Full Report - JAMF - Great Alpha From Market Misunderstanding (2/3)
Market believes that AAPL will kill JAMF, while we believe the opposite is true.
Welcome to Covequity's Quick Takes— Timely interpretation of news & special events for cybersecurity and enterprise tech investors. If you are new, you can join our email list here:
This is the edited version originally from the discussion within Convequity on 22nd May 2021,
Sources of Alpha: Complexity of the Business
Expected Price Appreciation: 123% from $30 within 2 years
Executive Summary
Given employee PC choice trends, Apple’s push into business, and COVID-driven digitalization acceleration in education and healthcare, JAMF are in a prime position for the next 1 to 3 years.
The recent Wandera acquisition offers ample synergies for strong revenue performance.
~50% mispricing is attributable to investors assuming Apple’s acquisition of Fleetsmith is an existential threat to JAMF – we outline the very low probability that this is the case.
Contents
Article 1
Overview
Why Do Organizations Need and MDM?
Why JAMF?
Growth in Mac Demand
Growth in iPad Demand
Article 2
Competition
Is Apple a Threat?
Wandera Acquisition
Article 3
Revenue Sources Recap
Quantitative Revenue & Valuation Analysis
Conclusion
Competition
Our competitor analysis has been developed via 3 lens’.
Convequity primary competitor research: We’ve created our own analytical framework with supported research from IT administrators submitted reviews and comments on Gartner’s review site and Reddit.
Gartner Peer Insights: We’ve put together a summary of the insights from Gartner’s Peer Insights review site.
IDC’s MarketScape: We’ve reviewed IDC’s MarketScape study for MDM (actually titled Unified Endpoint Management, UEM) of Apple devices.
The method for fleshing out our own analytical framework began by reviewing the Gartner Magic Quadrants for Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM). There is substantial overlap between these two spaces and JAMF operates in both, therefore we felt it was a good starting point for identifying the rivalry. Interestingly, JAMF doesn’t feature in either quadrant which we infer must be because of their Apple-only focus. However, earlier in the year JAMF did feature in IDC’s MarketScape UEM for Apple devices – which was the first piece of research conducted specifically for Apple devices. Before we present Gartner’s and IDC’s research, we’ll present our primary research on the competitive landscape.
Convequity Primary Competitor Research
From the Gartner Magic Quadrants we chose MobileIron (acquired by Ivanti), Citrix, and Workspace ONE (formerly Airwatch and acquired by VMware), to join JAMF is a deep-dive competitor analysis. It appeared that these 3 are JAMF’s strongest direct competitors. For each one of these companies Simon and myself each read 15-20 detailed reviews on the Gartner Peer Insights and made extensive notes. We also read numerous posts of unstructured feedback on Reddit from IT administrators and end-users. After gathering and digesting our notes, we categorized the scope of MDMs into the following displayed on the chart below. Simon and I engaged in discussion to assign scores out of 5 to each competitor for each one of the 10 categories.
Figure 7 - MDM Competitor Analysis
Source: Convequity Analysis
Product/Feature Breadth – Workspace ONE is competitive in this category though JAMF is the clear winner thanks to their Apple-only focus that concentrates resources and equips them with the deeper knowledge to identify gaps between what IT administrators and end-users want to do and what they can do.
Training & Documentation – It appears that for some time JAMF has been way ahead of the competition in regards to training guides and product documentation for IT administrators. The only reason Citrix has a high score in this category is because they’ve made substantial improvements in the past couple of years. We didn’t find anything even slightly critical as to JAMF’s training and documentation, and again, this emanates from a deep and nuanced understanding of what IT administrators may face when managing a fleet of Apple devices.
Technical Support – it’s not surprising that each company scored similarly in Training & Documentation and Technical Support because delivering well on these requires similar skill sets. This is probably JAMF’s most differentiated category because not only is their professional support team highly responsive and capable of solving problems, JAMF Nation is another significant resource for IT administrators to refer to. All other MDM vendors’ user communities pale in comparison to the size of JAMF Nation. Over the years JAMF has leveraged their BoB Apple MDM solutions to cultivate an army of almost-evangelistic IT administrators that are happy to engage and share their knowledge in the 100k+ JAMF Nation community. This huge network power is a main factor as to why we don’t believe Apple will use the Fleetsmith acquisition to try and compete with JAMF.
