Datadog released Q2 2021 results on August 5th. The report was exceptional, demonstrating a return to the high revenue growth trajectory investors became accustomed to before COVID. Datadog beat expectations for Q2 on the top and bottom line by a significant margin, and raised projections for Q3 and the remainder of the year. The stock surged 15% following the results, after generally flatlining for the past 12 months. DDOG is now up over 35% in 2021 and I project it will end the year even higher. With this performance, DDOG is now the largest position in my personal portfolio.
I’ll list the most significant take-aways from the quarter below, with more details provided in the sections that follow. Additionally, readers can review my prior coverage of Datadog, which set the foundation for my optimistic view for 2021’s performance and why I increased my investment significantly for this year.
- Revenue growth is accelerating. Q2 revenue was up 67% year/year, after delivering 51% in Q1. This beat analyst estimates for 52% growth by 15%. The midpoint of the Q3 estimate is for 60% growth, implying that Q3 actuals could exceed 70% year/year growth.
- The full year outlook was also raised, to represent growth of about 56%. Keep in mind that the original estimate coming out of Q4 was for 38% growth. At that point, several analysts concluded that Datadog’s growth story was lagging. They have since brought estimates in line and boosted projections for the next 2 years.
- Billings, total RPO and current RPO growth rates were higher than revenue, further supporting future revenue growth looking forward. Total RPO increased by a staggering 103% year/year, reflecting Datadog’s ability to sign more multi-year deals.
- Operating leverage at scale is continuing, as FCF margin was 18% and Non-GAAP operating margin reached 13%.
- R&D spend increased 85% year/year and now makes up 30% of revenue. This exceeds S&M spend at 26% of revenue, which is unique among peers. Datadog is able to keep investing in R&D while maintaining low S&M spend without impacting revenue growth.
- Total customer growth of 36% combined with DBNRR over 130% provide another tailwind to revenue growth. Datadog is continuing a high pace of new customer additions and then growing their spend over time. 70% of Q2’s year/year increase in revenue came from customer spend expansion.
- Continued building out their security offering with the launch of the Cloud Security Platform. They introduced another monetized product in Cloud Workload Security and announced Application Security in Beta. These are in addition to CSPM and the core Security Monitoring product launched earlier.
- Product delivery velocity is accelerating. After earnings, Database Monitoring was released. This brings the number of products in GA to 12, up from 9 at the end of 2020. They also introduced the Beta release of CI Visibility, which brings observability to the CI/CD pipeline. And, we still have Dash in October to look forward to.
Financial Summary
Top Line Growth
Q2 revenue was $233.5M, up 66.8% annually and 17.6% sequentially. This beat analyst estimates for $212.4M, or 51.7% growth and the company’s prior estimate from Q1 for $211M – $213M. Q2 revenue growth accelerated significantly over Q1’s rate of 51.3%. Q2’s performance finally lapses the one year overhang from the one-time pullback in customer spend in Q2 2020 due to COVID.
Looking forward to Q3, more acceleration is implied. Datadog projects revenue growth of 59.7% annually and 5.5% sequentially at the midpoint. Given that the Q2 beat was about 15% of annualized revenue, actual Q3 revenue growth could exceed 70%. Datadog leadership also increased the full year revenue target to a range of $938M – $944M, for growth of 55.9% over 2020. This projection was raised from 46.6% in Q1 and 38% at the beginning of the year. These large steps up in annual revenue growth are impressive.
Other sales metrics further reinforce the thesis for continued growth. While management does not encourage investors to track billings growth, that did increase 69% year/year in Q2. Total RPO (Remaining Performance Obligations) reached $583M, up 103% year/year. This was driven by longer contract duration and multi-year deals and compares to Q1 RPO growth of 81% year/year. Current RPO (expected to close in the next 12 months) increased 80% year/year in Q2, versus 60% in Q1. Datadog added about $100M in ARR for second quarter in a row.
On the earnings call, management shared that APM and log management reached $400M in ARR together and are still in “hypergrowth” mode. More recently launched products are growing faster than that. This underscores Datadog’s product expansion strategy and management’s ability to anticipate customer needs.
Profitability
Even with accelerating revenue growth, Datadog continues to demonstrate operational leverage. Q2 Non-GAAP gross margin was 76%, down from 77% last quarter and 80% a year ago. Management explained that gross margin is lower due to continued investments in the platform. This is understandable as Datadog expands their integration with the hyperscalers and are supporting dedicated cloud environments for government agencies.
Operating income was $30.9M, representing an operating margin of 13%. This is nearly double the value from a year ago. The estimate for operating income coming out of the Q1 report was for a range of $9M – $11M, representing a substantial beat, mostly attributable to revenue outperformance. Datadog’s long term operating margin target is still for 20-25%.
Operating cash flow was $51.7M in Q2, up from $24.7M a year ago. FCF was $42.3M for a FCF margin of 18.1%. These are up from $18.6M a year ago for a FCF margin of 13.3%. This puts Datadog’s rule of 40 value in the range of 80 (op margin based) to 85 (FCF margin based). For Q3, they are expecting Non-GAAP operating income between $18M – $20M. For the full year, they now expect $87M – $93M, up from the prior estimate for $45M – $55M from Q1.
In terms of functional areas, what is most interesting is Datadog’s continued ramp of R&D spend and leverage in S&M spend. Non-GAAP S&M spend increased 33% year/year in Q2, while R&D spend increased 85%. This also represents the second quarter in which total R&D spend exceeded S&M.
- R&D = 30% (versus 27% in Q2 2020 and 31% in Q1)
- S&M = 26% (versus 33% in Q2 2020 and 28% in Q1)
- G&A = 7% (versus 9% in Q2 2020 and 8% in Q1)
The fact that Datadog can maintain high revenue growth, while slowly reducing relative spend in S&M indicates a very efficient go-to-market motion. The outsized R&D spend growth emphasizes their continued investment in building out the product platform. Datadog now has 12 monetized product offerings (13 if you separate APM and Continuous Profiler). This is up from 9 at the beginning of the year. Further, they announced two new products in Beta availability.
Datadog’s flywheel of product expansion is important for investors to appreciate. More products drive growth in customer spend, as they add new products to their subscription. Customer spend growth drives more revenue. Incremental gross profit is then be funneled back into R&D to build out Datadog’s platform further.
Customer Activity
Datadog continued its strong “land and expand” motion in Q2, with revenue increasing by $94M or 67% year/year. In the 10-Q, Datadog disclosed that approximately 70% of the increase in revenue was attributable to growth from existing customers, and the remaining 30% came from new customers. That is a very interesting statistic and reflects the underlying importance of their expansion motion.
Let’s review the components of expansion. First, a customer’s usage will naturally grow in proportion to their consumption of cloud resources. Since Datadog pricing scales with usage, customers would increase their spend as they expand their cloud infrastructure footprint. On the surface, this sounds problematic, but these customers are generally growing their business in parallel, so allocating more spend to the drivers of the business would be expected. Datadog’s share might not scale exactly in proportion, as higher volume discounts would kick in, but it is fair to expect an increase.
In Datadog’s case, many of their customers are digitally-native disruptors, who themselves are experiencing rapid growth. Their customer list includes examples like Peloton, Airbnb, Instacart, Fiverr, Coinbase, DraftKings, Wayfair and Zillow. While some of these experienced a COVID-induced surge in business, the majority are simply capitalizing on secular trends. This organic growth by itself likely drives a lot of customer spend expansion.
Second, this growth in spending is driven by customers adopting multiple product offerings. A typical customer may start with 1-2 Datadog products, and then add more over time. For example, it’s common to begin with infrastructure monitoring and/or logging, then add APM, network monitoring, user experience, etc. in subsequent periods. Each of these additional products has their own pricing structure, based on number of hosts, data ingested, users, etc., which then commits the customer to more spend. Adding products is seamless for the customer. They can activate new modules through the Datadog user interface and don’t need to deploy any new software.
