Our products help organizations manage their networks and computing resources to provide a secure and productive computing environment. We provide Web filtering and Web security software products that enable organizations to protect employees and confidential information from external Web-based attacks, such as spyware and phishing, as well as analyze, report and manage how employees use computing resources and the Internet. In January 2007, we acquired PortAuthority Technologies, Inc. (PortAuthority), our technology development partner for information leak prevention solutions. As a result, in addition to our Web filtering and Web security software products, we offer software that helps prevent the loss of confidential information from internal threats, such as ineffective business process controls, employee error and malfeasance.
Since we released our first software product in 1996, our products have evolved from preventing access to unacceptable Internet content to products that proactively manage employees use of computing resources and the Internet to maximize productivity and prevent access to the most undesirable and dangerous elements on the Web, such as Web sites that contain or will download viruses, spyware, keyloggers, phishing exploits and an ever-increasing variety of malicious code.
At the foundation of our Web filtering and Web security product offering is the Websense Enterprise® software application, which serves as a management and reporting platform for our Web filtering and related add-on Web security products. Websense Enterprise gives organizations the ability to enhance network security, improve employee productivity, mitigate potential legal liability and conserve network bandwidth by allowing organizations to identify potential risk areas and implement and automate
Web access and application usage policies that reduce these risks. When combined with our Web security products that utilize our ThreatSeeker™ technology including Security Filtering, Remote Filtering and Client Policy Manager™, Websense Enterprise allows organizations to further enhance network and content security by blocking access to malicious Web sites and by preventing the transmission of data to known spyware destination sites. To simplify the purchase process for our value-added resellers and customers, we have created a suite of Websense Enterprise and our most popular add-on security products and services, known as the Websense® Web Security Suite™.
Our Web filtering and Web security software operates in conjunction with our proprietary databases which encompass:
· Approximately 20 million Web site universal resource locators (URLs) organized into more than 90 categories, including specific categories for sites containing spyware, viruses and other malware, and phishing destination sites.
· More than two million software applications and executable files classified in 50 categories such as productivity applications and games, including an ever-increasing database of malicious code, spyware, hacking tools and viruses.
· Commonly used network and Internet protocols, such as http, instant messaging protocols and peer-to-peer protocols.
Our databases are updated continuously each business day using a proprietary process of automated content assessment and classification, with manual verification. In 2005, we increased the resources focused on identifying and classifying adware, spyware, keylogging and other malicious code located on Internet sites and created Websense Security Labs™. Researchers in the Websense Security Labs use our patent-pending ThreatSeeker technology to scan nearly 600 million Web sites each week to identify and investigate advanced Internet threats in order to deliver timely product and information updates to the security community and Websense customers.Subscribers to our Web security add-on products and the Websense Web Security Suite receive updates of the security risk categories of the URL and application databases in real time as new malicious or high-risk URLs and executable files are identified and categorized.
We have been developing Web content filtering and security solutions to protect Internet users from receiving and accessing unwanted or illegal content on their mobile phones and personal digital assistants (PDAs). We have engaged in discussions regarding mobile filtering solutions with several third parties, and we expect to close our first transaction for the mobile filtering and security products in 2007.
In January 2007, we acquired PortAuthority and in February 2007, we introduced our first information leak prevention (ILP) solution, the Websense Content Protection Suite™, based on products received through the acquisition of PortAuthority, including the patented and patent-pending Precise ID™ digital fingerprinting technology. The Content Protection Suite consists of the Websense Content Auditor™, a software-based monitoring and reporting solution that identifies and categorizes different types of data whether it is data-in-motion or data-at-rest, and the Content Enforcer™, a software-based policy engine that automates pre-set policies regarding the use and distribution of different types of data and information.
We expect that we will continue to derive the majority of our revenue from Websense Enterprise-based products for several years. The markets for information leak prevention solutions and Web filtering on mobile handsets are still in the early phases of development, and therefore will only comprise a small percentage of our revenues in 2007.
We operate in one industry segment, as defined by generally accepted accounting principles.
Our business commenced operations in 1994 as NetPartners Internet Solutions, a reseller of computer security products. In 1999, we changed our name to Websense, Inc. to reflect the shift in our business focus to a developer of Web filtering solutions. Our principal offices are located at 10240 Sorrento Valley Road, San Diego, California 92121.
Industry Background
As part of their overall business strategies, many organizations use the Internet to enable critical business applications that are accessed over their corporate networks. Many employees also use their organization’s computing resources for recreational “Web surfing,” peer-to-peer file sharing, downloading of high-bandwidth content, instant messaging and other personal matters. However, unmanaged use of corporate computing resources, including Internet access, can result in increased risk and cost to the organization, including increased security risks, lost employee productivity, increased network bandwidth consumption, and potential legal liability. In recent years, the same activities that made employees efficient and productive—doing research over the Internet, sharing files and sending instant messages and emails to customers and co-workers—have also made IT infrastructures and valuable corporate data vulnerable to external threats such as mobile malicious code, spyware, viruses, Trojan horses and phishing and pharming exploits.
Additionally, as organizations create collaborative networks with their customers, suppliers, technology partners and other stakeholders, they increase the amount of confidential and sensitive data that travels across these networks. Securing this data from internal threats, such as inadequate business process controls, employee error and malfeasance and undetected malicious code, has become a top priority for information technology executives.
Traditionally, organizations have sought to protect against external security risks with a combination of firewalls, intrusion detection/prevention software and anti-virus software. With the growth in spyware, key logging applications, and phishing sites, and the proliferation of blended attacks on computing networks, combined with the rapid increase in employee use of instant messaging and peer-to-peer file sharing, organizations are finding that existing security measures leave significant time and technology gaps in their protection. Firewalls can provide protection against external threats such as hacking, but do little to prevent employees from hacking into their own organization’s data from inside the corporate firewall. Anti-virus software provides protection from e-mail borne viruses, but does not prevent the possible theft or corruption of corporate data by spyware, and offers only limited protection against viruses that proliferate via peer-to-peer networks and instant messaging. Existing anti-virus and anti-spyware software also requires time for the vendor to identify and reverse engineer the new virus or spyware application before they can be remediated and removed from infected systems. According to a 2006 FBI study, approximately 65 percent of organizations that deploy these traditional security measures still have their networks or data compromised by viruses and other malicious attacks.
Technology efforts to protect against internal threats to confidential data have been even less effective than security solutions for external threats. While organizations have had some success protecting against employee malfeasance and malicious code attacks, there have been fewer technology solutions to protect against inadvertent or deliberate outbound disclosure of an organization’s confidential information. Recent changes in the regulatory environment, designed to protect individual privacy, have also created specific requirements for regulated industries such as banks and credit unions to implement data security measures.
Given the necessity of corporate Internet access and the continuing worldwide adoption of the Web as a mass communication, entertainment, information and commerce medium, we believe there is a significant opportunity for Web filtering, Web security and information leak prevention solutions that effectively address the needs of organizations to protect themselves from Web-based threats and manage
employee usage of the computing environment and confidential data. Additionally, although the Web and e-mail are the primary drivers of Internet traffic today, the rapid emergence of Internet-enabled applications creates the need for software that applies management and security policies to different data types, applications, and protocols, as well as Web pages, at multiple points in the information technology infrastructure and across multiple communication technologies. Software tools are needed to protect against internal and external threats to data security and implement granular policy-based security measures that are user, content and destination aware.
Our Products and Services
We offer products that protect data and users from threats to information security and productivity loss. Our Web filtering and related services mitigate risks associated with inappropriate Web content and loss of productivity due to unmanaged Web surfing. Our add-on Web security products protect from Web-based malicious attacks by blocking access to compromised and malicious Web sites. Our information leak prevention products protect against the loss, or leakage, of confidential information due to internal threats, such as inadequate business process controls, employee error and malfeasance, and undetected malicious code.