Complex Use Cases – As we go from left to right across the categories, this is where the distance between JAMF and the others seems to close. JAMF can deliver solutions for most complex of use cases, however, from our research Workspace ONE can also. But as complex use cases are invariably linked to technical support, we view JAMF as retaining a light edge in this category.
User Interface / Management – We decided to put UI and management together because they do overlap. We read a few comments regarding JAMF’s user interface being a little outdated and/or clunky and not being the most intuitive. Given that we didn’t see any positive comments to offset these we presume that this is probably JAMF’s main weakness at present. However, it seems that once administrators are sufficiently trained-up they find navigating the UI and the general management a breeze. So, this is why JAMF received a 3.8 instead of a much lower score in this category. MobileIron, Citrix, and Workspace ONE all received highly positive comments for the UI. From this we surmise that JAMF’s rivals make it easier for administrators that are new to using the platform. It seems as though the training & documentation and technical support are making this less of an issue for JAMF in the present time, though it’s certainly an area to consider improvement.
Software Updates & Patching – JAMF wins hands-down by a large margin in this category thanks to them being the only MDM vendor that can deliver same-day support/integration of both new Apple software distribution and software updates, as well as same-day patches (identifying and fixing bugs). Whenever Apple releases a new product and OS, JAMF are able to support all the needs for that on the same day. This is not achieved by having inside information, just by having heavily funded R&D and engineering that analyze every single move that Apple makes.
Vertical-specific Solutions – Workspace ONE, Citrix, and MobileIron all have some online content outlining their ability to serve the particular needs of sectors such as education and healthcare, however, they either don’t have a specifically developed standalone product and/or the marketing seems uncompelling. In contrast, JAMF has been building out products (e.g., JAMF School) and subproducts (e.g., JAMF Teacher, JAMF Parent) for specific sectors and end-users and appear to have far more convincing marketing, in our opinion.
Operating System Breadth – Workspace ONE, Citrix, and MobileIron can offer solutions for all types of desktop and mobile operating systems (OS). JAMF scores the lowest in this category because of the narrower Apple-focus. However, JAMF’s software does integrate very well with the Windows OS and facilitates a smooth experience for Apple users using Windows applications.
Figure 8 - JAMF's Operating System Breadth
Source: Convequity
Security – On the whole we’ve not read about any concerns or praises about security performances of these 4 MDM vendors. Presumably, all providers’ solutions deliver a more than satisfactory level of security. However, VMware’s acquisition and integration of Carbon Black – an endpoint protection platform specialist – makes Workspace ONE the standout winner in this category. Carbon Black’s technology ascertains baseline measurements for user behaviour and then detects for, and automatically responds to, anomalies that deviate from these norms. This AI-driven technology is also incorporated into identity security that continually authenticates and authorizes behind the scenes and will block users if conditions are deemed not secure enough. Therefore, this capability gives Workspace ONE top marks, although not having this doesn’t render other MDMs as insecure. From our research, JAMF, Citrix, and MobileIron all have seamless API integrations with security providers to ensure devices, users’ data, and corporate data are secure. Hence the high scores for each company within this category.
Analytics – Again Workspace ONE is the only one to score top marks in this category. Intertwining the MDM software with Carbon Black’s AI-driven telemetry opens up a plethora of analytic opportunities. VMware has leveraged this to deliver greater insights into app and device performance (usage, access trends, and even boot times) as well as user experience metrics to understand how employees view the IT systems and technology. All of this seems excessive and expands beyond the purpose of MDM systems and actually duplicates much of the scope of third-party solutions which may lower Workspace ONE’s adoption going forward. With this in mind and from our research we believe that the analytic capabilities of JAMF, Citrix, and MobileIron are more than adequate, hence the high scores.
Convequity MDM Competitor Summary – Before we began this competitor analysis exercise, we honestly didn’t think it would be so close. After our initial JAMF research we thought JAMF would be clear winner. However, the other 3 vendors are very solid and on the whole deliver substantial satisfaction for IT administrators and end-users alike. Out of a total of 50 (5 points multiplied by 10 categories), JAMF scored 46.5 (93%) and Workspace ONE and Citrix were close behind with 44.8 (89.6%) and 44.7 (89.4%). According to our research, while loved for its simplicity, MobileIron lacks the sophistication and as a result scored a total of 40.1 (80%).
