securities, noted following
Qualys' third-quarter earnings report last week. "Qualys is
well-positioned to capitalize on these secular trends within
compliance and application security."
Insights On Risk
The lion's share of Qualys' business comes from subscriptions
to its vulnerability management solution. Organizations use it to
manage their security with centralized reports, threat remedies
and a remediation workflow. The reports let customers identify
the severity of their security issues, find out how long it will
take to fix them, and understand how they can impact
Qualys has ample room to grow its vulnerability management
business, Owens says. He notes that "only 20% to 25% of existing
customers are fully deployed on (vulnerability management) across
their entire infrastructure and 75% own just one Qualys
Meanwhile, Qualys has also taken steps to diversify its
On a third-quarter conference call with analysts, Qualys CEO
Philippe Courtot indicated that 84% of the company's revenue
through the first three quarters of 2013 came from its
vulnerability management solutions. While that's still a pretty
big percentage, it is down from 87% the previous year.
"We continue to make meaningful progress diversifying our
revenue base ... due to increased sales of our Web application
scanning and policy compliance solutions, both of which continue
to show strong growth," Courtot said.
With Qualys' Web application scanning tool, clients can test
their apps without having to install or maintain software. They
can test apps anywhere, including via internal networks or in
Qualys' policy compliance solutions are designed to let IT
security and compliance professionals define policies describing
how an organization will provide security and integrity. The
solutions also provide documented evidence that compliance lapses
have been discovered and fixed.
These and other tools serve a wide variety of different
companies and industries.
Big Companies Are Clients
During the third quarter alone, Qualys added new accounts from
Fortune 500 firmsAmerican International Group (
),Barnes & Noble (BKS) andMcGraw-Hill (MHFI), and public
entities such as the city of Glendale, Calif., the University of
Connecticut Health Center and the University of Cincinnati.
Once clients are on board, they tend to stick around. Analyst
Owens says that Qualys has "very stable" recurring revenue.
"Security and compliance spending continue to be a priority
with CIOs, and the company's products are well suited to address
the massive shifts taking place in IT environments," Owens said
in a research note.
Among the solutions Qualys is working on now is an advanced
malware protection service that will be built on its cloud
platform. This service is designed to give customers protection
against malware in extracted documents from inbound network
traffic. Qualys expects the service to be released for beta
testing in the second quarter of 2014.
The combination of recurring revenue and new products has
helped Qualys deliver quarter after quarter of double-digit
On Nov. 4, it reported third-quarter revenue of $27.8 million.
That was up 19% from a year earlier and slightly ahead of
estimates. Earnings fell 20% to 8 cents a share, topping views
for 5 cents.
The EPS decline needs context: Qualys had its initial public
offering in September 2012, so its Q3 results this year were
being compared to its final quarter as a private company. The
share count was much lower then, which is why the per-share
earnings were lower this time even though the company's net
income rose 9% .
Qualys stock, up 42% this year through Wednesday, touched a
high of 23.21 in September. It currently trades near 21.
Analysts are bullish about Qualys' growth prospects. They
expect full-year earnings to rise 45% in 2014 and 31% in
"We remain upbeat on the company's opportunity as a leading
provider of cloud-based security and compliance solutions as
additional solutions are increasingly adopted by the installed
base," RBC Capital Markets analyst Robert Breza noted.