We sell subscriptions to our products based on the number of seats or devices to be managed. Revenues from sales of subscriptions to Websense Enterprise and related add-on products accounted for all of our revenues in 2006, 2005 and 2004.
Websense Enterprise. Websense Enterprise is the software application that serves as the management and reporting platform for our Web filtering and Web security products, including Security Filtering, Remote Filtering and Client Policy Manager. It allows organizations to manage employees’ use of corporate computing resources by filtering access to Web sites, applications, and protocols while providing multiple options for identifying, analyzing and reporting on Internet activity and the risks associated with employee computing. The Websense Enterprise application works in conjunction with our proprietary URL, protocol and application databases to give business managers the ability to automate the enforcement of highly customized Internet and application access and use policies for different users and groups within the business. By automating the enforcement of these policies, Websense Enterprise and the related add-on Web security products support an organization’s efforts to enhance network security, improve employee productivity, mitigate potential legal liability, and conserve network bandwidth.
To address specific customer needs, such as the need for enhanced network security, we offer Websense Web Security Suite, which includes Websense Enterprise and a select group of add-on security products and services as a combined solution.
Web Filtering. Websense Enterprise enables employers to proactively analyze, report and manage employee access to Web sites based on the content of the requested Web site. Our software application works in conjunction with a database of more than 20 million business-relevant Web sites to provide patented flexibility for managers when customizing, implementing and modifying Internet access policies for various groups, user types and individuals. A graphical interface enables business managers to define the categories of Web sites to which access will be managed. The filtering software examines each Internet access request, determines the category of the requested Web site and applies the policies that have been defined by the company. Some examples of management options include:
· Allow: The request is allowed to proceed, because the organization has chosen not to restrict access to the category applicable to the Web site.
· Block: The requested Web site is in a category that is not allowed to be accessed according to the policy in effect.
· Time-based Quotas: Users are allowed a specified amount of personal surfing time within categories that are determined by the administrator. Once the user reaches his or her quota time, he or she is no longer able to access sites in those categories.
· Continue with Exception Report: The user is reminded about the organization’s Internet usage policy, but can choose to access the requested Web site.
· Time of Day: Filtering options can be managed by time of day. For example, access to shopping sites could be blocked during business hours and permitted at all other times.
The breadth and specificity of Web site categories we have defined provide flexibility in selecting which types of material should be allowed, blocked or reported. We identify the types of content that we believe employers would deem to be unacceptable, inappropriate or undesirable in a work environment based on input we receive from our customers, and define the categories accordingly. There are currently more than 90 categories in the basic Web filtering product.
Reporting and Analysis. Websense Enterprise includes several reporting modules to meet the information needs of different management groups.
· Websense Reporter is a batch-based reporting application that can generate more than 80 tabular and graphical reports based on an organization’s historical Internet use. It analyzes information from Internet monitoring logs and builds visual charts in a variety of pre-set or customizable formats for easy distribution to and interpretation by managers.
· Websense Real-Time Analyzer™ utilizes the network agent in Websense Enterprise to monitor and analyze network traffic on-the-fly. This allows IT managers to identify potential risks and bandwidth bottlenecks associated with different types of network traffic.
· Websense Explorer is a browser-based forensics and analytics reporting tool for non-technical business managers that enables them to drill down on Internet use data by risk class, user group, or individual.
Deployment Options. Websense Enterprise integrates with an organization’s network server, proxy server, switch, router or firewall and is designed to work in networks of virtually any size and configuration. Websense Enterprise can support up to 50,000 users on a single server. We currently offer three deployment options:
· Integrated deployment on a separate server that is tightly integrated with the network gateway platform to offer pass-through filtering that maximizes stability, scalability and performance.
· Embedded deployment on an appliance or gateway product to reduce hardware expense and enhance ease-of-use, particularly in remote locations.
· Stand-alone deployment utilizing a network agent to deliver pass-by filtering capabilities in any network environment.
Add-On Security Products. There are two primary types of add-on products that extend and enhance the policy enforcement capabilities of Websense Enterprise: additional database categories and products that enforce policies at the desktop and on mobile devices, such as laptop computers. These add-on products rely on the application framework of the Websense Enterprise platform and our proprietary databases of software applications and protocols.
Our product that provides additional database categories is:
· Security Filtering. The Security Filtering add-on product includes specialized database categories that augment the categories included with basic Web filtering solution and provide additional policy
enforcement options at the Internet gateway. We continually update our security-specific filtering categories as new malicious or compromised Web sites are identified by our ThreatSeeker technology.
Our mobile and desktop policy management add-on products are:
· Remote Filtering. Remote Filtering extends the corporate Web filtering policies to laptop computers and other mobile devices when they are disconnected from the corporate network. By using remote filtering, IT administrators can enforce security policies, such as blocking access to sites containing spyware, even when a laptop computer is accessing the Internet from an unmanaged server. This enables the network manager to reduce the risk that mobile devices will infect the network with malicious code when the device again connects to the network.
· Client Policy Manager . The Client Policy Manager (CPM) product allows our customers to implement management policies, such as block, allow or defer, for usage of software applications and other executables on desktop computers, by application type, by user type, or by individual user. CPM can be used to inventory desktop software, provide a categorized view of applications in the desktop environment, and identify potential security threats from hacking and spyware applications. It can also be used to create lists of allowable applications and block the launch of others, enhancing security by preventing the launch of certain categories of executables such as hacking tools or spyware. CPM utilizes the application framework of Websense Enterprise and references our database of over two million software applications and executable files.
Websense Web Security Suite. The Websense Web Security Suite combines Websense Enterprise, Security Filtering and several additional services, including Real Time Security Updates™ and Websense Web Protection Services™, for a single price. The Websense Web Security Suite was created to simplify the sales process for our value-added resellers and simplify the purchase process for our customers.
· Real Time Security Updates. Real Time Security Updates allow subscribing organizations to receive database updates for Web-based and application-based threats in real time as they are identified and categorized by the Websense Security Labs. Websense Security Labs scans nearly 600 million Web sites weekly to identify new Web-based threats. This service is available only as part of the Websense Web Security Suite.
· Websense Web Protection Services: SiteWatcher ™, BrandWatcher ™ and ThreatWatcher ™ Services . The SiteWatcher and BrandWatcher services monitor our customer’s Web sites and brands, respectively, for malicious code or illegal use in a phishing attack and notify the customer if either occurs. The ThreatWatcher service helps customers prevent malicious attacks on their Web servers by identifying security vulnerabilities. These products are available only as part of the Websense Web Security Suite.
Websense Content Protection Suite. Websense Content Protection Suite is based on the information leak prevention technology acquired through the purchase of PortAuthority in January 2007. Websense Content Protection Suite is an integrated information leak prevention solution that protects against information leaks and data loss by identifying and categorizing sensitive or confidential data based on its characteristics, monitoring the movement of sensitive data throughout the network and enforcing pre-determined usage and movement policies. The Websense Content Protection Suite:
· discovers and accurately identifies data stored on a network-connected device (data-at-rest);
· monitors and prevents sensitive data from unauthorized distribution in outgoing and internal communications, including email, instant messaging, Internet (FTP and http) and Web-based mail;
· automates enforcement of policies for data-in-motion to authorized recipients;
· monitors and prevents unauthorized copying of highly sensitive files to USB drives and other portable media; or being printed to hardcopy paper; and
· audits and reports the distribution and use of confidential data against regulatory and internal security policy requirements.