Looking forward, new customers provide the baseline for the future expansion motion. In this regard, Datadog delivered a record number of customer additions in Q2. At the end of June, Datadog had over 16,400 total customers. This is up 36% from the Q2 2020 count of 12,100. For Q1, they reported 15,200 customers, meaning they added 1,200 in Q2 for sequential growth of 7.9%. Following the Q1 report, I was a little worried that sequential growth was slowing down as the absolute number of additions seemed stuck at about 1,000. In Q2, Datadog pushed customer adds beyond the 1,000 mark for sequential adds and re-accelerated both sequential and annualized growth. For further perspective, we can look back two years to the IPO. At the end of Q2 2019, they had 8,800 customers. So, Datadog has nearly doubled their total customers in 2 years.
Datadog regularly reports on the number of “large” customers, which they define as spending more than $100k in ARR. These now represent 80% of Datadog’s revenue, so it is a critical contributor to growth. In Q2, they reported 1,610 of these customers, which was up almost 60% from Q2 of last year. Sequentially, they added 173 large customers in the quarter for growth over Q1 of 12.0%. While slightly below Q1’s additions, it is still much higher than historical values. Two years ago, they had only 594 customers of this size. This count has almost tripled in 2 years.
Datadog measures the increase in customer spend using the dollar-based net retention rate. They haven’t reported the actual value since their IPO, but disclose that it is above 130%. Once again in Q2, DBNRR was over 130%, which has been the case for the past 16 quarters. This means that on average customers increase their spending on Datadog by 30% or more each year.
Because Datadog makes it easy for customers to activate additional products, customers often start with a couple and then gradually add more modules over time. Datadog management has been reporting values for the percent of customers that have adopted two or more and four or more products for the last two years.
If we examine these values and extrapolate to total number of customers, the high growth in product add-ons becomes apparent. Not only are the percentages of customers using multiple products increasing, but also the total customer count grows, which magnifies the absolute number of customers in each category and the rate of change annually.
For example, in Q2, the number of customers using two or more products increased by 49% annually, while the total number of customers increased by 36%. For customers using four or more products, the absolute number of customers increased by 2.5x year/year. As Datadog continues to add more products to the platform, we will likely get more visibility into customers adopting higher numbers of products. In Q1, Datadog disclosed that “hundreds” of customers were using 6 or more products.
The combination of these factors is driving high revenue growth. As total annualized customer growth remains above 30% and DBNRR (dollar based net retention rate) remains over 130%, I think we can expect total revenue growth to continue over 50% a year. Conceptually, this makes sense. Datadog is adding more than 30% total new customers each year and existing customers increase their spend by an average of over 30%.
The growth in multiple product adoption is enabled by Datadog’s platform strategy and rapid product development cadence. They continue to add new products to the platform suite, each of which addresses unique use cases and adds value incrementally. Their pace of product development has been accelerating over the years, at least as measured by the number of released offerings that contribute to revenue. While 2017-2018 added one new product each year, 2019-2020 added 3-4 per year.
For 2021, Datadog has already released 3 new products in GA and 2 in Beta. Once a product is released to GA, it is included on the pricing page. Datadog now has 12 products with individual pricing, up from 9 at end of 2020. And, we still have Datadog’s annual user conference, Dash, scheduled for late October. In 2020, Dash was held virtually in August and introduced a number of new product enhancements and stand-alone offerings. I think we can expect a similar cadence for this year, given the outsized investment in R&D. Dash could bring a couple more products to GA, meaning that Datadog might end 2021 with an increase of 40-50% of products with pricing.
Product Development
Datadog increases revenue by driving expansion in three dimensions. These are landing new customers, building new products for customers to adopt and growing customer usage of each product. ARR growth is powered by the combination of these three contributors. As long as Datadog continues to expand along each dimension, investors can expect a high rate of revenue growth to continue.
We have talked about customer additions and the increase in spend for existing customers. After making a number of incremental feature releases in the first half of 2021, the Datadog product team revealed more of what they have been working on in July. In the last two months, they have brought three new products to GA and two to beta. For the GA products, they are available now to customers with pricing. This increases the number of product offerings that can be sold to customers from 9 at the end of 2020 to 12 now.
In fact, Datadog is adding so many products to their pricing page that they have had to get creative with the UI layout to display them. Over the last two years, I have watched this display morph from one row, to two, and now to a honeycomb type layout with three rows and four columns. It will be fun to watch how this continues to evolve – graphic designers in Datadog’s marketing team will have their work cut out for them.
And 2021 isn’t over yet. We have the Dash user conference in late October, which will likely yield more product announcements. At Dash 2020, Datadog unveiled several new products. Now, let’s take a deeper look at the recent product releases and speculate about future directions.
Cloud Security Platform
Datadog’s first security product was Security Monitoring, announced in April 2020. This provided a basic SIEM capability, identifying threats to cloud-hosted environments by analyzing operational and security logs. This brought out-of-the-box security integrations and threat detection rules mapped to the MITRE ATT&CK® framework and other compliance frameworks. Those are easy to extend and customize. Customers could realize immediate value with minimal configuration.
Datadog’s advantage in expanding into security offerings, relative to competitive point security solutions, is its grounding in observability. DevSecOps personnel have access to metrics, logs and traces across the entire infrastructure and application stack, which provide additional context when diagnosing a security alert. For example, a spike in CPU might be associated with a malicious process, or unusual outbound network activity might indicate data extraction. These provide powerful signals to validate malicious intent and reduce false positives.
An example of this seamless expansion is provided by Instacart. They had been using Datadog since late 2018. Over time, they adopted all “three pillars of observability” products, including Logs, Infrastructure and APM. After Security Monitoring was launched, they added that product to their suite. Instacart has to actively watch for malicious users trying to take-over other user accounts through credential stuffing. Security monitoring helps them to quickly isolate this behavior to a single user, so that account can be blocked. They also really value the ability to share dashboards and data analysis across all three teams – security, development and operations. This allows them to make sure that the application is meeting their SLAs and ultimately provide fast service to their customers.
For the year after launching Security Monitoring, the Datadog team was gathering feedback from customers and working on a significant expansion of their security capabilities. This culminated in early August of this year with the launch of the Datadog Cloud Security Platform. This product suite included the already launched Security Monitoring and adds several new products to the mix.
- Cloud Security Posture Management (CSPM). Monitor the configuration of infrastructure to ensure it isn’t vulnerable to exploit through misconfiguration. Maintain compliance with industry standard programs, like PCI and SOC 2.
- Workload Security. Look for indicators of malicious activity within a host, monitoring the operating system, file structure, user accounts and processes.
- Application Security. Monitor for application level attacks, usually targeting the user inputs for web apps and APIs.
These security capabilities are enhanced by dashboards and reporting that provides a unified view between observability and security. This allows operators to switch seamlessly between DevOps telemetry data and security insights. This unified experience enables security teams to understand the operational and business impact of security incidents, and DevOps teams to see security signals alongside the metrics, traces and logs of their services. This new offering enables organizations to use a single platform to correlate security insights with monitoring data across infrastructure, network and application tiers, providing Security teams with the visibility they need to understand and respond to potential threats faster.
This platform approach with the new offerings provides a much more comprehensive set of capabilities to locate and remediate security threats to cloud workloads and the applications running within them. These capabilities pair nicely with Datadog’s existing observability product suite, which similarly targets the delivery of modern software applications. This synergy distinguishes Datadog from other pure security platforms that span all aspects of enterprise security, ranging from network to end user devices to cloud workloads.
While relatively new, many Datadog customers are already adopting their security solutions. Datadog has provided testimonials from several prominent digital natives that are using their security products, alongside other observability tools. Examples include not just Instacart, but also Lemonade, Delivery Hero, Kiwi.com and Marketplacer.
