Newcastle City Council runs many of its services through Java 8. When Oracle changed how they licensed and priced Java support, New Castle City Council forged a strategic partnership with Azul and significantly reduced their security risk level with Java applications.
Newcastle City Council eliminated 80%+ of their Java-related security vulnerabilities
The City of Newcastle is a picturesque metropolitan borough in Tyne and Wear, located on the River Tyne’s northern bank. Newcastle City Council provides municipal services to more than 300,000 residents of Newcastle, the largest city in Northern England, including critical applications such as financial management, housing, and benefits.
Those services and many others run on Java 8. In 2019, Oracle changed how it licensed and priced licensing and support for Java and as a result, Newcastle lost access to free quarterly security patches. Newcastle was hardly alone. New research data from Azul shows that 26% of companies that use Java still use Java 8 today. Only 14% of the Java users in the study use Oracle Java and plan to continue using Oracle, largely because of costs and an unsettling uncertainty created by ongoing changes to pricing, licensing, and support.
With 300,000 residents relying on the city for critical services, compromising on security was not an option. Continuing to use Java 8 without commercial support would have meant missing critical patch updates to keep their Java-based application secure.
“If we kept our state the way it was, it would mean that we were knowingly running out-of-date versions of the Java Virtual Machine,” explains Tom Bone, Newcastle City Council ICT information security manager. “We could have suffered a breach because of that.”
Newcastle finds a better way to support Java-based services
Committed to the highest standards of security, Newcastle City Council conducts annual security audits. These audits began flagging the Java runtime (JDK) as a major concern, accounting for more than 80% of the organization’s IT security vulnerabilities. “We do a security review every year as part of our PSN (Public Services Network) compliance,” says Paul Doney, service manager of digital solutions. “And there’s always been a concern around Java.”
The council needed commercial support to access security patches for their older versions of Java without disrupting their essential Java-based business applications and systems.
Faced with this dilemma, council members looked at three options:
- Switch completely from Java to a different programming language: This option proved too expensive and would have launched a year-long process, creating unacceptable downtime
- Move to a free distribution of OpenJDK: This option would have violated Newcastle’s commitment to providing safe, effective services to its citizens and increased the city’s security risk
- Migrate to a provider of OpenJDK with commercial support: This option solved the cost issue while also preserving the council’s responsibility to the city
The council chose Azul Platform Core, an OpenJDK-based alternative to Oracle Java. With Azul, Newcastle received a one-for-one equivalent to a commercial support subscription from Oracle, including Critical Patch Updates (CPUs) that allowed IT to immediately deploy security fixes in production without deploying entire Patch Set Updates (PSUs) that are bigger and riskier. Azul supports more Java versions and platforms than any other vendor (including Java 6 and 7), so the council can safely use their older versions of Java without upgrading to newer releases.
Newcastle reduces security risk with Azul
The council rolled out Azul Platform Core to more than 1,000 employees with no impact on performance and no complaints from service users. The council achieved its business objective: a fully supported and secure Java application estate.
Like most Azul customers’ migrations from Oracle Java to Azul Platform Core, Newcastle followed the three-step migration outlined in OpenJDK Migration for Dummies, authored by Azul Deputy CTO Simon Ritter. In this case, there were a few edge cases, namely migrating applications that relied on legacy functionality like Java applets and Web Start. Fortunately, Newcastle’s technical teams and Azul’s experienced migration experts were prepared for the job. “Azul support was a lifesaver,” Tom Bone, ICT Information Security Manager, said. “Azul provided the best support we have ever received.”
“Through our strategic partnership with Azul, we significantly reduced our security risk level with our Java applications and Java-based infrastructure, which certainly helps me sleep better at night,” said Jenny Nelson, the council’s head of ICT & Digital. “In addition, the benefits of switching to Azul Platform Core as our JVM are clear. Our Java estate is now consistent, standardized, easier to maintain, and has brought a level of simplicity that’s a huge benefit to our organization.”
Learn more about the winners of the first Java Hero Awards on our website, our customer pages, and our press release.