The Websense Content Protection Suite includes more than 140 pre-built policy templates and a sophisticated policy engine to address the most common compliance requirements for United States federal and state regulations, as well as industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and Check 21 Act, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and international government and banking regulations for the European Union, United Kingdom, Israel, South Africa, Australia and Singapore. These templates are automatically updated as regulations change.
Our products that comprise the Websense Content Protection Suite are:
· Content Auditor. Content Auditor identifies and classifies sensitive data based on management-defined criteria, discovers its location within the organization, and identifies who is using it, how it is being used and where it is being sent within or outside the organization. By tracking and reporting on the location of data stored anywhere in the network (data at rest) and the movement (data in motion) and use of data (data in use), Content Auditor allows organizations to identify gaps in information security and compliance processes, uncover policy and process risks based on federal, state and industry regulations, and identify and report on information security practices and policies.
· Content Enforcer. Content Enforcer includes Content Auditor and augments its identification and monitoring capabilities by automating the enforcement of user and content-based data security policies for both internal and outbound data. Content Enforcer prevents internal leaks through the use of server agents installed on Microsoft Exchange, Lotus Notes, Microsoft ISA and Microsoft Print servers that enforce policies on data that is transmitted by these applications. Content Enforcer provides outbound leak prevention by examining outbound data traffic at the network egress points and applying policies such as block, allow, quarantine, monitor and archive sensitive data through the use of real-time filters. Content Enforcer can effectively monitor, secure, filter, quarantine and block outbound content contained in email, instant messaging, file transfers, Web postings and other types of messaging traffic copying to portable media devices and printing to hardcopy paper. In addition, Content Enforcer can enforce policies for sensitive data being sent to authorized recipients through automated encryption via integration with third-party message encryption gateways.
Additional Websense products and services include:
· Platinum Support . Platinum Support gives customers experienced, personalized service, plus proactive support and continuing education, to ensure the performance, reliability, and availability of each Websense solution.
· Priority One 24x7 Support. Priority One support gives customers access to a dedicated team of senior technical support specialists 24 hours a day via a toll-free support hotline.
· Content Filtering for Mobile Devices. We have been developing Web content filtering and security solutions to protect Internet users from receiving and accessing unwanted or illegal content on their mobile phones and personal digital assistants (PDAs). We have engaged in the discussions regarding mobile filtering solutions with several third parties, and we expect to close our first transaction for the mobile filtering and security products in 2007.
Technology Integrations
Websense solutions integrate with a wide variety of information technology platforms. Our objective is for Websense products to be available for virtually any network environment desired by a customer.
In 2005, we implemented the Websense Web Security Ecosystem™—a comprehensive ecosystem of world class security and networking technology providers that enable easy deployment and integration of Websense solutions in enterprise environments. The Websense Web Security Ecosystem provides interoperability of joint solutions with vendors from leading security and networking markets, including: network access control, Internet gateways, certified appliance platforms, security event management and identity management.
The table below lists many of the platforms with which Websense products operate:
|
Firewall Solutions: |
|
Cache/Proxy Solutions: |
|
· Check Point Software |
|
· Blue Coat Systems |
|
· Cisco PIX |
|
· Cisco Content Engine |
|
· CP Secure |
|
· Citrix Presentation Server |
|
· Juniper Networks/NetScreen |
|
· Inktomi Traffic Server |
|
· Microsoft ISA Server |
|
· Microsoft Proxy Server |
|
· SonicWall |
|
· Network Appliance NetCache |
|
|
|
· Squid Proxy |
|
Appliance Solutions: |
|
· Stratacache Flyer |
|
· Blue Coat Systems |
|
· Sun ONE Web Proxy Server (formerly iPlanet) |
|
· Celestix MSA |
|
· Websense Content Gateway |
|
· Cisco Systems Content Engine |
|
|
|
· Crossbeam Systems C-Series |
|
Switch/Router Solutions: |
|
· Crossbeam Systems X-Series |
|
· Cisco Catalyst Switches |
|
· Network Engines NS |
|
· Cisco Routers |
|
· Resilience NetSquad |
|
· ADTRAN Net Vanta |
|
· Stratacache Flyer |
|
|
|
|
|
Security Event Management Solutions: |
|
Identity Management Solutions: |
|
· Arcsight |
|
· HP Open View |
|
· Network Intelligence |
|
· IBM Tivoli |
|
|
|
· Microsoft Identity Integration Server |
|
Network Access Control Solutions: |
|
· Novell Nsure |
|
· Cisco Network Admission Control |
|
· Sun Microsystems Identity Manager |
|
|
In 2006, PortAuthority, our new subsidiary, formed the DATASEC Alliance, a strategic partnership program designed to bring together best-of-breed products to enable enterprises to control their sensitive information. These partnerships foster interoperability with complementary technology vendors, allowing customers to deploy comprehensive data protection and compliance solutions. DATASEC Alliance members include Internet gateway platform vendors, secure messaging/communication vendors, endpoint security solution vendors and security analysis vendors, such as:
|
· BlueCoat |
|
· Safend |
|
· Checkpoint |
|
· LogLogic |
|
· FaceTime |
|
· PostX |
|
· Tumbleweed |
|
· PGP Corporation |
Customers
Our more than 24,000 Web filtering and Web security customers range from companies with as few as 50 employees to members of the Global 1000 and to government agencies and educational institutions. In total, these customers have subscribed to approximately 25 million seats as of December 31, 2006. No customer accounted for more than 10% of our total revenues in 2006, 2005 or 2004.
Sales, Marketing and Distribution
Sales. Our sales strategy is to increase sales to new customers and increase the renewal rate on subscriptions to existing customers by increasing the number and productivity of the resellers and distributors that sell our products. To accomplish this, we sell our products and services primarily through indirect channels. For 2006, indirect channel sales comprised over 85% of total revenues. As we move toward a pure indirect sales model our revenue will be derived almost entirely from sales through indirect channels, including distributors and value-added resellers that sell our products to end-users, distributors that sell our products to value-added resellers and providers of managed Internet and other services.
We historically have sold our products in the United States through a network of approximately 1,000 value-added resellers. In August 2006, we announced a new two-tier distribution strategy in North America and entered into a relationship with Ingram Micro to distribute, market and support our Web security and Web filtering software in North America. Through joint marketing programs with Websense, Ingram Micro will focus its efforts on recruiting new resellers, especially resellers focused on selling to small and medium-sized businesses (SMB), and on building awareness and demand within our existing North America channel partner base. During the second half of 2006, we added 200 value-added resellers to end the year with 1,200 in North America.
Internationally, we sell our products through a multi-tiered distribution network of more than 250 distributors and resellers in over 80 countries, who sell to customers located in over 150 countries.
Our channel sales efforts are coordinated worldwide through a sales team of approximately 250 individuals. Customers that buy direct from us are typically large organizations that insist on a direct relationship.
In 2006, we generated 36% of our total revenue from customers outside of the United States. Revenue generated in the United Kingdom represented approximately 10% of our total revenue. See Note 4 of Notes to the Consolidated Financial Statements for further explanation of our revenue based on geography. Our current international efforts are focused on expanding our indirect sales channels in Europe, Latin America, Asia/Pacific, and Australia. Our continuing reliance on sales in international markets exposes us to risks attendant to foreign sales. See “Item 1A. Risk Factors - Sales to customers outside the United States have accounted for a significant portion of our revenue, which exposes us to risks inherent in international sales.”
Marketing. Our marketing efforts are designed to raise awareness of the potential risks associated with unmanaged use of corporate computing resources and confidential data, generate qualified sales leads for our channel partners, and increase recognition of Websense as a provider of Web filtering, Web security information leak prevention solutions.