With Lemonade’s growth, cloud security has become a primary focus,” said Jonathan Jaffe, Chief Information Security Officer, Lemonade. “Within the first week of an easy integration, Datadog’s security offerings helped my team manage potential threats faster, with less effort, and with higher fidelity and accuracy. What’s more, collaboration with our DevOps colleagues became easier and has helped tie security to the business. We have many security tools and services; Datadog Cloud Security Platform has become one of our top-three tools. We see it supporting our current and future growth with security, and in lockstep with DevOps.
CISO, Lemonade
With these four capabilities in place, Datadog offers a well-rounded Security Platform. They now offer not just a basic SIEM tool for identifying threat activity in logs and telemetry signals, but monitor server configurations, application activity and workload behavior for vulnerabilities and nefarious activity. This significantly enhances Datadog’s security offering – we could loosely posit that it represents a 3x increase in capability.
Cloud Security Posture Management
The first addition to the expanded security portfolio was the announcement in July of Cloud Security Posture Management (CSPM). Originally, a beta version of this product was introduced in August 2020 and called Compliance Monitoring.
CSPM provides DevSecOps teams with a toolset to monitor the configuration of cloud resources and ensure that a team’s infrastructure meets requirements for various compliance programs. CSPM supports several industry standard frameworks for security compliance, including PCI DSS, SOC 2, HIPAA, GDPR, and CIS (Center for Internet Security). Each of these frameworks has their own guidelines for the proper configuration of cloud infrastructure, primarily revolving around discoverability of services and breadth of access permissions.
Maintaining these standards can be very critical for a cloud-based business. PCI compliance governs the ability to process credit cards. HIPAA compliance is necessary for applications associated with health care. SOC 2 is general indicator of security best practices, often expected for any SaaS business that handles user data. Each of these frameworks includes checklists of requirements that must be tested and verified periodically.
CSPM can automate the checks and provide test results to customer teams. These results can be used to remediate issues proactively. A requirement of most security frameworks is periodic testing. CSPM will record tests, results and remediation actions that can be stored for future audits of compliance. This represents potential upside for Datadog, as enterprises will often pay a security compliance vendor to conduct these checks and provide validated results. This spend can shift to Datadog.
Beyond maintaining security certifications, CSPM provides the benefit of surfacing infrastructure misconfigurations that represent an ongoing security risk. Many security breaches originate from a misconfigured server or data service. DevOps personnel can mistakenly leave access controls too open or expose certain service ports to the Internet. An example might be setting up a new S3 bucket to store files, but not locking down the access permissions. Getting alerted on these misconfiguration issues allows the security team to address them before outside parties notice.
CSPM is priced at $7.50 per host per month. This is about half the price of Infrastructure Monitoring and would presumably be deployed on the same footprint of server infrastructure. This is because the configuration of most types of server infrastructure is relevant for compliance monitoring, versus say APM, which applies to just servers running the application.
Workload Security
Cloud Workload Security was announced in conjunction with the overall Cloud Security Platform. The Datadog team introduced the product in a blog post. Workload Security focuses on monitoring activity within the infrastructure host operating system, watching the file system, processes and the kernel itself to identify potentially malicious behavior. This is applied to all form factors of cloud infrastructure, including EC2 instances, Kubernetes clusters and containers. This is all performed in real-time and works in conjunction with the other capabilities of the Security Platform.
As examples, common attack patterns involve escalating permissions for users or adding new files to the operating system. These signals might be combined with other telemetry data, like a CPU usage spike or change in network activity to provide further insight. Workload security utilizes pre-packaged detection rules to identify unusual behavior and surface these signals as a potential threat for security analysts to review.
Workload Security is enabled by the single, unified Datadog Agent, that is already installed on all systems being monitored by Datadog’s observability products. Datadog’s infrastructure monitoring requires the Agent to work, which implies that almost all of a customer’s cloud infrastructure is already pre-loaded for workload security monitoring. The customer need only activate the product on the admin dashboard. No additional server updates or configuration is needed.
Workload Security is priced at $15 per host per month. This is about half the pricing of APM and on par with Infrastructure. Each of those products generates more than $100M of ARR. Like CSPM, this would be an easy add-on for customers and could eventually grow to be as large as Datadog’s observability products.
Application Security (Beta)
Application Security, currently in beta, provides protection against application-level threats by identifying and blocking attacks that target code-level vulnerabilities. Examples are SQL injections and cross-site scripting (XSS) exploits. These typically involve the user interface and data inputs associated with an application. The hacker will try to manipulate user input processing routines to gain access to data from other users. This type of activity can be prevented by actively monitoring the inputs and outputs of the web or mobile application, and its underlying APIs that provide data exchange between the client and the server.
This capability leverages the acquisition of Sqreen, announced in February and closed in April. Sqreen is a SaaS-based security platform that enables enterprises to detect, block and respond to application level attacks. To do this, they provide a solution for runtime application protection (RASP). In addition to RASP, Sqreen’s solution includes a web application firewall (WAF). Security issues in the application layer are challenging to manage, as the owner needs to allow legitimate traffic, while blocking nefarious activity.
At the time of the acquisition, Datadog leadership signaled that they would be taking the technology behind Sqreen and incorporating that into the Datadog platform. With the beta release of Application Security, we now have the first version of that integration. As an additional benefit coming out of the acquisition, Sqreen claimed to have over 800 customers. These likely offer some cross-sell opportunitities for Datadog.
These capabilities push Datadog further forward into active application protection, versus monitoring. By having a the Datadog agent on every infrastructure host that observes activity at a granular level, Datadog can easily turn on these new security capabilities without requiring additional deployment by their customers. Having the agent on every device allows for more active monitoring of security-related context. It also offers the ability to take action to prevent further damage once malicious behavior is detected.
CI Visibility (Beta)
Not all of Datadog’s product work this year has been in security. In July, they announced the beta release of a new product that represents their foray into applying observability to developer workflows. Their first step is CI Visibility, which provides visibility into the development organization’s CI/CD (Continuous Integration / Continuous Delivery) workflows. As we saw with Security, I think this represents the first of several products that target development activities and fold them into the broader observability trend. I wouldn’t be surprised to see a “platform” suite of products built up over time that target developers.
CI/CD bridges the gap between development and operations activities, by adding automation to the building, testing and deployment of software applications. Before the CI/CD movement, these processes were handled manually by Build and Release Engineers. Over time, engineering teams realized that many of these processes could be scripted and made repeatable, allowing them to scale and remove human error. This laid the groundwork for modern day DevOps practices that involve continuous development, testing, integration, and deployment of software applications.
The tie with observability is natural because the only way to scale these automated processes and reach the end goal of frequent releases is to have full stack infrastructure and application monitoring in place. That way, if a software release triggers a production outage, the monitoring system will identify the cause and can connect that to the last software release. The CI/CD practice forms the basis of modern day DevOps operations, because it represents the membrane between development and operations.
Datadog’s CI Visibility provides deep insight into the performance of an organization’s CI pipelines, making it easy to identify issues. With the rise of micro-services and the breaking up of the application monolith, engineering organizations often have many different code projects progressing through the CI/CD process in parallel. Keep these jobs running smoothly can be a major undertaking for a large engineering organization. CI Visibility monitors this build, test and deploy activity and will flag jobs or functional tests that fail frequently. This insight can help DevOps personnel make adjustments to improve the success rate. That might be to add more error-catching code around the build steps or updating tests to improve stability.
One component of the product, CI Pipeline Visibility, generates key performance metrics to help understand which pipelines, build stages, or jobs are run the most. It also tracks how often they fail, and how long they take to complete. Datadog visualizes this information in a customizable out-of-the-box Pipelines dashboard. This provides DevOps teams with a high-level overview of performance across all pipelines, build stages, and jobs. Teams can track these trends to identify where to focus troubleshooting efforts.
The other component, CI Testing Visibility, allows teams to easily monitor tests across all builds to surface common errors and visualize test performance over time to spot regressions. In the Testing Visibility page, operators can see each services’ test suites along with the corresponding branch, duration, and number of fails, passes, and skips. Datadog also tracks the number of tests that pass and fail for the same commit, which were previously unseen in the default branch.
