Guest: Simon Taylor (LinkedIn)
Company: Azul
Show: Java Reloaded
Topic: Cloud Native, Security

Organizations running Java at scale are grappling with expanding codebases, rising security threats, and shrinking teams. Many know they have vulnerabilities buried deep in their applications — but they don’t know which issues actually matter, which code is even used, or where to begin. In this conversation, Simon Taylor, Senior Vice President of Worldwide Partners & Alliances at Azul, explains how Azul’s Intelligence Cloud is giving enterprises the visibility, prioritization, and automation they’ve been missing.

In most enterprise environments, security and performance work has become a constant race against time. Java applications grow more complex every year. Teams operate under pressure to patch faster, modernize faster, and reduce risk — all while dealing with legacy systems, years of accumulated technical debt, and shrinking resources.

According to Taylor, this is precisely where Azul’s Intelligence Cloud is making the biggest difference: by showing organizations not just what exists in their environment, but what actually matters.

He explains that many companies still approach security through a “patch everything that’s vulnerable” mindset. But in the real world, patching without context is often an overwhelming and unnecessary effort. Intelligence Cloud changes the equation by mapping vulnerabilities directly to the code that is actively executed, not simply present. As Taylor puts it, the platform “orientates what’s actually used against known CVEs,” helping teams improve posture almost immediately by identifying the few issues that truly require attention. This is especially valuable for enterprises that don’t have the staff or skill sets to analyze this data on their own.

Azul also exposes one of the industry’s lesser–discussed risks: unused and dead code. Most teams carry years of accumulated libraries, classes, and components inside production workloads. These artifacts sit unnoticed, unmaintained, and unmonitored — yet they may contain vulnerabilities. Taylor highlights that companies often believe they must protect all vulnerable code, but unused code can and should be eliminated entirely. “It’s a liability,” he notes, pointing out that simply removing dead code significantly reduces security exposure and maintenance overhead.

This ability to differentiate used versus unused code becomes even more powerful through a feature Azul calls code inventory. Beyond identifying JVMs and Java applications, Azul collects detailed insight into the structure of each application: classes, libraries, and the specific components that are or are not being loaded. For developers and DevOps teams who spend massive amounts of time on maintenance work, this visibility is transformative.

Taylor points to a recent case where a customer with more than 1,000 developers discovered they were wasting the equivalent of 30 developer–years annually maintaining code that had not been executed once in a full decade. Even worse, some of this unused code contained known vulnerabilities. By simply removing or modernizing these dormant components, the organization instantly reclaimed engineering capacity and reduced security risk.

This is where the managed services angle becomes critical. Taylor explains that most companies lack the capacity to interpret the data Azul provides. Understanding licensing obligations, support requirements, security priorities, and code–level architecture typically requires specialized knowledge. Rather than staffing internal teams for these tasks, more enterprises are looking to managed service partners who can take Intelligence Cloud insights and turn them into ongoing optimization programs.

For managed service providers, this opens a significant business opportunity. Intelligence Cloud provides the raw telemetry — but partners can offer real services such as code modernization, license management, vulnerability triage, patch planning, and ongoing optimization. Many organizations already outsource these responsibilities because they aren’t staffed to do them correctly or consistently. Having a platform that automatically maps what truly needs attention accelerates the value partners can deliver.

While Azul is not currently offering full–scale security analytics, Taylor emphasizes that the platform is already extensible. Intelligence Cloud includes an interface that allows customers and partners to export telemetry into any other security or analytics environment using a REST API. This means the data Azul collects can be integrated into broader incident response workflows, SIEM platforms, or internal dashboards.

The benefit is clear: instead of adding yet another siloed tool, enterprises can bring Azul’s Java–specific intelligence into the systems where their teams already work. As Taylor explains, this approach aligns with how most security operations centers function today — centralizing intelligence even if it originates from multiple tools. Intelligence Cloud simply becomes another high–value data layer within an organization’s existing workflow.

The conversation also highlights a growing recognition across the enterprise world: modern Java environments require far more visibility than traditional tools can provide. Teams need to know what code is actually running, what libraries are unused, where vulnerabilities intersect with real execution paths, and how to eliminate unnecessary burden from their pipelines. Azul’s Intelligence Cloud brings this clarity by blending deep Java introspection with actionable insights for development, operations, and security teams.

Taylor repeatedly emphasizes that the goal isn’t just security or optimization in isolation — it’s enabling organizations to operate more efficiently. Teams want to reduce technical debt, patch smarter, and modernize faster. But without the right visibility, they’re stuck guessing. Intelligence Cloud replaces that guesswork with data.

He also points out that managed service providers are uniquely positioned to deliver value here because they can take Azul’s insights and drive continuous improvements that internal teams often don’t have time for. Whether it’s reducing code maintenance workloads, eliminating unused components, supporting better patching strategies, or helping customers interpret licensing compliance obligations, the Intelligence Cloud becomes a foundation for long–term operational excellence.

For companies with large Java investments, this approach couldn’t be more timely. The pace of change in security, compliance, and software delivery continues to accelerate. With limited staffing and expanding complexity, visibility and prioritization are no longer optional — they are essential.

As Taylor’s insights make clear, the real power of Azul’s Intelligence Cloud lies in its ability to give organizations the clarity they need to make better decisions, reduce risk, and unlock productivity across their teams. In an era of rising threats and shrinking resources, that clarity is becoming one of the most valuable assets an enterprise can have.

How Azul’s Intelligence Cloud Is Transforming Java Security, Optimization, and Managed Services | Simon Taylor

Navigating the JVM Optimization Landscape | John Ceccarelli, Azul

SIOS Secures AWS Resilience Design Competency for Mission-Critical Workloads

Navigating the JVM Optimization Landscape | John Ceccarelli, Azul

SIOS Secures AWS Resilience Design Competency for Mission-Critical Workloads

You may also like

How vCluster Is Redefining Multi-Tenancy and GPU Efficiency for the AI Era: Insights from Simone Morellato

JDK 25: Quantum-Safe Java and Smarter Observability — Simon Ritter, Azul

Why Human Judgment Still Matters in the Age of AI — Glenn Russell, Egen

AI Bots Are Reshaping Fraud and Compliance: Akamai’s Steve Winterfeld on the New Reality Enterprises Must Face

How Open Source Keeps Europe Competitive in AI and Emerging Tech — Gabriele Columbro

Building an Internal Developer Platform in 90 Minutes: Lessons from Billy Thompson of Akamai