Our marketing activities are targeted toward business executives, including information technology professionals, chief executives, upper level management and human resource personnel. We actively manage our public relations programs, communicating directly with technology professionals and the media, in an effort to promote greater awareness of the growing problems caused by viruses, spyware, phishing sites, and key logging, as well as employee misuse of the Internet and other computing resources at work.
We also provide potential customers and channel partners with free trials of Websense Enterprise, Websense Web Security Suite and Websense Content Protection Suite, typically for 30-day periods. Our additional marketing initiatives include:
· joint marketing programs with our distributors to recruit additional value-added resellers and drive awareness for Websense solutions with existing resellers;
· advertising online and in high-technology trade magazines, management journals and other business oriented periodicals;
· participation in and sponsorship of trade shows and industry events;
· providing free subscriptions to security alerts from Websense Security Labs, which inform subscribers of newly identified security threats, such as phishing sites and sites infected with spyware and malicious code;
· hosting regional and international seminars, webinars, and training sessions for our sales organization and reseller partners, as well as customers and prospects;
· conducting speaking engagements on topics of interest to our customers and prospects;
· use of our Web site to communicate with our indirect sales channels, and provide product and company information to interested parties; and
· providing and distributing soft and hard-copy collateral on our company, products, solutions, technologies, partnerships and benefits.
Customer Service, Training and Support
We believe that superior customer support is critical to retaining and expanding our customer base. Our technical support group provides dependable and timely resolution of customer technical inquiries and is available to customers by telephone, e-mail and over the Web. We also proactively update customers on a variety of topics, including release dates of new products and updates to existing products.
Our training services group delivers education, training and pre-sales support to our resellers and customers. We also offer online training to our customers and resellers to provide them with the knowledge and skills to successfully deploy, use and maintain our products.
Research and Development
We maintain research and development facilities in San Diego and Israel, and are commencing research and development activities in China. Our research and development department is divided into several groups, which include content operations, security research, software development, quality and assurance, and documentation. Individuals in different locations are grouped along product lines and work as part of cross-disciplined teams designed to provide a framework for defining and addressing the activities required to bring product concepts and development projects to market successfully. In connection with our increased focus on the SMB market, we are working to develop products specifically targeted at that market.
Research and development expenses totaled $22.7 million in 2006, $16.3 million in 2005 and $14.5 million in 2004. Research and development expenses as a percentage of revenue were 12% in 2006, 11% in 2005, and 13% in 2004.
Competition
The market for our products is fragmented, highly and increasingly competitive, quickly evolving and subject to rapid technological change. Increased competition and pricing pressures generally could result in reduced sales, reduced renewals and/or seat growth from existing customers, reduced margins or failure of our products to achieve or maintain more widespread market acceptance,. Competitors vary in size and in the scope and breadth of the products and services they offer. Our current principal competitors include:
· companies offering Web security solutions, such as Microsoft, Symantec, McAfee, Juniper Networks, Message Labs and Trend Micro;
· companies offering Web filtering products, such as SurfControl, Secure Computing, Symantec, Digital Arts, Computer Associates, Microsoft, St. Bernard Software, Finjan, Barracuda, ScanSafe, Cisco Systems and Trend Micro;
· companies integrating Web filtering into specialized security appliances, such as 8e6 Technologies, Blue Coat Systems, Cisco Systems, McAfee and SonicWALL;
· companies offering information leak protection solutions, such as Vontu, Verdasys, Vericept, Tablus, Symantec, Secure Computing, Reconnex, Provilla, Proofpoint, Palisade Systems, Orchstria, Oakley Networks, McAfee, Intrusion, Fidelis, Checkpoint and Code Green Networks;
· companies offering desktop security solutions such as Check Point Software, Cisco Systems, McAfee, Microsoft and Symantec; and
· companies offering proxy based solutions such as Blue Coat Systems and Cisco Systems.
We also face current and potential competition in Web filtering and Web security from vendors of Internet servers, operating systems and networking hardware, many of which now, or may in the future, develop and/or bundle Web filtering, Web security or other competitive products with their offerings. We compete against and expect increased competition from anti-virus software developers, traditional network management software developers and Web management service providers. In the information leak prevention market, we may face competition from anti-virus software developers, e-mail filtering and security vendors, and providers of other software-based compliance solutions.
We believe that the principal competitive factors affecting the markets for our products include, but are not limited to:
|
· performance |
|
· innovation |
|
· quality |
|
· customer support |
|
· introduction of new products |
|
· frequency of upgrades and updates |
|
· brand name recognition |
|
· reduction of production costs |
|
· price |
|
· manageability of products |
|
· functionality |
|
· reputation |
We believe that we compete effectively against our competitors in each of these areas. However, many of our current and potential competitors, such as Symantec Corporation, McAfee, Inc., Trend Micro, Cisco Systems and Microsoft Corporation, have longer operating histories and significantly greater financial, technical, marketing or other resources. They may have significantly greater name recognition, established marketing and channel relationships both in the United States and internationally, better access to the SMB market, and access to a larger installed base of customers. In addition, current and potential competitors have established or may establish cooperative relationships among themselves or with third
parties to increase the functionality of their products to address customer needs. Accordingly, new competitors or alliances among competitors may emerge and rapidly acquire significant market share.
Intellectual Property Rights
Our intellectual property rights are important to our business. We rely on a combination of trademark, copyright, patent and trade secret laws in the United States and other jurisdictions as well as confidentiality procedures and contractual provisions to protect our proprietary technology and Websense brand. We have registered our Websense® trademark in the United States, Japan, the European Union, Canada, Australia, China, Switzerland, Norway, Mexico, Colombia, Argentina, Singapore, Taiwan and Turkey. We have also registered the Websense Enterprise® trademark in the United States, Japan, Canada, Australia and China. In addition, we have registrations for the Websense trademark pending in several other countries. Effective trademark protection may not be available in every country where our products are available.
We currently have three patents issued in the United States, one patent issued in an international market, ten patent applications pending in the United States and sixteen pending international patent applications that seek to protect our proprietary database and filtering technologies, including issued patents and pending patent applications relating to our flexible filtering management options and WebCatcher and AppCatcher technologies, and pending patent applications relating to our ThreatSeeker technology. We also have one patent issued in the United States, one patent issued in an international market, twenty-five pending patent applications in the United States and thirteen pending international patent applications that seek to protect information leakage prevention and content distribution, including our PreciseID digital fingerprinting technology. No assurance can be given that any pending patent applications will result in issued patents.
Our policy is to enter into confidentiality and invention assignment agreements with all employees and consultants, and nondisclosure agreements with all other parties to whom we disclose confidential information. These protections, however, may not be adequate to protect our intellectual property rights.
Employees
As of February 15, 2007, we had 728 employees. None of our employees are represented by a labor union, and we have never experienced a work stoppage. We believe that our relations with our employees are good.
Web Site Access to SEC Filings
We maintain an Internet Web site at www.websense.com . The content of our Web site is not part of this report. We make available, free of charge, through our Internet Web site our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, or the Exchange Act, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC.
Executive Officers
Our executive officers and their ages as of February 15, 2007 are as follows:
|
Name |
Age |
Position(s) |
||||
|
Gene Hodges |
|
55 |
|
Chief Executive Officer and President |
||
|
Douglas C. Wride |
|
53 |
|
Chief Financial Officer and Secretary |
||
|
Michael A. Newman |
|
37 |
|
Vice President & General Counsel |
Gene Hodges has served as our Chief Executive Officer and President, and as a Director, since January 2006. From 1995 to January 2006, Mr. Hodges held various management positions at McAfee, Inc., a publicly-held security software company, most recently as its President. Prior to joining McAfee, Mr. Hodges was Vice-President of Marketing for Mobileware, a wireless data startup, and managed the Office Automation business unit for Digital Equipment Corporation. Mr. Hodges received a B.A. in Astronomy from Haverford College and completed the Harvard Advanced Management Program for business executives.