Datadog Testing Visibility automatically instruments each test so operators can trace them from end to end without spending time reproducing test failures. For example, an operator can debug a flaky test by drilling into the test trace for more information. Using the flame graph, the user can easily find the point(s) of failure in a complex integration test. Clicking on an errorful span, they can examine the stacktrace along with related error messages to examine what caused the test to fail in that instance.
CI Visibility leverages capabilities gained from another recent Datadog acquisition. In August 2020, Datadog announced that they had acquired Undefined Labs, which provides testing and observability capabilities for developer workflows before pushing to production. As Datadog’s products have traditionally been focused on the production environment, this acquisition extended their visibility into pre-production development and test cycles (shift left). Undefined Labs’ Scope tool is integrated into CI/CD platforms, like CircleCI and Jenkins, to enable developers to automatically take advantage of monitoring and testing capabilities within their existing workflows. Scope allows developers to execute unit tests, measure performance, tie test failures back to source code and view summarized results in a consolidated dashboard.
The Undefined Labs acquisition aligned Datadog more closely with developers during the design and test phases of software development, as opposed to the just the post-release monitoring of the production environment. Datadog’s plan back in 2020 for absorbing the Undefined Labs product set was to sunset their existing products and rebuild them on the Datadog platform, so that full integration is realized off the bat. The engineering team has been actively engaged in this work over the last year. The release of CI Visibility represents the first functional incorporation of the Undefined Labs capabilities into the Datadog platform.
Connecting pre-production with production represents a smart strategy by Datadog and provides significant value for engineering teams, as it combines DevOps with developer activities. Not only will this yield another source of product revenue streams, but it would represent a significant advantage over other observability and security vendors by addressing a broader set of DevSecOps use cases by adding code-level insights.
Database Monitoring
After all of this, Datadog surprised investors (at least I was surprised to see another release so soon) in mid-August with yet another product release, Database Monitoring. This brings the number of individual products with pricing to 12, up from 9 at the end of 2020. This one triggered the new, honeycomb layout on the pricing page.
Database Monitoring provides deep visibility into database performance with historical context. This aids DevOps teams in troubleshooting performance bottlenecks and determining scaling strategies. Additionally, it can be used for resource optimization, by identifying expensive queries that might benefit from developer attention. The Database Monitoring tool provides query performance metrics, explain plans, and host-level metrics all in one place, allowing developers and database administrators to quickly understand the health and performance of their databases.
While there are some tools available from the database technology vendors to facilitate this type of visibility, Datadog’s solution has a few advantages. First, it spans multiple database types, recognizing that many organizations leverage different database engines (relational, document, graph, key value, etc.) for each type of application. With microservices, developers can select the best type of database for each application workload. Having one database monitoring tool that spans multiple database engines will save time.
Secondly, given that Datadog’s platform collects application traces, log data and metrics, it can provide additional insights for operators. A spike in the database server’s CPU can then be tied back to a slow, frequent query in the Database Monitoring tool. Similarly, a slow user response in RUM could be attributed to an overloaded database.
Database Monitoring assists engineering teams in several ways:
- Aggregate the performance of normalized queries in one view. Normalized queries show the general pattern of a SQL query, but with the individual input parameters obfuscated. Native database admin tools don’t aggregate these types of queries across multiple requests. Seeing aggregated performance data helps identify problematic queries.
- Troubleshoot slow queries with detailed explain plans. An explain plan breaks down a database query into components that indicate time spent in each step and associated table structure. That granular data is very useful for a developer to tune a query or add an index.
- Analyze historical trends in query performance. Most databases will provide a single request result of the time to run a particular query, but won’t store the results over time. Datadog’s solution provides the performance data graphed against time, so that operators can identify changes. For example, a particular query might have performed fine while the table size was small, but ballooned as more records were added.
- Explore and visualize sampled queries. While normalized query performance is useful to examine database utilization in the aggregate, being able to view the runtimes of individual queries with actual input parameters can provide another insight. The operator may be able to further isolate the causes of a long-running query – perhaps only triggering on a particular input value.
- Detect infrastructure-level issues impacting the database. This ties database performance back to the hardware configuration and resource utilization. Most databases are configured in clusters with multiple instances. Knowing how each database server is performing can help tune load balancing and inform capacity planning.
Database Monitoring currently supports the two most popular open source relational databases, MySQL and PostgreSQL. I suspect that Datadog will continue to expand the capabilities of the product to include other database variants, both relational and special purpose. I think Database Monitoring represents another useful add-on to the platform which should drive further customer expansion to multiple products. It also displaces alternate solutions for database performance tuning, whether upsells from database vendors or stand-alone products. Database Monitoring is listed for $70 per host per month. A large Internet property could have hundreds or thousands of database instances to monitor.
Future Development
Datadog is expanding their platform footprint so quickly, that investors may be left to wonder what is next. The acceleration of investment in R&D implies that Datadog leadership does not intend to take their foot off the gas. R&D spend is growing faster than revenue, hitting 85% year/year growth in the prior quarter and now exceeds spend on S&M. Leadership has indicated they plan to continue this pace.
As we speculate about future opportunities, I think we can consider two themes. The first is observability itself. The idea of observability is not constrained to just infrastructure and application monitoring. In fact, the early origins of the term observability weren’t associated with modern software application infrastructure at all. Rather, it derived from control theory and captures the idea that the internal state of any system can be determined by measuring its outputs. A system can be made observable if it can be sufficiently instrumented such that measurement of external outputs predicts internal behavior with sufficient accuracy.
With this definition, observability can be applied (and originally was) to other domains outside of software infrastructure. Any process that relies on repeatability, quality controls and predictable outcomes can be a candidate for observability solutions. That might apply to manufacturing lines, telecommunications, health care or even political campaigns. Within a business context, a sales funnel, marketing campaign, customer service program or recruiting effort can be made observable. In all these cases, the business process runs through a system of inputs and outputs. If we instrument it correctly and measures the appropriate signals, then its internal state should become more clear. More importantly, the likelihood of reaching an expected business outcome can be made more predictable.
The term does apply neatly to the infrastructure and code that drive modern software applications. If DevOps teams can identify and instrument the right measures of application performance, they can reliably predict the stability of the system (a digital experience) as a whole. This concept gave rise to the use of observability to describe software infrastructure monitoring. And, because of overuse, most industry participants assume the two are inextricably linked.
I realize this is a bit abstract, but the distinction is important for investors to appreciate. I make this point for two reasons. First, if another technology provider announces an offering for observability, that does not automatically mean they are targeting the core market of Datadog and other infrastructure monitoring vendors. They could very well be intending to make another system observable. As the term observability is applied to different contexts, investors can keep this in mind to avoid a knee jerk reaction around competitive announcements.
Second, and along the same lines, Datadog can take the concept of observability and apply it to other contexts. The most obvious would be in digital business operations. Specifically, a move into business analytics, helping digital businesses identify and measure the signals that would indicate a healthy digital operation. In addition to tying these measures to application uptime and responsiveness, they could correlate them to other desired business outcomes, like sell-through rates, marketing funnels and customer satisfaction. These types of business functions can be made “observable” and Datadog has the methodology and data processing platform to do that.
The other theme that offers expansion opportunities for Datadog is the superset of DevSecOps itself. I explored this in depth in my Q1 review, but it’s worth continuing to revisit. While Datadog’s guiding mission has been to assist with the convergence of Development, Security and Operations functions, that does not imply they have to remain within the intersection of those three spheres. Expanding from that core to provide tooling for each function more broadly offers a lot of incremental product landscape. While I think their offerings will still be grounded in the delivery of digitally enabled businesses using modern software applications, as these businesses evolve, they will need more tooling to execute along each of these distinct functions.
Considering that “observability” can be applied to other business functions and that the superset of DevSecOps encompasses many parts of the back-office of a business, Datadog’s product development pipeline can continue to explore new areas. We can infer some indicators by looking at each of these functions in isolation.