JAMF’s competitive advantages are built into service and support along with ultimate Apple expertise that enables them to offer the broadest set of products/features and be the quickest to offer full support to new software and hardware releases. Workspace ONE is the polar opposite – weak service and support but more advanced capabilities on the security and analytics side. However, much of this is superfluous for MDM solutions and the overlap with third-party solutions may be detrimental to business in some cases. Citrix scores solid across the spectrum but isn’t a standout leader in any individual category. And in regards to MobileIron, as aforementioned they are easy to setup and simple to use but lack customization and the nuanced granularity to handle complex use cases. Their service and support are also due considerable improvement.
Gartner Peer Insights
For each company Gartner’s Peer Insights site calculates average scores of all user reviews across Product Capabilities, Service & Support, Integration & Deployment, and Evaluation & Contracting categories. We gathered all the MDM vendor scores and present them in the following chart. Interestingly, the scores manifest a similar ranking of competitiveness as the Convequity primary research approach. JAMF is a clear leader and the others have similar capabilities across the spectrum of MDM. A minor discrepancy is that the Gartner Peer Insights average scores indicate MobileIron is more competitive than what we concluded in our own research. Though, all-in-all the results are similar enough to be confident that, in regards to capability, JAMF is the outright leader in this market.
Figure 9 - Gartner Peer Insights Summary
Source: Gartner - JAMF, Workspace ONE, Citrix, MobileIron, Convequity research & presentation
IDC’s MarketScape
As the final part of the competitor section, we present IDC’s MarketScape for UEM for Apple devices. Due to the rapidly growing popularity of Apple device usage for business/work, IDC felt the need to conduct a separated MDM research piece for IT buyers to better understand the market. As can be seen below, our primary research generally falls in line with IDC’s, though the big discrepancy is Citrix’s perceived competitive positioning. According to IDC’s study, Citrix are not in the same competitive category as JAMF, Workspace ONE (VMware), and MobileIron (Ivanti). IDC views Citrix as a ‘Major Player’ whilst the other 3 are ‘Leaders’.
Figure 10 - IDC's MarketScape for UEM/MDM of Apple Devices
JAMF are a clear-but-marginal leader on the ‘Strategies’ continuum and almost tie for 1st with MobileIron on ‘Capabilities’. Given IDC’s ‘Strategies’ gauge is based on envisaging vendors 2 to 5 years into the future, this reinforces the investment thesis for JAMF. In other words, IDC view JAMF as having the best strategy for meeting future customer demands.
Competition Summary
In the 3 analytical methods – Convequity’s Primary Competitor Analysis, Gartner’s Peer Insights, and IDC’s MarketScape – JAMF are the clear leader in MDM. And we believe it’s probably more likely that JAMF can extend their lead than it is for the competition to close the gap. The only category we view JAMF as needing substantial improvement is the user interface to help newcomers to the software find their feet quicker.
By virtue of the long-standing business strategy, JAMF also scored significantly lower than rivals in the OS Breadth category. Currently JAMF’s API integrations make it easy for IT admins to use JAMF in conjunction with other MDM vendors for Android devices, therefore it’s not a major issue. However, there might be a considerable amount of lost business as some potential customers prefer an MDM provider that can do Apple and Android. Presumably, this narrower focus is why JAMF’s growth to date has been slower than other 18-year-old software companies. So, although as investors we wouldn’t want JAMF to change who they are, at the same time it would be great for business if management announced an expansion into Android MDM.
Is Apple a Threat to JAMF?
In June 2020, Apple bought a small MDM vendor named Fleetsmith for an undisclosed sum. There is speculation abound from IT administrators and investors as to Apple’s intentions with making this acquisition. And from our research we surmise that the substantial discount to JAMF’s intrinsic value is in large part attributed to investors’ misunderstanding of Apple’s intentions in regards to MDM. More specifically, we feel that investors are pricing in a high probability that Apple will attempt to emulate what the likes of JAMF can do, when in fact, the probability is really low.