Douglas C. Wride has served as our Chief Financial Officer and Secretary since June 1999. Mr. Wride served as Chief Financial Officer of Artios, Inc., a provider of hardware and software design solutions to companies in the packaging industry, from March 1997 until it was acquired by BARCO n.a. in December 1998. Mr. Wride also served as Chief Operating Officer of Artios from July 1997 to December 1998. From April 1996 to March 1997, Mr. Wride served as Chief Operating Officer and Chief Financial Officer of NetCount, LLC, a provider of Internet measurement and research services. Mr. Wride is a C.P.A. and received his B.S. in Business/Accounting from the University of Southern California.
Michael A. Newman has served as our Vice President & General Counsel since September 2002. From April 1999 to September 2002, he served in various capacities in the legal department of Gateway, Inc., a publicly traded PC manufacturer, most recently as Senior Staff Counsel, Securities, Finance and Corporate Development. From February 1996 to April 1999, he practiced as an attorney in the San Diego office of Cooley Godward, LLP, a law firm specializing in the representation of high-growth information technology and life sciences companies. Mr. Newman received his B.S. in Business Administration from Georgetown University, and a J.D. from Harvard Law School.
Item 1A. Risk Factors
You should carefully consider the following information in addition to other information in this report before you decide to purchase our common stock. The risks and uncertainties described below are those that we currently deem to be material and that we believe are specific to our company and our industry. In addition to these risks, our business may be subject to risks currently unknown to us. If any of these or other risks actually occur, our business may be adversely affected, the trading price of our common stock could decline, and you may lose all or part of your investment in Websense.
We have experienced declining growth rates, particularly for Web filtering sales to large enterprises in North America and Western Europe, and therefore need to increase our sales to small and medium sized business customers.
During the first half of 2006, we were unable to sustain our growth rates for sales of Web filtering products to large enterprises, particularly for new sales to this market segment. During the second half of 2006, we expanded our focus on increasing sales to small and medium sized business (SMB) customers in North America and Western Europe while sales growth rates in the large enterprise market segment slowed down. Our growth plans for new sales in North America and Western Europe in 2007 are largely dependent on our ability to increase sales in the SMB space. To be successful, we must develop products specifically targeted at the SMB market. We are scheduled to release the first such product in July 2007. We will also need to increase our reliance on our new two-tier distribution channel in North America and establish similar two-tier distribution arrangements in Western Europe that target SMB customers. Numerous competitors target the SMB space for Web filtering sales, many of whom are different competitors from our primary competitors in the large enterprise space. If we cannot develop new products for the SMB market or compete effectively for volume business through our existing or a newly established two-tier distribution model, our financial results will be negatively affected.
We are moving towards a two-tier distribution channel in North America which is intended to increase the quantity of our indirect sales.
As we move toward a two-tier indirect sales model in North America, our revenue will be derived almost entirely from sales through indirect channels, including value-added resellers, distributors that sell our products to end-users, providers of managed Internet services and other resellers. Currently, Ingram Micro is our only broad-line distributor in North America, so the success of our North American sales efforts is reliant on Ingram Micro’s success in selling our products to their reseller network. Our indirect sales model involves a number of additional risks, including:
· our resellers and distributors, including Ingram Micro, are not subject to minimum sales requirements or any obligation to market our products to their customers;
· we cannot control the level of effort our resellers and distributors expend or the extent to which any of them will be successful in marketing and selling our products;
· we cannot assure that our channel partners will market and sell our new product offerings such as our security-oriented offerings and our new information leak prevention offerings;
· our reseller and distributor agreements are generally nonexclusive and may be terminated at any time without cause; and
· our resellers and distributors frequently market and distribute competing products and may, from time to time, place greater emphasis on the sale of these products due to pricing, promotions, and other terms offered by our competitors.
Our ability to meaningfully increase the amount of our products sold through our sales channels also depends on our ability to adequately and efficiently support these channel partners with, among other things, appropriate financial incentives to encourage pre-sales investment and sales tools, such as sales training, technical training and product collateral needed to support their customers and prospects. Additionally, we are continually evaluating the changes to our internal ordering and partner management systems in order to effectively execute our new two-tier distribution strategy. Any failure to properly and efficiently support our sales channels will result in lost sales opportunities.
Our future success depends on our ability to sell new, renewal and upgraded Web filtering and Web security subscriptions.
Substantially all of our revenue in 2006 was derived from new and renewal subscriptions to our Web filtering and Web security products. We expect that a significant majority of our sales in 2007 will continue to be derived from our Web filtering and security products and that sales of our newly acquired information leak prevention products and other products under development will comprise only a very small portion of our overall sales in 2007. If our Web filtering and security products fail to meet the needs of our existing and target customers, or if they do not compare favorably in price, features and performance to competing products, our operating results and our business will be significantly impaired. If we cannot sufficiently increase our customer base with the addition of new customers, particularly in the SMB space, and increase seats under subscriptions from existing customers, we will not be able to grow our business to meet expectations.
Subscriptions for our Web filtering and security products typically have durations of 12, 24 or 36 months. Our customers have no obligation to renew their subscriptions upon expiration. Our revenue also depends upon maintaining a high rate of sales of renewal subscriptions and in selling further subscriptions to existing customers in order to add additional seats or product offerings within their respective organizations. This may require increasingly costly sales efforts targeting senior management and other management personnel associated with our customers’ Internet and security infrastructure. We may not be able to maintain or continue to generate increasing revenue from existing customers .
Failure of our security products, including our information leak prevention products, to achieve more widespread market acceptance will seriously harm our business.
Our future financial performance depends on our ability to diversify our offerings by successfully developing, introducing and gaining customer acceptance of our new products and services, particularly our security offerings. On January 8, 2007, we acquired PortAuthority Technologies, Inc., and as a result of that acquisition, we now sell information leak prevention products in the content security market. We also sell our WebBlazer proxy product and other security offerings with our traditional Web filtering products. We may not be successful in achieving market acceptance of these or any new products that we develop. Moreover, our recent increased emphasis on the development, marketing and sale of our security offerings and information leak prevention products could distract us from sales of our core Web filtering and Web security offerings, negatively impacting our overall sales. Any failure or delay in diversifying our existing offerings, or diversification at the detriment to our core Web filtering and Web security offerings, could harm our business, results of operations and financial condition.
We face increasing competition from much larger software and hardware companies, which places pressure on our pricing and which could prevent us from increasing revenue or maintaining profitability. In addition, as we increase our emphasis on our security-oriented products, we face competition from better-established security companies that have significantly greater resources.
The market for our products is intensely competitive and is likely to become even more so in the future, within both the Web filtering market as well as the Web security market. Our current principal Web filtering competitors frequently offer their products at a significantly lower price than our products, which has resulted in pricing pressures on sales of our product and potentially could result in the commoditization of Web filtering and Web security products. We also face current and potential competition from vendors of Internet servers, operating systems and networking hardware, many of which now, or may in the future, develop and/or bundle Web filtering or other competitive products with their products. Increased competition may cause price reductions or a loss of market share, either of which could have a material adverse effect on our business, results of operations and financial condition. If we are unable to maintain the current pricing on sales of our products or increase our pricing in the future, our profitability could be negatively impacted. Even if our products provide greater functionality and are more effective than certain other competitive products, potential customers might accept this limited functionality in lieu of purchasing our products. In addition, our own indirect sales channels may decide to develop or sell competing products instead of our products. Pricing pressures and increased competition generally could result in reduced sales, reduced margins or the failure of our products to achieve or maintain more widespread market acceptance, any of which could have a material adverse effect on our business, results of operations and financial condition.