- Development. The process of designing, building, testing and releasing a digital experience.
- Security. The process of monitoring the digital experience for threats, mitigating them and controlling access to sensitive information.
- Operations. Running the digital experience, ensuring that it is meeting user expectations, achieving desired business outcomes and consuming company resources as expected.
If we extrapolate these general definitions of each function within DevSecOps and consider how to make them observable, it implies many additional product opportunities for Datadog. I created the digram below in my Q1 review and have updated it to reflect some recent additions and other future direcitons.
This exercise makes the growth opportunities for Datadog more clear. In the past, investors might have been tempted to put Datadog in the box of application and infrastructure monitoring. This led to the assumption that the market opportunity was limited. With more entrants, competitors would be fighting over increasingly smaller slices of market share. However, Datadog’s continued expansion into areas outside of traditional application and infrastructure monitoring have made their growth ambitions clear.
The addition of application and workload security was an obvious extension. They have stepped into operational orchestration with Incident Management. The leadership team has mentioned future opportunities in business analytics on analyst calls. CI Visibility and the Undefined Labs acquisition provides a beachhead into developer processes and tooling. Even the company name isn’t a constraint, and observability is simply a pipeline for giving business context to data. As an aside, the “Datadog” referred to a problematic server used for data collection in the founders’ prior company, not a pet.
Competitive Landscape
I have covered Datadog’s competitive position fairly extensively in past blog posts. These included my original write-up on Datadog and subsequent quarterly updates. Interested readers can track competitive activity through those posts. In the interest of brevity, I won’t repeat all of that here. Rather, I will provide some broad observations relative to competitive positioning and highlight notable activities.
To set the stage, the application and infrastructure observability market as a whole is large. Datadog leadership recently estimated it to be in the low $40B range, and that didn’t include some of their latest product additions, particularly the growing opportunity in security. Gartner has categorized Datadog’s core market as IT Operations Management (ITOM) and estimated it will reach $44B in spend by 2024. Back in 2018, Gartner also estimated that only about 5% of applications were monitored. This ratio has improved somewhat, but is nowhere near critical mass.
Growth of the cloud vendors provides a good proxy for the expansion rate of cloud infrastructure that Datadog can address. Market analyst firm Canalys reported that cloud services infrastructure spending increased 36% to $47B in Q2 of this year. That translates to a $200B annual run rate. A typical cloud infrastructure IT budget would allocate 5-10% of spend to monitoring – implying a $10B – $20B market opportunity. The Big 3 cloud vendors reported even higher growth rates than 36% in their Q2 reports. AWS grew by 37%, with Azure and GCP estimated to have grown over 50%. These trends provide strong tailwinds for Datadog’s business and explain the sustainability of their high growth.
This large market has attracted many entrants, ranging from publicly traded companies to start-ups. In parallel, the industry is seeing some consolidation, with several smaller providers getting acquired by larger publicly traded companies recently. Examples include ServiceNow and Lightstep, IBM and Instana, and Crowdstrike and Humio. This consolidation is an indication of market maturity and solidification of the positions of the leaders.
Arguably, the smaller, private observability providers needed to combine with a larger company in order to grow. At this point, we could consider the observability market as becoming a bit commoditized. What this has resulted in is a situation in which observability vendors are being evaluated on the breadth of their platform offering. Point solutions that address just log analysis, APM, network monitoring or synthetics are no longer tenable. This explains some of the recent acquisitions, where the acquired company addressed just a couple of use cases. Since most point offerings look the same, vendors are judged based on the number of feature solutions they support, with the broadest offering generally winning. This development has favored the larger vendors, with the R&D budget or balance sheet to support adding all features through internal development or acquisitions.
Going forward, I expect this to persist. The leading vendors will continue to expand their offerings to check more of the boxes in a CTO/CIO observability wish list. Given that most observability solutions have some set up cost (agent installation, data collection, operator training, alert configuration, etc.), reduction of providers is more efficient where features are similar. Also, it simplifies issue investigation by reducing the number of monitoring systems to check. Toggling between multiple monitoring tools is not efficient for DevSecOps personnel. These trends further support the hegemony of the largest vendors and creates a formidable barrier of entry for new entrants. It’s hard to win market share with just a couple of point solutions.
This explains why Datadog (and its competitors) have been rushing to build out so many new offerings. With its outsized investment in R&D and well-tuned product development process, Datadog is in a favorable position. This is now primarily an execution game and Datadog is in the pole position. They are expanding their platform faster than any of the major competitors. They are also growing revenue faster. And they continue to improve their competitive position in each category.
I could spend a lot of time comparing the pros and cons of each competitor’s platform, perhaps constructing some matrix of features and ratings for completeness. I do monitor the product developments of competitors and continuously watch for something new that might be disruptive. So far, they are all doing what I would expect. Like Datadog, they are continuing to round out platform capabilities, leaning into security and considering new avenues in the convergence of DevSecOps, like applying AI to make issue identification and resolution more proactive.
Given that landscape, investors could simplify the competitive product comparison exercise by simply assuming this is an execution game. The company with the strongest product development and go-to-market processes will likely win. To measure this velocity, we can look to business metrics. In many ways, the scoreboard tells the story.
Datadog has the right foundation. Their founders lived the DevOps problem before starting Datadog and are still running the company. They intuitively know what products will meet customer demand at the right point in time. Datadog’s start in infrastructure ensured their Agent landed on every component of a customer’s infrastructure. And their focus on digital disruptors provides a high growth customer base to fuel rapid expansion.
From this core, Datadog has constructed a finely-tuned flywheel of product development and go-to-market functions. They apply the concept of land and expand with military precision, with a clear understanding of the drivers and watch-outs. They have also leaned into product innovation heavily, constructing a product offering that can be easily extended into adjacent markets with a pricing model that ties incremental value to cost. New product offerings cleanly replace inefficient in-house efforts or displace point solutions.
At a high level, I think Datadog is distinguishing itself from competitors in the core infrastructure and application observability space in the following ways:
Land and Expand
Datadog has the strongest land and expand motion as compared to its observability competitors. Specifically, this translates into customer additions and expansion of spend by existing customers. In the most recent quarter, Datadog’s total paying customers increased by 36% and existing customer spend expanded by over 30% (DBNRR over 130%). For comparison, Dynatrace increased customers by 23% and reported DBNER over 120%. Elastic might be the closest with 32% customer growth and DBNER just under 130%.
Datadog has led in these metrics for the past several quarters, so this isn’t a new phenomenon. These factors combine to consistently drive higher revenue growth. Elastic and Splunk are in the midst of a transition of customers to their cloud platforms, which is driving higher growth in the cloud component. As this contributes a smaller amount of overall revenue, I expect these rates will marginalize over time. I think Elastic offers a compelling opportunity, which I have discussed in the past. That thesis is primarily grounded in the extensibility and customization available from their open source platform.
Nonetheless, at the end of the day, revenue growth is the gold standard. In this regard, Datadog is leading all direct, publicly traded competitors by a strong margin. This applies to both prior quarter and projections for the full year, indicating that for at least the rest of 2021, this leadership should continue. It’s also worth noting that Datadog’s total quarterly revenue recently passed Dynatrace, as well as exceeding Elastic and New Relic. Only Splunk has a higher revenue run rate, but their revenue growth has been tempered by the cloud migration.
Company | Rev Growth | Cust Growth | NRR |
DDOG | 67% | 36% | Above 130% |
DT | 35% | 23% | Above 120% |
ESTC | 50% | 32% | Below 130% |
NEWR | 11% | -8% | 111% |
SPLK | 23% | N/A | 129%* |
NRR is more directional. As mentioned, Datadog reports NRR as being above 130% consistently. Dynatrace takes a similar approach, but lowers the base to 120%. Elastic has reported NRR “slightly below” 130% for the past 2 quarters, after keeping it above 130% for a while. Splunk recently reported an NRR of 129%, but this was just for cloud revenue, not the business as a whole.