We decided to look online for opinions from IT admin professionals that have a hands-on and deeper understanding of what Apple’s intentions are likely to be. And the general consensus is that Apple has merely bought Fleetsmith to improve their own ‘no-frills’ MDM solution called Apple Profile Manager. We couldn’t find one positive comment about Apple Profile Manager – widely disliked across the IT admin communities – and its only usable (if at all according to many IT administrators) for small-scale deployments, typically for SMBs. And given that Fleetsmith are a small up-and-coming player and were not even on Apple’s approved MDM vendor list before they were acquired, it’s implausible to think this acquisition can springboard Apple into the enterprise MDM space. Below we outline the reasons why we don’t consider Apple’s acquisition of Fleetsmith as a threat to JAMF:
Apple Still Won’t Have a Better MDM Product than JAMF
It may sound kind of crazy to a novice that Apple, even after an MDM acquisition, won’t have a better capability than JAMF to deploy and manage their own products – but it’s true. The dire Profile Manager is testament that thus far Apple has made lacklustre commitments to MDM for both enterprise and SMB segments. JAMF and competitors have harnessed two decades of hands-on experience in understanding the innumerable intricate needs, the nuanced use cases, and the best practices for large-scale deployments within the MDM space. And this expertise manifests in the software and the technical support. No amount of investment can acquire this expertise, it comes with experience. The only way Apple can quickly acquire such capability would be to purchase JAMF or another enterprise-enabled vendor.
JAMF’s Loyal User Community
JAMF has nurtured an evangelistic-like community in JAMF Nation. By reading some of the discussion on the JAMF Nation forums it’s obvious that IT professionals would be appalled if Apple decided to limit JAMF’s ability to serve them in any way. Whether it be by somehow outright restricting what JAMF and other MDM vendors are permitted to do or by manipulating the landscape to tilt it in favour of Apple’s MDM services. Indeed, the backlash would be highly detrimental.
Apple Immediately Stripped Down Fleetsmith’s Scope
Immediately upon the acquisition Apple discontinued Fleetsmith’s ability to manage 3rd party apps. This caused a lot of aggravation in the IT admin community, especially for those who had recently purchased Fleetsmith specifically for this functionality. To us, this indicates that Apple’s intentions are far less grand than what investors are probably thinking. If the intention was to compete with the best and most capable MDM vendors then we presume the ability to manage 3rd party apps would have been kept and built upon. So, on reflection, it appears that Apple may have acquired Fleetsmith purely for their knowledge base and to improve Apple’s basic MDM on-ramp for SMB customers that have simple requirements.
The MDM Market Size
Similar to our analysis as to why the public cloud providers are unlikely to heavily invest in edge computing in a way that competes directly with FSLY and NET because of the market size, we surmise Apple is unlikely to try and dominate MDM because of the small market size. Market size estimates range between $3bn to $6bn, so given Apple’s TTM $325bn of revenue, the reward-to-risk is not rationale.
Antitrust Attention
Apple already has numerous antitrust cases it’s having to deal with, including cases related to the App Store and mobile carriers, so this is another reason to infer that an aggressive push into MDM is unlikely. Furthermore, it seems that a high proportion are not cases in which the consumer is being overtly affected apart from paying a higher price. In the case of Apple disrupting the MDM space, however, not only would price be a factor but also the IT admin and end-user satisfaction with the service would be damaged thereby tarnishing Apple’s brand in a profound way.
IT Admin Consensus
To reiterate our earlier comments, the general consensus among IT admin professionals is that Apple has merely acquired Fleetsmith to improve their Profile Manager to enable swifter onboarding and deployments for SMB customers. It’s also possible that they intend to use Fleetsmith for their expertise in API and integrations in order to make Profile Manager better use for MDM providers like JAMF. After all, Apple’s ultimate goal is to have more Macs, iPhones, iPads, and even Apple TVs in the business environment, therefore improving upon their side to permit smoother integrations is a win-win for the entire industry.
Apple Threat Summary
The reality is Apple can expand within the enterprise segment a lot faster via third-party MDM providers. The rewards for attempting to outcompete JAMF are very small and pose significant risk to Apple’s enterprise ambitions. The imposing of restrictions to funnel MDM business to Apple will very likely create a lot of disgruntled customers. And even if they went ahead despite these red flags, antitrust issues would loom and cause unnecessary headache for Apple.
It certainly seems as though investors are forming an opinion on the risk of investing in JAMF based on the headline of Apple acquiring a fellow MDM provider. The reality is Fleetsmith is a niche vendor and not even in the same league as JAMF, and Apple is very unlikely to go head-to-head with JAMF any way. We strongly conjecture that this is the main cause for the ~ 50% mispricing.