Our current principal competitors include:
· companies offering Web security solutions, such as Microsoft, Symantec, McAfee, Juniper Networks, Message Labs and Trend Micro;
· companies offering Web filtering products, such as SurfControl, Secure Computing, Symantec, Digital Arts, Computer Associates, Microsoft, St. Bernard Software, Finjan, Barracuda, ScanSafe, Cisco Systems and Trend Micro;
· companies integrating Web filtering into specialized security appliances, such as 8e6 Technologies, Blue Coat Systems, Cisco Systems, McAfee and SonicWALL;
· companies offering information leak protection solutions, such as Vontu, Verdasys, Vericept, Tablus, Symantec, Secure Computing, Reconnex, Provilla, Proofpoint, Palisade Systems, Orchstria, Oakley Networks, McAfee, Intrusion, Fidelis, Checkpoint and Code Green Networks;
· companies offering desktop security solutions such as Check Point Software, Cisco Systems, McAfee, Microsoft and Symantec; and
· companies offering proxy based solutions such as BlueCoat Systems and Cisco Systems.
As we develop and market our products with an increasing security-oriented emphasis, we also face increasing competition from security solutions providers. Many of our competitors within the Web security market, such as Symantec Corporation, McAfee, Inc., Trend Micro, Cisco Systems and Microsoft Corporation enjoy substantial competitive advantages, including:
· greater name recognition and larger marketing budgets and resources;
· established marketing relationships and access to larger customer bases; and
· substantially greater financial, technical and other resources.
As a result, we may be unable to gain sufficient traction as a provider of Web security solutions, and our competitors may be able to respond more quickly and effectively than we can to new or emerging technologies and changes in customer requirements, or devote greater resources to the development, marketing, promotion and sale of their products than we can. Current and potential competitors have established or may establish cooperative relationships among themselves or with third parties to increase the functionality and market acceptance of their products. In addition, our competitors may be able to replicate our products, make more attractive offers to existing and potential employees and strategic partners, develop new products or enhance existing products and services more quickly. Accordingly, new competitors or alliances among competitors may emerge and rapidly acquire significant market share. In addition, we also expect that competition will increase as a result of industry consolidation. For all of the foregoing reasons, we may not be able to compete successfully against our current and future competitors.
Our international operations involve risks that could increase our expenses, adversely affect our operating results, and require increased time and attention of our management.
We have significant operations outside of the United States, including research and development, sales and customer support. We recently established engineering operations in Beijing, China, and acquired PortAuthority Technologies, Inc., whose engineering efforts are based in Israel. We intend to maintain our principal engineering efforts for our information leak prevention products in Israel.
We plan to continue to expand our international operations, but such expansion is contingent upon the financial performance of our existing international operations as well as our identification of growth opportunities. Our international operations are subject to risks in addition to those faced by our domestic operations, including:
· difficulties associated with managing a distributed organization located on multiple continents in greatly varying time zones;
· potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights;
· requirements of foreign laws and other governmental controls, including trade and labor restrictions and related laws that reduce the flexibility of our business operations;
· political unrest, war or terrorism, particularly in areas in which we have facilities;
· difficulties in staffing, managing, and operating our international operations, including difficulties related to administering our stock plans in some foreign countries;
· difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
· seasonal reductions in business activity in the summer months in Europe and in other periods in other countries;
· restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the United States; and
· costs and delays associated with developing software in multiple languages.
All of our foreign subsidiaries’ operating expenses are incurred in foreign currencies. As a result, should the dollar weaken, our foreign operating expenses would increase. Should foreign currency exchange rates fluctuate, our earnings and net cash flows from international operations may be adversely affected, especially if international sales continue to grow as a percentage of our total sales.
Sales to customers outside the United States have accounted for a significant portion of our revenue, which exposes us to risks inherent in international sales.
We market and sell our products outside the United States through value-added resellers, distributors and other resellers. International sales represented approximately 36% of our total revenue generated during our fiscal year ended December 31, 2006 compared with 33% of our total revenue during our fiscal year ended December 31, 2005. As a key component of our business strategy to generate new business sales, we intend to expand our international sales, but success cannot be assured. In addition to the risks associated with our domestic sales, our international sales are subject to the following risks:
· our ability to adapt to sales and marketing practices and customer requirements in different cultures;
· our ability to successfully localize software products for a significant number of international markets;
· the significant presence of some of our competitors in some international markets;
· laws and business practices favoring local competitors;
· dependence on foreign distributors and their sales channels;
· longer payment cycles for sales in foreign countries and difficulties in collecting accounts receivable;
· compliance with multiple, conflicting and changing governmental laws and regulations, including tax laws and regulations and consumer protection and privacy laws; and
· regional economic and political conditions.
These factors could have a material adverse effect on our international sales. Any reduction in international sales, or our failure to further develop our international distribution channels, could have a material adverse effect on our business, results of operations and financial condition.
Our international revenue is currently primarily denominated in U.S. dollars. As a result, fluctuations in the value of the U.S. dollar and foreign currencies may make our products more expensive for international customers, which could harm our business. We currently bill certain international customers in Euros. This may increase our risks associated with fluctuations in foreign currency exchange rates since we cannot be assured of receiving the same U.S. dollar equivalent as when we bill exclusively in U.S. dollars. We engage in currency hedging activities with the intent of limiting the risk of exchange rate fluctuation. Our hedging activities also involve inherent risks that could result in an unforeseen loss. If we fail to properly forecast rate fluctuations these activities could have a negative impact.
Acquired companies or technologies can be difficult to integrate, disrupt our business, dilute stockholder value and adversely affect our operating results.
In January 2007, we acquired PortAuthority Technologies, Inc., and we may acquire additional companies, services and technologies in the future as part of our efforts to expand and diversify our business. Although we review the records of companies or businesses we are interested in acquiring, even an in-depth review may not reveal existing or potential problems or permit us to become familiar enough with a business to assess fully its capabilities and deficiencies. Integration of acquired companies may disrupt or slow the momentum of the activities of our business.
Acquisitions involve numerous risks, including:
· difficulties in integrating operations, technologies, services and personnel of the acquired company;
· diversion of financial and management resources from existing operations;
· risk of entering new markets;
· potential loss of key employees of the acquired company;
· integrating personnel with diverse business and cultural backgrounds;
· preserving the development, distribution, marketing and other important relationships of the companies;
· assumption of liabilities of the acquired company, including debt and litigation; and
· inability to generate sufficient revenue to offset acquisition costs.
Acquisitions may also cause us to:
· issue equity securities that would dilute our current stockholders’ percentage ownership;
· assume certain liabilities;
· incur additional debt;
· make large and immediate one-time write-offs and restructuring and other related expenses;
· become subject to intellectual property or other litigation; and
· create goodwill or other intangible assets that could result in significant amortization expense.
As a result, if we fail to properly evaluate, execute and integrate acquisitions such as PortAuthority, our business and prospects may be seriously harmed.
We may not be able to develop acceptable new products or enhancements to our existing products at a rate required by our rapidly changing market.
Our future success depends on our ability to develop new products or enhancements to our existing products that keep pace with rapid technological developments and that address the changing needs of our customers. Although our products are designed to operate with a variety of network hardware and software platforms, we will need to continuously modify and enhance our products to keep pace with changes in Internet-related hardware, software, communication, browser and database technologies. We may not be successful in either developing such products or introducing them to the market in a timely fashion. In addition, uncertainties about the timing and nature of new network platforms or technologies, or modifications to existing platforms or technology could increase our research and development expenses. The failure of our products to operate effectively with the existing and future network platforms
and technologies will limit or reduce the market for our products, result in customer dissatisfaction and seriously harm our business, results of operations and financial condition.