As I discussed, Datadog’s high DBNRR is driven by a customer’s own business expansion and their adoption of multiple products. Datadog’s popularity amongst digital natives versus traditional enterprises provides advantage. These companies are generally growing faster than the rest of the Global 2000. Examples of fast growing digital natives as customers are Airbnb, Peloton, DoorDash, NextDoor, Wayfair, Betterment, Fiverr, Draftkings, Buzzfeed and Zillow. Some of these companies quite possibly doubled the number of servers in their infrastructure over the past year. While their post-COVID growth may be comparatively slower, we can still expect expansion relatively in-line with Datadog’s overall growth.
The second driver of customer spend expansion is adoption of more products. A typical use case might be to start with Infrastructure or APM and then add Logging, RUM, Synthetics or Network monitoring. Datadog regularly increases the percent of customers who consume 2 or more, 4 or more and even 6 or more products. The absolute counts of customers are increasing even faster year/year. With Datadog’s pricing model based on usage per product, add-ons will increase a customer’s spend.
This expansion motion makes Datadog’s go-to-market function very efficient. New product subscriptions are trivial for a customer to add, and requires no changes to their infrastructure configuration. This lowers the sales overhead. Datadog doesn’t need to keep increasing S&M spend at a rate proportional to overall revenue growth. In Q2, Datadog increased S&M by just 33% year/year on a Non-GAAP basis, while revenue grew by 67%. This reflects significant leverage in the GTM effort.
Product Development Velocity
Because of Datadog’s efficient land and expand function and the inherent leverage generated for the go-to-market effort, they can allocate more revenue back into R&D. This is driving a rapid pace of platform expansion. Datadog has added 3-4 new monetized products to the platform over the last couple of years, and may well exceed that pace in 2021, with 3 products released to GA and 2 to Beta so far.
Datadog has been spending more on R&D than S&M for the past two quarters. This is rare amongst SaaS companies and is very favorable relative to direct competitors. If we examine revenue allocations to R&D and S&M from competitors, we can see Datadog’s advantage clearly. This difference is exacerbated by the fact that Datadog delivered the highest total revenue growth of these as well. The chart below illustrates the differences, showing data from the most recent quarter and relative spend in Non-GAAP terms.
Company | Rev Growth | S&M Spend | R&D Spend | R&D Increase |
DDOG | 67% | 26% | 30% | 85% |
DT | 35% | 34% | 14% | 43% |
ESTC | 50% | 39% | 24% | 22% |
NEWR | 11% | 44% | 21% | 18% |
SPLK | 23% | 51% | 30% | 38% |
Also notable is that the combination of Datadog’s high annual revenue growth and its increasing allocation to R&D allows it to increase spend each year on an absolute basis at a high rate. In Q2, R&D spend was 85% higher than the year ago period. This increased spend is sustaining Datadog’s rapid product build and release pipeline. Competitors increased R&D spend at lower rates, generally half as much or less. On an absolute basis, Datadog also spent significantly more on R&D than all other competitors except Splunk. Compared to Dynatrace, Datadog is spending over twice as much on R&D at this point.
Of these, Splunk is likely one to watch the closest given their overall size. Splunk has been undergoing a transition to a cloud offering and a new pricing model, which has impacted revenue growth due to recognition differences. Their cloud business generated $217M in revenue for the latest quarter, up 73% y/y. Cloud now makes up about 36% of total revenue. As the share for cloud increases, the growth rate will likely come down. Their reach and heft require investors to keep an eye on them. Additionally, the market isn’t expecting much, as they are maintaining a P/S ratio around 11. This could offer a nice set up for next year, as their transition progresses.
Elastic has been re-accelerating revenue growth this year, increasing from 44% last quarter to 50% in the most recent one. Cloud revenue grew 89% and now makes up 32% of total revenue (up from 25% a year ago). They also delivered positive Non-GAAP operating margin for the first time. Customer growth and the net expansion rate continue to be high. On the pessimistic side, billings and deferred revenue growth came down this quarter, and the full year raise was about the size of the Q1 beat. I have been a fan of the Elastic story for some time and wrote about the company extensively in the past. I will likely wait another quarter or two to see if the re-acceleration in growth sticks.
Getting back to Datadog, they are applying their outsized R&D spend along two dimensions. Not only do they launch new products, but they continue to improve upon existing ones. This has even resulted in Datadog “catching up” to product offerings from competitors who started in the category. A good example of this occurred in APM. After Datadog launched their APM product in 2017, they were not even included in Gartner’s Magic Quadrant for APM solutions for the years 2018 and 2019. In 2020, they were added to the Visionary quadrant. In 2021, they were promoted to the Leaders quadrant and are now 2nd out of the 5 direct competitors in “Completeness of Vision”, with only long-time incumbent Dynatrace ahead of them (for now).
I think we will see a similar trajectory in SIEM. Datadog launched their Security Monitoring product to GA in 2020 and have been adding to the security platform since then. For the SIEM category, Gartner provides a magic quadrant. To qualify, a company needs to have market-proven capabilities in security monitoring, threat detection and compliance. For the 2020 and 2021 Gartner magic quadrants for SIEM, Datadog was not included. This is likely to the maturity of the product and lack of a compliance solution until this year. Interestingly, Elastic was added to the 2021 magic quadrant as a niche player. Following the pattern of APM, I suspect we will see Datadog added to the SIEM MQ in the next year or two, as the product continues to mature and its customer base grows.
While the Gartner MQ’s can have issues and aren’t an absolute determinant of success, they provide a reasonably objective view of the product’s position in the market. I view Datadog’s recognition in these as reflective of their growing market position. If anything, Gartner MQ’s are a lagging indicator, so Datadog’s addition to the APM leader’s quadrant reflects solid up-market momentum.
Emerging Competitors
As Datadog is expanding from their base in application and infrastructure observability into security, developer workflows and operations, some players in those categories are making moves that might encroach on Datadog’s market. These are being accomplished through acquisitions or new partnerships. While it would be difficult to map all of these moves, I’ll take a look at a few of the most notable players below.
The key consideration underscoring all of this though, goes back to the discussion around Datadog’s platform strategy and the advantages of a full-featured offering versus point solutions. I have talked about how infrastructure observability feature sets are fairly mature and enterprise buyers (CTO or VP Eng) have an expectation that a provider checks most of the boxes for software application observability – metrics, traces, logs, RUM, synthetic testing, network, etc. A move into observability that is grounded in just one pillar, like just logs or APM, is less likely to gain traction. A full-featured offering with all the bells and whistles is more important.
Also, as discussed previously, observability is a broadening term. Just because another technology provider announces their intent to add “observability” support, it doesn’t automatically mean that they are gunning for Datadog’s market share. Any system or business process can be made observable by adding instrumentation, capturing data measures and graphing the results over time. That could apply to sales processes, customer service or manufacturing. It could also apply to other categories of IT, like enterprise security, ETL data pipelines or desktop support.
I actually think that we will start to see more and more announcements of extensions of observability into different categories. This is a bit buzzy and a bit practical. Buzz around the concept of observability in digital environments, makes the term headline-catching if applied to anything. Adding observability to a sales process might imply a higher level of instrumentation and monitoring than currently exists. The same might apply to manufacturing as an improvement over current quality controls. Any company looking to make a new product release stand out could slap the term observability onto it.
On the practical side, though, the continued application of software and automation to customer experiences, distribution channels and regular business functions provides fertile ground for observability. In web site and mobile app delivery, observability was introduced many years after launch, as those technologies scaled and became the core driver of business for digital natives. The automation of other business processes, like sales, marketing and customer service, became popular over the last 10 years through many SaaS offers, starting with Salesforce. We may see a similar delayed application of observability to make these processes more transparent and predictable in the future.