The Wandera Acquisition
On 11th May 2020, JAMF announced it had signed a definitive agreement to acquire Wandera, a leader in zero trust cloud security. JAMF does already have in-house endpoint protection capability that is delivered with JAMF Protect. This protects devices from malware but alone doesn’t secure the connections the devices are making. Hence the Wandera acquisition will round off a much more robust security posture for JAMF customers. Also, we might add, that JAMF Protect is protection for Macs only; Wandera can protect all types of endpoints (Macs, iPhones, iPads, etc.)
The Benefits of ZTNA
Zero Trust Network Access, aka ZTNA, has become increasingly demanded during the remote working conditions. Traditionally VPNs have facilitated distributed workforces by connecting remote workers to the corporate network to access resources. However, this has become known to be a vulnerable architecture mainly because it entails implicit trust based on IP addresses. In the VPN architecture, IP addresses are exposed to the internet making on-premise applications vulnerable to attack. Additionally, if hackers do compromise a remote worker’s device and gain access to the corporate network, then they have the freedom to move laterally and scope out locations of confidential data.
ZTNA connects users/devices to applications without granting access to the corporate network, thereby preventing lateral movement inside the network should the connection ever be compromised. And ZTNA hides the IP addresses by utilizing a gateway that resides in front of the applications, acting as a shield. This makes the applications invisible on the internet. Furthermore, whereas VPNs permit connections based on IP addresses only – implicit trust, in other words – ZTNA applies a more comprehensive set of checks to verify the user’s identity including information about the device, the user’s location, the time of day, access patterns, and other user behaviour.
ZTNA also trumps VPN-based technology on the bandwidth and scalability fronts. Thousands of remote workers being funneled through a handful of VPN appliances located at HQ and the corporate data centre creates bottlenecks and poor user experience. ZTNA’s greater flexibility and agility helps network architects minimize bandwidth usage to deliver better user experiences. Lastly, VPNs don’t apply in a scalable manner in cloud environments, partly due to them being appliance-based and relying on network connectivity. In contrast, ZTNA easily scales for cloud environments predicated on their software-defined nature.
To summarize, here are the benefits of ZTNA over VPN:
Whereas VPNs apply implicit trust based on just a check of the IP address, ZTNA’s inherent posture is not to trust until a full set of verifications are applied – it is identity and context aware.
Whereas the VPN method of connecting to apps exposes IP addresses to the internet, ZTNA hides them thereby greatly reducing an organization’s attack surface.
Whereas VPNs connect users to the network, making the corporation vulnerable to lateral hacker movements on compromised connections, ZTNA connects users directly and only to the app which prevents lateral movement.
VPNs are inefficient in utilizing bandwidth thereby causing bottlenecks and poor user experiences. ZTNA’s greater flexibility attributed to being software-defined allows for more efficient bandwidth utilization.
Whereas VPNs don’t scale well in the cloud, ZTNA scales very well to meet large-scale requirements.
So, this acquisition of Wandera will ramp-up JAMF’s security prowess by considerable degrees and help the company continue to capitalize on the remote/distributed business environments we now found ourselves living in.
Synergies
There are clear-cut synergies that will arise from the merging of JAMF and Wandera. Firstly, around half of Wandera’s sales are generated via mobile carriers, whilst c. 1% of JAMF’s sales emanate from this channel. Therefore, this acquisition presents JAMF with a sizeable opportunity to grow revenue within this distribution.
Secondly, to date Wandera hasn’t spent much on Go-to-Market (GTM) initiatives, in fact, the majority of their workforce are product/R&D personnel. JAMF has heavily invested in and cultivated a robust multichannel (except for mobile carriers) GTM strategy that can ramp-up Wandera’s revenue by orders of magnitude.
Thirdly, as aforementioned, JAMF Protect delivers EPP for Macs only, so the acquisition will not only give JAMF ZTNA capabilities but Wandera’s context-aware telemetry data gathering will also help JAMF build out EPP for the iPhone and iPad.
Fourthly, the majority of Wandera’s sales come from Europe whilst the c. 70% of JAMF’s sales come from the U.S. So, this opens a wider door for JAMF to penetrate international markets.
To conclude the synergies, there is very little overlap between JAMF and Wandera and plentiful of cross-sell opportunities. And most importantly, in Wandera, JAMF has acquired a BoB zero trust provider – they featured in Gartner’s June 2020 review of the ZTNA global market.