We may spend significant time and money on research and development to design and develop our information leak prevention products. If these products fail to achieve broad market acceptance in our target markets, we may be unable to generate significant revenue from our research and development efforts. Moreover, even if we are able to develop information prevention products, they may not be accepted in our target markets. As a result, our business, results of operations and financial condition would be adversely impacted.
Our products may fail to keep pace with the rapid growth and technological change of the Internet in accordance with our customers’ expectations.
The ongoing evolution of the Internet and computing environments will require us to continually improve the functionality, features and reliability of our databases. Because our products primarily manage access to URLs and software applications included in our databases, if our databases do not contain a meaningful portion of relevant content, the effectiveness of our Web filtering products will be significantly diminished. Any failure of our databases to keep pace with the rapid growth and technological change of the Internet, such as the increasing amount of multimedia content on the Internet that is not easily classified, will impair the market acceptance of our products.
We rely upon a combination of automated filtering technology and human review to categorize URLs and software applications in our proprietary databases. Our customers may not agree with our determinations that particular URLs and software applications should be included or not included in specific categories of our databases. In addition, it is possible that our filtering processes may place objectionable or security risk material in categories that are generally unrestricted by our users’ Internet and computer access policies, which could result in such material not being blocked from the network. Any miscategorization could result in customer dissatisfaction and harm our reputation. Any failure to effectively categorize and filter URLs and software applications according to our customers’ expectations will impair the growth of our business. Our databases and database technologies may not be able to keep pace with the growth in the number of URLs and software applications, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery mechanisms associated with spyware, phishing and other hazards associated with the Internet.
Failure of our products to work properly or misuse of our products could impact sales, increase costs, and create risks of potential negative publicity and legal liability.
Our products are complex and are deployed in a wide variety of complex network environments. Our products may have errors or defects that users identify after deployment, which could harm our reputation and our business. In addition, products as complex as ours frequently contain undetected errors when first introduced or when new versions or enhancements are released. We have from time to time found errors in versions of our products, and we may find such errors in the future. Because customers rely on our products to manage employee behavior to protect against security risks and prevent the loss of sensitive data, any significant defects or errors in our products may result in negative publicity or legal claims. For example, an actual or perceived breach of network or computer security at one of our customers, regardless of whether the breach is attributable to our products, could adversely affect the market’s perception of our security products. Moreover, parties whose Web sites or software applications are placed in security-risk categories or other categories with negative connotations may seek redress against us for falsely labeling them or for interfering with their business. The occurrence of errors could adversely affect sales of our products, divert the attention of engineering personnel from our product development efforts and cause significant customer relations or legal problems.
Our products may also be misused or abused by customers or non-customer third parties who obtain access and use of our products. These situations may arise where an organization uses our products in a manner that impacts their end users’ or employees’ privacy or where our products are misappropriated to censor private access to the Internet. Any of these situations could result in negative press coverage and negatively affect our reputation.
We face risks related to customer outsourcing to system integrators.
Some of our customers have outsourced the management of their information technology departments to large system integrators. If this trend continues, our established customer relationships could be disrupted and our products could be displaced by alternative system and network protection solutions offered by system integrators. Significant product displacements could impact our revenue and have a material adverse effect on our business.
Other vendors may include products similar to ours in their hardware or software and render our products obsolete.
In the future, vendors of hardware and of operating system software or other software may continue to enhance their products or bundle separate products to include functions that are currently provided primarily by network security software. If network security functions become standard features of computer hardware or of operating system software or other software, our products may become obsolete and unmarketable, particularly if the quality of these network security features is comparable to that of our products. Furthermore, even if the network security and/or management functions provided as standard features by hardware providers or operating systems or other software is more limited than that of our products, our customers might accept this limited functionality in lieu of purchasing additional software. Sales of our products would suffer materially if we were then unable to develop new Web filtering, security and information leak prevention products to further enhance operating systems or other software and to replace any obsolete products.
Our worldwide income tax provisions and other tax accruals may be insufficient if any taxing authorities assume taxing positions that are contrary to our positions.
Significant judgment is required in determining our worldwide provision for income taxes and for our accruals for other state, federal and international taxes such as sales and VAT taxes. In the ordinary course of a global business, there are many transactions for which the ultimate tax outcome is uncertain. Some of these uncertainties arise as a consequence of intercompany arrangements to share revenue and costs. In such arrangements there are uncertainties about the amount and manner of such sharing, which could ultimately result in changes once the arrangements are reviewed by taxing authorities. Although we believe that our approach to determining the amount of such arrangements is reasonable, no assurance can be given that the final tax authority review of these matters will not be materially different than that which is reflected in our historical income tax provisions and other tax accruals. Such differences could have a material effect on our income tax provisions or benefits, or other tax accruals, in the period in which such determination is made, and consequently, on our results of operations for such period.
From time to time, we are also audited by various state, federal and international authorities relating to tax matters. We fully cooperate with all audits. Our audits are in various stages of completion; however, no outcome for a particular audit can be determined with certainty prior to the conclusion of the audit and appeals process. As each audit is concluded, adjustments, if any, are appropriately recorded in our financial statements in the period determined. To provide for potential tax exposures, we maintain allowances for tax contingencies based on reasonable estimates of our potential exposure with respect to the tax liabilities that may result from such audits. However, if the reserves are insufficient upon
completion of any audits, there could be an adverse impact on our financial position and results of operations.
Any failure to protect our proprietary technology would negatively impact our business.
Intellectual property is critical to our success, and we rely upon trademark, copyright and trade secret laws in the United States and other jurisdictions as well as confidentiality procedures and contractual provisions to protect our proprietary technology and our Websense brand. We rely on trade secrets to protect technology where we believe patent protection is not appropriate or obtainable. However, trade secrets are difficult to protect. While we require employees, collaborators and consultants to enter into confidentiality agreements, we cannot assure that these agreements will not be breached or that we will have adequate remedies for any breach. We may not be able to adequately protect our trade secrets or other proprietary information in the event of any unauthorized use or disclosure or the lawful development by others of such information.
We have registered our Websense and Websense Enterprise trademarks in several countries and have registrations for the Websense trademark pending in several other countries. Effective trademark protection may not be available in every country where our products are available. Furthermore, any of our trademarks may be challenged by others or invalidated through administrative process or litigation.
We currently have only four issued patents in the United States and two patents issued internationally, and we may be unable to obtain further patent protection in the future. We have several pending patent applications in the United States and in other countries. We cannot ensure that:
· we were the first to make the inventions covered by each of our pending patent applications;
· we were the first to file patent applications for these inventions;
· others will not independently develop similar or alternative technologies or duplicate any of our technologies;
· any of our pending patent applications will result in issued patents;
· any patents issued to us will provide us with any competitive advantages or will not be challenged by third parties;
· we will develop additional proprietary technologies that are patentable; or
· the patents of others will not have a negative effect on our ability to do business.
Furthermore, legal standards relating to the validity, enforceability and scope of protection of intellectual property rights are uncertain. Effective patent, trademark, copyright and trade secret protection may not be available to us in every country in which our products are available. The laws of some foreign countries may not be as protective of intellectual property rights as U.S. laws, and mechanisms for enforcement of intellectual property rights may be inadequate. As a result our means of protecting our proprietary technology and brands may not be adequate. Furthermore, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property, including the misappropriation or misuse of the content of our proprietary databases of universal resource locators (URLs) and software applications. Any such infringement or misappropriation could have a material adverse effect on our business, results of operations and financial condition.