Crowdstrike
On February 18th, Crowdstrike announced the acquisition of Humio for $400M. Humio provides a highly scalable streaming log management platform, which has applications for security monitoring and observability. The platform can ingest any type of log data, like system logs, metrics, traces, etc. and rapidly aggregate them for visualization. They list about 50 supported integrations with common infrastructure services. Humio has accumulated a number of active customers, including Bloomberg, HPE, Lunar and Michigan State University. I covered this acquisition in more detail in my Datadog Q4 Recap.
Since then, Crowdstrike discussed Humio on their Q1 earnings call and Investor Briefing. Near term, Humio enhances Crowdstrike’s back-end data processing and provides more data sources to inform the effectiveness of their security solution. Humio brings log management technology to allow Crowdstrike to rapidly ingest logs from many sources and surface insights for security monitoring. The initial planned application is to enhance the performance and reach of Crowdstrike’s EDR product to address what the industry is now calling eXtended Detection and Response (XDR). XDR essentially builds on the same capabilities enabled by EDR, but casts a wider net of data collection across a customer’s infrastructure.
However, Crowdstrike is already making Humio’s log analysis and management capabilities available to customers. On the Q1 call, management highlighted a win with a Fortune 500 customer that was using multiple legacy, on-premise log management products for various security and DevOps use cases. Looking to migrate to a cloud-based solution that would reduce cost, the customer chose Humio over a leading competitor in this space (I suspect Splunk). On the call, they also disclosed that Humio accounts for $3.6M of net new ARR and brought 119 new customers in the quarter.
This will be a development to watch. Crowdstrike is a leader in security and has demonstrated near flawless execution in dominating that space. I think they will continue to lead the security market and increase their share. I am a little skeptical of how easy it will be for them to gain substantial traction in the traditional observability market. Nonetheless, I am a CRWD shareholder as well.
I think Crowdstrike can continue to pick up log management business, particularly where those logs are being ingested to perform security monitoring. For application performance observability in general, log analysis needs to be combined with the full spectrum of signals in order to provide a full picture for DevOps teams to troubleshoot issues. Those would include traces (APM), infrastructure metrics, user monitoring, network performance, serverless, databases, etc. Humio is largely a log analysis solution currently. It will require substantial development to expand into a full observability suite.
Just as Datadog has plans to address some, but not all, security use cases, Crowdstrike will likely peel off some observability ones. On their earnings calls, Datadog has made it clear they aren’t pursuing enterprise security and endpoint protection. It’s likely Crowdstrike will focus their observability solutions on specific market segments as well, possibly for log management within security operations. In the near term, these markets have enormous TAM’s and both companies have plenty of room to grow. Long term, investors will want to watch for further encroachment and competitive positioning between these two leaders. We will get more insight into Crowdstrike’s progress and plans on their upcoming Q2 earnings call.
Snowflake
Snowflake promotes “Application Health and Security Analysis” as a use case for developers who want to build applications on top of Snowflake’s Data Cloud. The reference architecture diagram even resembles a standard pipeline for application log ingestion, analysis, dashboarding and alerting. This would be suitable for an enterprise that wants to take a DIY approach to log management and leverage their existing relationship with Snowflake.
However, this isn’t a full featured observability solution and I don’t think Snowflake intends to build and market observability tools, at least not in the near term. Their strategy is to encourage enterprise customers to build their own custom monitoring solutions on top of Snowflake or provide the underlying data processing engine for an independent company to bring an observability suite to market.
In the latter case, they have the Powered by Snowflake program. In fact, there is a partner already that has built an observability suite on top of Snowflake. The company is incidentally called Observe and offers a monitoring and visualization platform for logs, metrics and traces, much like other observability providers. The company is private and raised $35M late last year.
Comparing Observe to Datadog circles back to the prior discussion around platform completeness and go-to-market flywheel. Just as with other observability providers, Datadog has a substantial lead here. Using Snowflake as the data processing platform may offer some benefit for Observe, but I would contend that Datadog likely has a similarly sophisticated and scalable underlying data engine tuned to their specific data model and use cases. In the latest 10-K, Datadog mentioned that their platform processes over 10T events daily and spans millions of servers.
Additionally, Snowflake recently posted a job for a Senior Software Engineer to work on their Observability Platform. While on the surface, it appears to represent a direct competitive threat to other observability providers, I don’t interpret it that way.
We’re hiring talented Senior Software Engineers to help us build the next generation of observability and alerting product, enabling our customers to use time series data, define alerts and receive notifications on their data as well as the operation of their pipelines in Snowflake. Having such a comprehensive mechanism will help our customers build a more comprehensive continuous data processing pipeline.
Snowflake Job Description
My interpretation is that Snowflake will build tools for customers to make their own data processing pipelines that feed Snowflake more observable. In this context, we could add the descriptor ETL to the role to yield “SSE for ETL Observability”. It would make sense for Snowflake to offer its customers this capability to make it easier for customers to get their data into Snowflake. Also, those kinds of tools would provide a competitive advantage over other data warehousing solutions.
In its current state, this initiative doesn’t really infringe on the broader markets for Datadog or Dynatrace around APM, Infrastructure or Log monitoring (or RUM, Synthetics, etc.). Also, for Snowflake to directly launch their own branded observability products to compete with Datadog would be at odds with leadership’s own prior commentary. Snowflake doesn’t plan to build out suites of applications for end customers to use. Rather, at least for now, they prefer to enable other companies to build on top of Snowflake and generate their revenue from compute and storage, not extensive SaaS licensing.
Future Competitive Threats
In many cases historically, competitive displacement didn’t come from the existing industry, but rather from a complete paradigm shift. Horse and buggy manufacturers were displaced by the automobile, the travel agency by the Internet. For Datadog, demand for their observability solutions is primarily driven by the proliferation of digital experiences delivered over the conventional Internet. Specifically, these are the web sites and mobile apps that we know and love today.
If a new paradigm emerged for consumers to shop, play or manage their lives, it might diminish the need for Datadog’s solutions or make them irrelevant. While this is currently a ways off, it bears consideration for the long term bull case. Probably the most timely is growth of low code / no code platforms. These applications live outside of the normal enterprise application development and production environments. These platforms likely wouldn’t need observability tooling, at least in its current form. Or, the platform provider might utilize Datadog as a single large customer, but would reduce the dependence of all the individual, more mainstream businesses on supporting their own infrastructure.
In a similar way, new “Web 3.0” software delivery models, like Dapps or blockchain platforms, may have other forms of observability or bring their own solutions. Even further ahead, consumers might shift attention to completely new digital experiences that aren’t traditional Internet applications, like gaming platforms, AR/VR or the metaverse. These may not have a parallel for observability. While I don’t think any of these developments will displace Datadog in the next 3-5 years, they bear consideration over the long term. At a high level, I think we often underestimate the durability of existing technology models and overestimate the transition time to new ones.
Final Thoughts and Investment Plan
Datadog is firing on all cylinders. They are putting the one-time COVID-driven slowdown in 2020 far behind and are building strong momentum through this year. Growth is being driven by their highly efficient flywheel of go-to-market and product development. Customer additions, spend expansion and new product releases are all combining to accelerate revenue growth. This is evidenced by the substantial raise to the full year target, with RPO and incremental ARR hitting record levels.
On the bottom line, operating leverage is continuing. Datadog is maintaining healthy margins and keeps pushing up free cash flow. Most impressive is the efficiency of the go-to-market effort, as Sales and Marketing requires less incremental investment each year. This is freeing up more gross profit to allocate to Research and Development. R&D spend as a percentage of revenue has exceeded S&M for two quarters now. This is unique among competitors, allowing Datadog to double-down on product development.
The pace of product releases has picked up substantially, with three new security products announced in the last two months. These are combining with Security Monitoring to form the basis of Datadog’s new Cloud Security Platform. Datadog isn’t limiting product expansion to just security, however, with new offerings in developer pipeline visibility and database monitoring. This brings Datadog’s product platform to 12 individually priced products, with 2 more in Beta. And, we have Dash coming in October, when Datadog normally makes a few new product announcements.
