Data Migration To Cloud: Security And Other Key Elements

By Bangaru Babu


Cloud providers are responsible for security of their own infrastructure; however, security of application is left up to cloud users.

During the last few years, global healthcare service providers have moved towards a more patient-centric system aimed at improving the quality of healthcare, optimising costs and, thus, ensuring superior patient satisfaction. These service providers have efficiently outsourced their non-core work such as medical billing and accounts receivables management to specialised revenue cycle management companies.

Since then, revenue cycle management companies have steadily grown to become important aides to the financial health of various healthcare organisations across the globe. By taking care of processes like track billing, payment, reimbursement and other financial activities, these providers have become part custodians of patient data that are highly-sensitive in nature.

Optimised, customised operations influence customer experience

In an effort to optimise business performance and improve returns, every revenue cycle management company has been trying to find innovative solutions offering unique engagement models that fit the customer’s specific needs. Bringing in digital solutions not only helps provide a higher level of accuracy and security, continual updates and adhering to compliance regulations, it enables faster processing of claims while keeping a close tab on their status, and has also helped in reducing the number of cases of healthcare frauds.

To up the game, these companies are now actively providing analytics and business insights as a value-add. With the plethora of data and information that is readily available, revenue cycle management service providers can analyse and provide critical actionable insights that would not only help healthcare providers take strategic real-time decisions but also aid in providing an enhanced quality of care. These solutions would require these companies to endorse the cloud and utilise technology to rationalise their costs to a fraction of what it would take to install their own data centres and the related support systems.

Efficient cloud migration is a key element

While demand for IT infrastructure is continuing to grow rapidly, organisations would have to consider migrating their data to the cloud as this would prove to be a more cost-effective and flexible option. Implementation of cloud migration would aid in accelerating digitalisation of an organisation, thus aiding in optimising the business. According to a survey by HIMSS, many healthcare companies now prefer to deploy healthcare applications on the cloud, indicating that trust on the cloud has risen by geometric proportions—in fact, tripling since 2014. This has, hence, enabled many organisations to initiate many critical initiatives.

Though lower setup and maintenance costs are among the key features of cloud storage, organisations can benefit from the flexibility that a cloud data migration can offer.

For instance, imagine a scenario where an online retail company has its annual sale. It would gain a lot of traction from users with more than usual traffic to its website. To keep up with the growing demand, there would be a need for greater Internet bandwidth. It would be better for the company to request its Internet service provider to increase the bandwidth for the said week as a one-off case. However, on other days, the company can continue with its regular limited bandwidth. This kind of flexibility is possible on cloud; but when data is stored in data centres on premise, there is no flexibility. This is why cloud itself is a cost-effective solution since companies do not have to worry about hardware.

However, to take advantage of what cloud has to offer, organisations need to properly plan for the data migration process. It is important to develop a concrete data migration roadmap, which includes deciding which applications and datasets need to migrate to the cloud, and what tools and technologies are available to ease the migration process.

Is data security a concern?

Many organisations have misjudged the sophistication of IT infrastructure involved in deploying cloud. Organisations should start with a strong understanding of the skills and processes required before and after migration of data, across the board, including management and maintenance requirements. Organisations can make migration easier by utilising third-party cloud vendors.

Conforming with governance and regulatory compliance is perhaps the most important aspect to consider in context of cloud migration. Most cloud providers comply with a number of operational security regulations such as SOC2, HIPAA, PCI, etc that provide an insight into protections in place for the provider; however, all of them operate within a shared security responsibility model.

Cloud providers are responsible for security of their own infrastructure; however, security of application is left up to cloud users. Having said that, cloud providers do provide a robust set of tools to manage the security lifecycle of an application, such as identity and access management, security information and event management, network firewalling, log monitoring, etc. It is up to applications to make use of these tools to ensure a robust security profile.

Some other concerns might include cross-border laws (such as General Data Protection Regulation) and multi-tenancy issues, which also warrant careful consideration. Organisations need to understand these aspects in depth before migrating to the cloud, specifically the access control entity, while choosing the third-party vendor(s). Towards this, organisations need to follow a few steps to achieve this.

Country-specific regulations

In the US, enforcement of laws and regulations is stringent, breach of which often attracts severe penalties and can ensnare the offenders in many other complexities. Even today, companies think twice before migrating to the cloud because of the stringent processes, security concerns and the rules they need to comply with.

While choosing a cloud vendor, it is essential to audit for compliance with regulations as per the country’s rules and laws. While large companies or organisations are comfortable with adopting cloud-based services, mid-size companies continue to harbor apprehensions with respect to data protection.

It is also imperative for companies to question whether and how they can take advantage of cloud computing while complying with regulations, ensuring privacy and security of data.

Avoiding downtime

Take the case of a company that has a thousand people working on any given client application encountering an IT failure. From the client’s perspective, even a one-hour downtime of an operation can result in a loss of a thousand manhours as thousand people were working on it. It is imperative for the company to ensure that clients do not face any instances of downtime. However, for revenue cycle management companies, cost is not the most critical factor in their operations, but it is the security and quality of services they provide.

Select what you need to migrate

Before moving to cloud, revenue cycle management companies need to have an indepth understanding of their client requirements and identify the best strategy. An organisation can choose between public, private or hybrid cloud. For instance, about hundred on-premise employees could use the company’s mail server. However, for the senior management who are constantly on the move for business purposes, it is better to be on cloud so that they can access data from anywhere seamlessly, without any hindrance.

There are instances where companies have faced many problems after moving everything to the cloud as they found it difficult to return to on-premise infrastructure, from the cloud. Companies must invest their time and resources on understanding the scope of the cloud for their business and adopt it in phases to avoid complications.

Security specifications

It is vital for companies to understand cloud infrastructure, responsibility of the vendor in guaranteeing data security and ensure that all of this is documented clearly in a contract. A general assumption is that cloud vendors are able to administer everything, which, however, is not the case. Vendors will only provide the requisite infrastructure—even if one data centre goes down, they have two other copies of the data located across different geographies. Thus, data can never be lost but may be vulnerable to hackers and virus attacks if not secured properly. It is important to understand all provisions and facilities they provide and the assurances, too.

Along with the cloud vendor, it is essential to bring in third-party support for additional security functions to safeguard data.


Application of cloud to shape businesses is no doubt critical but it comes with a variety of potential risks, which need to be considered. Cloud migration might be a bit complex, but it is an imperative undertaking for many. Appropriate planning will enable organisations to embrace the cloud for easy amplification of their future data, while remaining flexible.

Planning migration with a cloud service vendor can also ease the process of transition and reduce costs by considering only the necessary infrastructure tools. Moving away from on-premise solutions will give organisations scalability and flexibility while minimising overall costs.

Without adequate safeguards, possibilities of security breaches increase. To tackle this ever-present data security threats, it is crucial that the organisation and the cloud vendor have an active relationship to understand the nature of security threats and required defences, which are constantly evolving.

When migrating applications and data to the cloud, the company would want to use cloud services that best meet the needs to ensure a smooth migration. To ensure that it gets the most from migration, the company needs to know that it is getting as many of the advantages of the cloud as possible.

Bangaru Babu is associate vice president – technology, IT at Omega Healthcare Management Services Pvt. Ltd.