Third parties claiming that we infringe their proprietary rights could cause us to incur significant legal expenses and prevent us from selling our products.
The software and Internet industries are characterized by the existence of a large number of patents, trademarks and copyrights and by frequent litigation based on allegations of patent infringement or other
violations of intellectual property rights. As we expand our product offerings in the data leakage and security area where larger companies with large patent portfolios compete, the possibility of an intellectual property claim against us grows. We could receive claims that we have infringed the intellectual property rights of others, including claims regarding patents, copyrights, and trademarks. Any such claim, with or without merit, could result in costly litigation and distract management from day-to-day operations. If we are not successful in defending such claims, we could be required to stop selling our products, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our customers.
Because we recognize revenue from subscriptions for our products ratably over the term of the subscription, downturns in sales may not be immediately reflected in our revenue.
We expect that nearly all of our revenue for the foreseeable future will come from subscriptions to Websense Enterprise and our add-on products. Upon execution of a subscription agreement, we invoice our customers for the full term of the subscription agreement. We then recognize revenue from customers daily over the terms of their subscription agreements, which typically have durations of 12, 24 or 36 months. As a result, a majority of the revenue we report in each quarter is derived from deferred revenue from subscription agreements entered into and paid for during previous quarters. Because of this financial model, the revenue we report in any quarter or series of quarters may mask significant downturns in sales and the market acceptance of our products before these downturns result in declining revenues.
Our quarterly operating results may fluctuate significantly, and these fluctuations may cause our stock price to fall.
Our quarterly operating results have varied significantly in the past, and will likely vary in the future primarily as the result of fluctuations in our billings, revenues, operating expenses and tax provisions. Although a significant portion of our revenue in any quarter comes from previously deferred revenue, a meaningful portion of our revenue in any quarter depends on subscriptions to our products that are sold in that quarter. The risk of quarterly fluctuations is increased by the fact that a significant portion of our quarterly sales have historically been generated during the last month of each fiscal quarter, with many of the largest enterprise customers purchasing subscriptions to our products nearer to the end of the last month of each quarter. Due to the unpredictability of these end-of-period buying patterns, forecasts may not be achieved.
We expect that our operating expenses will increase substantially in the future as we expand our selling and marketing activities, increase our research and development efforts and hire additional personnel which could impact our gross margins. In addition, our operating expenses historically have fluctuated, and may continue to fluctuate in the future, as the result of the factors described below and elsewhere in this quarterly report:
· timing of marketing expenses for activities such as trade shows and advertising campaigns;
· quarterly variations in general and administrative expenses, such as recruiting expenses and professional services fees;
· increased research and development costs prior to new or enhanced product launches; and
· timing of expenses associated with commissions paid on sales of subscriptions to our products.
Consequently, our results of operations may not meet the expectations of current or potential investors. If this occurs, the price of our common stock may decline.
The market price of our common stock is likely to be highly volatile and subject to wide fluctuations.
The market price of our common stock has been and likely will continue to be highly volatile and could be subject to wide fluctuations in response to a number of factors that are beyond our control, including:
· announcements of technological innovations or new products or services by our competitors;
· demand for our products, including fluctuations in subscription renewals;
· changes in the pricing policies of our competitors; and
· changes in government regulations.
In addition, the market price of our common stock could be subject to wide fluctuations in response to:
· announcements of technological innovations or new products or services by us;
· changes in our pricing policies; and
· quarterly variations in our revenues and operating expenses.
Further, the stock market has experienced significant price and volume fluctuations that have particularly affected the market price of the stock of many Internet-related companies, and that often have been unrelated or disproportionate to the operating performance of these companies. A number of publicly traded Internet-related companies have current market prices below their initial public offering prices. Market fluctuations such as these may seriously harm the market price of our common stock. In the past, securities class action suits have been filed following periods of market volatility in the price of a company’s securities. If such an action were instituted, we would incur substantial costs and a diversion of management attention and resources, which would seriously harm our business, results of operations and financial condition.
We are dependent on our management team, and the loss of any key member of this team may prevent us from implementing our business plan in a timely manner.
Our success depends largely upon the continued services of our executive officers and other key management personnel. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products and technologies. We do not have employment agreements with a majority of our executive officers, key management or development personnel and, therefore, they could terminate their employment with us at any time without penalty. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our key employees could seriously harm our business, results of operations and financial condition. In such an event we may be unable to recruit personnel to replace these individuals in a timely manner, or at all, on acceptable terms.
Because competition for our target employees is intense, we may not be able to attract and retain the highly skilled employees we need to support our planned growth.
To execute our growth plan, we must attract and retain highly qualified personnel. We need to hire additional personnel in virtually all operational areas, including selling and marketing, research and development, operations and technical support, customer service and administration. Competition for these personnel is intense, especially for engineers with high levels of experience in designing and developing software and Internet-related products. We may not be successful in attracting and retaining qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled employees with appropriate
qualifications. In order to attract and retain personnel in a competitive marketplace, we believe that we must provide a competitive compensation package, including cash and equity based compensation. The volatility of our stock price may from time to time adversely affect our ability to recruit or retain employees. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we fail to attract new personnel or retain and motivate our current personnel, our business and future growth prospects could be severely harmed.
Compliance with changing regulation of corporate governance, accounting principles and public disclosure may result in additional expenses.
Changing laws, regulations and standards relating to corporate governance, accounting principles and public disclosure, including the Sarbanes-Oxley Act of 2002, new SEC regulations and NASDAQ Global Select Market rules, are creating uncertainty for companies such as ours. These new or changed laws, regulations and standards are subject to varying interpretations in many cases due to their lack of specificity and, as a result, their application in practice may evolve over time. Further guidance by regulatory and governing bodies can result in continuing uncertainty regarding compliance matters and higher costs related to the ongoing revisions to accounting, disclosure and governance practices. Our efforts to comply with evolving laws, regulations and standards have resulted in, and are likely to continue to result in, increased general and administrative expenses and a diversion of management time and attention from revenue-generating activities to compliance activities. In particular, our efforts to comply with Section 404 of the Sarbanes-Oxley Act of 2002 and the related regulations regarding our required assessment of our internal controls over financial reporting and our external auditors’ audit of that assessment has required the commitment of significant financial and managerial resources. If our efforts to comply with new or changed laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, our reputation may be harmed.
It may be difficult for a third party to acquire us, even if doing so would be beneficial to our stockholders.
Some provisions of our certificate of incorporation and bylaws, as well as some provisions of Delaware law, may discourage, delay or prevent third parties from acquiring us, even if doing so would be beneficial to our stockholders. For example, our certificate of incorporation provides for a classified board, with each board member serving a staggered three-year term. It also provides that stockholders may not fill board vacancies, call stockholder meetings or act by written consent. Our bylaws further provide that advance written notice is required prior to stockholder proposals. Each of these provisions makes it more difficult for stockholders to obtain control of our board or initiate actions that are opposed by the then current board. Additionally, we have authorized preferred stock that is undesignated, making it possible for the board to issue up to 5,000,000 shares of preferred stock with voting or other rights and preferences that could impede the success of any attempted change of control. Delaware law also could make it more difficult for a third party to acquire us. Section 203 of the Delaware General Corporation Law has an anti-takeover effect with respect to transactions not approved in advance by our board, including discouraging attempts that might result in a premium over the market price of the shares of common stock held by our stockholders.
We do not intend to pay dividends.
We have not declared or paid any cash dividends on our common stock since we have been a publicly traded company. We currently intend to retain any future cash flows from operations to fund growth and, do not expect to pay any cash dividends in the foreseeable future.
Item 1B. Unresolved Staff Comments
None.
