Cloud Lessons

Learned
Learn how four companies migrated
their databases and workloads to Azure
Contents
3
Introduction

4
Chapter 1 Modernize your infrastructure to become AI-ready
Customer story: Orca Security

Chapter 2 Enable secure and confident innovation

6

Customer story: Loyal

Chapter 3 Migrate on your terms 7

Customer story: eClinicalWorks

Chapter 4 Unify complex systems 10

Customer story: Tecnicas Reunidas

Conclusion Lay a foundation for limitless innovation 12

Introduction
Cloud computing solves real challenges, including A key part of that foundation is ensuring you have
aging hardware, constantly shifting market security at every step. With built-in security and
conditions, security threats, and compliance sophisticated threat detection, Azure provides peace
requirements. These challenges pressure budgets of mind for teams so they can build and deploy new
and teams and hinder your ability to build trust apps without the constant fear that they may be
and adopt cutting-edge AI technology. putting data at risk. This multilayered security also
extends to hybrid environments, meaning you don’t
Moving databases and workloads to the cloud need a full migration to take advantage of advanced
can be daunting, but the result is worth it. With protection features. Establishing a strong defensive
careful planning and a review of different migration framework for your data allows you to innovate boldly,
scenarios, your organization can confidently create better customer experiences, respond to
migrate so you can develop new features and business demands more quickly, and stay agile in
products faster, unify processes, identify cost a world of constant change.
savings, and sharpen your business’s competitive
edge by laying a secure framework for integrating Many businesses, including Orca Security, Loyal,
AI capabilities. eClinicalWorks, and Tecnicas Reunidas, have already
migrated their databases and workloads to Azure and
Migrating and modernizing with Azure helps integrated advanced services into their operations.
establish a future-ready foundation that lets you Learn how they each found the right solution for
develop new solutions and features rapidly while migration with Azure, the processes they used, and
getting better performance from your investments. how they’ve integrated AI and cloud-native services
to deliver even better outcomes.

How do you innovate for the future?

Rapidly  4
 5 percent faster delivery of
applications with Windows Server
and SQL Server in Azure.1

Boldly  A
 utomated upgrades and enhanced
visibility reduce the risk of security
breaches by 30 percent.2

Securely  9
 5 percent of Fortune 500 companies
trust their business on Azure, the
only cloud provider with 90+
compliance offerings.

Cloud Lessons Learned 3

Chapter 1

Modernize your infrastructure

to become AI-ready
Azure migration lets Orca Security use generative
AI to enhance customers’ cloud security posture.

Agentless cloud security pioneer Orca Security

has always sought to provide exceptional
service to hundreds of enterprises worldwide.
When the company leaders saw the potential
benefits generative AI could bring to customers,
they turned to Azure to help establish a cloud
infrastructure that would keep its data protected
and private while integrating OpenAI’s GPT API
into its solution.

The path to migration

As opposed to other solutions focusing on only one
area of cloud security—vulnerability management,
misconfigurations, or compliance—Orca Security
addresses all these different risks simultaneously. Orca Security also wanted to give customers the
With just 30 minutes of setup, the company can ability to choose where and how they could store
help its customers reveal all the risks in their cloud and move their data depending on the specific
environment within a few hours. However, the regulations they must abide by.
company wanted to do more for its customers.
The next step was to give Orca Security the tools to Orca Security needed a reliable way to deliver the
immediately address those risks andvulnerabilities benefits of generative AI to its customers while also
without causing burnout among security teams. ensuring data privacy and compliance. The solution
was Azure OpenAI Service, which—with stronger
Orca Security saw ChatGPT as an easy way to privacy and compliance protocols—offered better
empower its customers to address vulnerabilities support and reliability. According to the Orca Security
and risks. However, integrating OpenAI posed team, the migration was quick and painless, using
a few challenges. First, there were concerns about the same APIs and requiring only a slight change
the privacy regulations like Health Insurance in authentication. Moreover, the migration enabled
Portability and Accountability Act (HIPAA), System Orca Security to offer its upgraded service to more
and Organization Controls (SOC 2), and General customers thanks to verifying compliance by the
Data Protection Regulation (GDPR). company’s security team.

Cloud Lessons Learned 4

The result Benefits
Migrating to Azure gave Orca Security a more
Orca Security uses Azure to build an AI-ready
secure foundation to support Open AI
foundation to improve customers’ security operations.
capabilities—accelerating their alert response.
Since its launch in May 2023, the company’s | Orca Security customers can use generative AI
GPT-4 powered solution has already helped
to resolve issues in minutes as opposed to hours.
countless customers dramatically improve their
cloud security postures. | Azure OpenAI accessibility allows Orca Security
customers to remediate risks using generative AI,
Customers who receive an alert select a remediation
even if they lack advanced tech skills.
method and receive steps tailored to their specific
platform. In many cases, the security practitioner can | Azure guaranteed a 99.9 percent uptime.
simply copy and paste the commands or follow the
steps to resolve the alert. The solution has been
well received by Orca Security customers, who can
now resolve issues faster and handle more events,
ultimately bolstering their security.