These factors all provide a strong set-up for the remainder of the year. As part of my Q4 Recap in February, I projected that Datadog would hit $150 this year for a 50% gain. Given that the stock is trading around $135 now, I think that is achievable.
For the full year of 2021, I am now projecting that Datadog will deliver just over $1B in revenue at $1.002B for 66% annual growth. Looking forward to 2022, I think they can sustain 12.5% sequential quarterly growth, given the ongoing drivers discussed earlier around customer growth and net expansion. This would yield 60% revenue growth for the year landing at about $1.6B. For 2023, we could conservatively model a sequential quarterly growth rate of 10%. This would imply a 46% annual growth rate for $2.34B in revenue.
Analysts currently have 2021 modeled at $944M for 56.4% annual growth. This largely mirrors what Datadog management provided in the Q2 report. Obviously, I think this is beatable. For 2022 and 2023, analysts have modeled 37% and 34% growth, respectively which is lower than my estimates by 10-20%. Interestingly, in May these were 34% and 26%, so analysts have already increased their growth rates for the next two years over the last 3 months.
Datadog currently has a market cap of $41.8B with a share price of about $135 and a P/S ratio of 54. If they deliver $1.0B in revenue at end of 2021, the P/S ratio drops to about 42. With my 2022 projection for $1.6B in revenue, it would drop to 26. Confining our view to 2021 for now, a 66% annual growth rate and Non-GAAP profitability would justify at least a 50 P/S ratio.
This implies that a 20% increase in valuation by the end of this fiscal year would be justified at Datadog’s current run rate, implying an exit share price of $160. That is my current target for early 2022, after Q4 results are reported and valuation metrics update. This, of course, assumes no market wide valuation reset or other exogenous event. Even then, I wouldn’t expect those to impact Datadog’s core business and gains would simply be deferred to the macro recovery.
For my personal portfolio, I had built a major position in DDOG at the beginning of 2021, following the Q4 results. It is now my largest position with a cost basis of $94. Given their strong momentum and outlook for the remainder of 2021, I am comfortable maintaining this allocation through this year. After outsized performance in 2020 for my portfolio, I would be very happy to realize a 50+% gain on this stock in 2021.
NOTE: This article does not represent investment advice and is solely the author’s opinion for managing his own investment portfolio. Readers are expected to perform their own due diligence before making investment decisions. Please see the Disclaimer for more detail.
Additional Reading
- Peer analyst Muji at Hhhypergrowth has some great coverage of Datadog and the observability market in general. Some of his content is behind a subscription, but that is well worth the cost.
- I recently discovered that most of the presentations from Datadog Dash 2020 are available on YouTube. These provide a digestible overview on Datadog’s product strategy and future plans.
Long time follower..Great Analysis as always. Thanks for all you do and Thanks for sharing all your analysis for free.
Thanks for the feedback. The analysis helps me as much as it helps others. Glad you find it useful.
Thank you for the detailed update. There is no better way to analyze Datadog. And all of this for free. Without your articles, I wouldn’t be up 60% for now! And besides, I’ve learned a lot.
Thanks. Appreciate the feedback and happy to hear you are sitting on such a nice gain.
Great analysis as usual. Especially like the product strategy and competitive landscape sections.
Very much appreciate the analysis you share…and agree that Datadog really seems to be executing very well. Will be interesting to watch their continued growth over the next several years.
I absolutely love your work and I love how you post your portfolio construction with weekly updates on your website. It is so very kind of you to not charge for your content. I hope you will do more podcast interviews as that is where I found you. I do have one question for you. Will you please consider posting your thoughts on Upstart? Thank you for all you do!
Hi – thanks for the feedback and I appreciate the support. Regarding Upstart, I don’t follow the company closely. I see that they are growing quickly and appear to be disrupting the traditional methods of loan evaluation and underwriting with AI/ML approaches. I can’t really offer more than that, as I have no expertise in the loan industry.
I really try to stay in my lane for the companies I cover. In my case, it is software infrastructure providers. This is because I have a lot of industry experience leading software development efforts for large Internet services. I feel this equips me to provide a unique perspective on investing in the companies behind these software services. I have no additional perspective in the loan space.
How much do you think Datadog’s product is better than Elastic? Does the advantage come from UI, performance or anything else?
Note that DDOG’s valuation (P/GP) is 123% more expensive than ESTC, and yet their gross profit growth does not differ too much. If there is a major correction in the market, higher valuation could suffer more damage.
Hi Michael,
First, I am a fan of Elastic and have covered the company in the past. I talked at length about the differences between Datadog and Elastic in terms of technology approach, product strategy, pricing and go-to-market. In short, the differences boil down to these:
– Customer Implementation. Datadog is packaged as a SaaS distribution that is easy to activate and has most of the configuration pre-packaged. Elastic, on the other hand, is primarily an open-source software base. This requires a bit more set up and configuration, but also allows for more granular customization.
– Pricing. Datadog prices on a usage basis by product. Elastic prices for usage of the platform as a whole.
– Product Breadth. Datadog covers many more of the pure observability features, but Elastic has been in security longer. Elastic also addresses other use cases in search. This vendor reduction appeals to some customers, as evidenced by Elastic’s high penetration across search, observability and security in large customers.
– Go to market efficiency. Datadog seems to have a more efficient sales motion currently. They allocate less to S&M, but have higher growth and better land/expand metrics.
Customers seem to prefer Datadog’s approach at this point, but that could change over time. I like the deep customization offered by Elastic’s solution, which creates a very sticky engagement. I can’t offer much rationalization for valuations.
I will add that once a customer starts truly using Datadog or Elastic or any of these solutions, as in sending their application and infrastructure metrics and logs into it, it becomes an extremely “sticky engagement” situation. The hundreds of dev/ops users in a company that use the product will be checking the charts and logs many times a day. Each of these systems has their own way of querying that nobody wants to re-learn. The monitoring system will be configured with hundreds or thousands of custom alerts that send notifications to services such as pagerDuty. There are hundreds, maybe thousands of custom dashboards that users have created that can’t be simply exported to another product. The data points that were sent a month or a week ago will be looked at in order to compare to when an alert happens today, in order to see what “anomalous” behavior looks like. It becomes extremely hard to migrate out of the system because the alerts, data points, and events that are stored on the company’s server cannot be simply pulled out reliably or quickly enough with an API and pushed into a new system. They have querying limits because it stresses their servers, which are multi-tenant and need huge amounts of memory in most cases. Those are the main things, but there are a lot more things I didn’t mention that make these products extremely sticky and “negative churney”.
Thanks Peter for your insightful comments. A couple of questions for you – 1. How do you get the discipline of not chasing the next big thing and staying focused on what you know. 2. Does this concentrated portfolio worry you ever?
Thanks. Regarding not chasing stocks, I do try to be very disciplined about staying in my lane of software infrastructure. Because of my background, I feel this is the “safest” approach for me. I understand the business drivers and can also appreciate risks. I can objectively evaluate commentary from other analysts and the company’s own performance. For companies outside of my space, it would be harder for me to build conviction. I realize this has caused me to miss out on some big movers. Upstart is a good example. While I can appreciate their business, I am not an expert in the InsurTech space and can’t fully navigate bull and bear theses.
Regarding the concentration, in some ways, I feel it is a benefit. I understand the what will drive demand for my portfolio companies. If those secular trends (like the Internet and digitization) change, then I would certainly need to re-evaluate.
Great article again Peter, many thanks.
Any opinion on Confluent / plans to cover Confluent? Growth reaccelerated to mid 60’s lately and I wouldn’t be surprised if they will get to >70% growth in the coming quarters.
Sure – thank you. I think Confluent is very interesting and is on my radar. I plan to dig deeper in a future post. In terms of investment, I might wait one more post IPO quarter before considering a position.
Thanks from me (the slow reader) as well!