When a customer receives an alert,

they can select a remediation
method. Upon selection, they
receive remediation steps tailored
to their specific platform. In most
cases, a security practitioner can
simply copy and paste the
commands or follow the steps to
resolve the alert. Instead of taking
hours, it now only takes minutes.”
Lior Drihem
Director of Innovation, Orca Security

Cloud Lessons Learned 5

Chapter 2

Enable secure and

confident innovation
Loyal helps ensure peace of mind by exceeding Before migrating to SQL Server, the development
HIPAA requirements with Azure SQL Database. teams had to pull all the data to a client-side
application before performing any segmentation
Loyal provides a healthcare technology platform
or parsing. The answer was Always Encrypted—
that helps unify the business side of healthcare
a security feature of SQL Server and Azure
with patient experiences and outcomes. Before
SQL Database—that would provide advanced,
migrating and modernizing with Azure, the company
column-level encryption capabilities to overcome
faced significant challenges trying to help medical
these limitations.
centers, not-for-profit systems, children’s hospitals,
and cancer institutes deploy solutions that could
Implementing Always Encrypted with secure
operate under strict regulatory requirements and
enclaves at Loyal was a straightforward process.
protect sensitive patient data.
The development teams implemented it into their
existing database schema and applications without
The path to migration significant challenges. The required application
Handling sensitive healthcare data requires a secure changes were minimal, and developers could quickly
infrastructure that can defend against the most modify their applications to work with Always
sophisticated cyber threats. The significance of Encrypted. With Always Encrypted, sensitive data
data security in the healthcare industry is especially can be encrypted and decrypted transparently with
critical when ransomware and high-profile data minimal changes to the application code. At the
breaches are top of mind. Data is more secure when same time, secure enclaves enhance the Always
it’s encrypted in transit and stored in a centralized Encrypted feature by adding functionality for
location rather than by different apps that interact more robust data engineering. Together, Loyal uses
with the data. The challenge is striking a balance Always Encrypted with secure enclaves to extend
between security and performance, so data privacy its development while taking advantage
measures don’t impair the team’s productivity as of additional security benefits.
they work to develop new products.
Always Encrypted with secure enclaves has also
Loyal designs and engineers its platform solutions made the company more confident when handling
to help its customers thrive in a highly regulated customer data, allowing them to develop and
healthcare industry. Additionally, they help prevent deploy services they wouldn’t have been able to
data breaches, ransomware, and cyberattacks that offer customers without advanced encryption.
can negatively impact patient outcomes and trust.

Cloud Lessons Learned 6

The result
Loyal has taken a significant step in building a
successful and trustworthy healthcare technology
brand by prioritizing data security in the cloud.
With advanced encryption, only authorized users
can view sensitive data, and the developers can
perform actions on the SQL Server side to extract
a specific segment of encrypted data without
pulling out millions of patient records. The result
is that teams can interact with patient data
without putting it at risk. The Always Encrypted
implementation also positively affected Loyal’s
software engineering and product development,
transforming how the company’s development
teams think about data security and how to initiate
new ways of improving business results and
patient outcomes.

Benefits

Loyal takes advantage of advanced SQL Server

security features to ensure peace of mind when
handling patient data.

| Loyal now exceeds data security and management

Implementing Always Encrypted measures that the the Health Insurance Portability
with secure enclaves was a and Accountability Act of 1996 (HIPAA) require
no-brainer for us because we get of health systems and providers to protect
patient data.
lower latency and an order of
magnitude better performance | Platform users can now interact with data without
on much larger volumes of data.” exposing patient information in plain text.

Britton Powell
| The team has more power to innovate thanks to
Director of Engineering, Loyal
the ability to run more queries on encrypted data
and perform functions that they couldn’t
otherwise do.

Cloud Lessons Learned 7

Chapter 3

Migrate on your terms

With hybrid and VMWare solutions, In addition to the on-demand scalability, flexibility,
eClinicalWorks migrates its EHR platform and performance enhancements it gets from
to Azure for greater scalability and security. Azure VMs, eClinicalWorks particularly values the
ability to give customers the same high-quality
eClinicalWorks is a national leader with cloud-based
service without interruptions or data leakage.
solutions for electronic health records (EHR), practice
For these reasons, eClinicalWorks was drawn to
management, patient engagement, and population
Azure for its straightforward setup, ease of use,
health management. Under its traditional colocation
and dedicated support from Microsoft experts.
hosting model, introducing new customers meant
buying more servers, hardware, and data storage.
The company’s EHR comprised a massive amount
In addition to driving up costs, this also slowed
of data that couldn’t be migrated all at once.
down development cycles and required IT teams
They needed a flexible migration that would start
to increasingly dedicate time to managing new
from where they were, so the migration occurred
hardware installations and customer migrations.
every week. The eClinical Works team worked
To handle the influx of data and network traffic,
closely with an Azure development group to migrate
eClinicalWorks migrated and modernized
data to the cloud—including millions of small but
its Electronic Health Records (EHR) platform
unstructured data files, such as faxed or scanned
with Azure.
medical documents—without causing interruptions
to service. eClinicalWorks has since moved its EHR
The path to migration platform to Azure in a seamless migration to
The company needed a public cloud solution Azure Virtual Machines and Azure Disk Storage.
to meet its requirements for scalability, security, After moving customer clusters from its legacy
and storage and to provide compliance with the hosting environment to Azure every weekend,
Health Insurance Portability and Accountability eClinicalWorks’ EHR platform migration to Azure
Act (HIPAA). eClinicalWorks manages more than is now 99 percent complete.
2,200 Azure virtual machines (VMs) spread over
multiple regions and primarily depends on eClinicalWorks also started using Microsoft
computing and memory optimization for running Defender for Cloud—a cloud-native application
its Java applications and SQL Server databases. protection program to provide security
In a typical SQL cluster, the company has two recommendations based on its workloads, allowing
VMs deployed in zone redundancy and one teams to deploy policies to comply with different
for disaster recovery in a different region, which regulatory requirements. The company is also
enhances the availability and reliability of the moving the rest of its HER components over,
application in the cloud. including up to 70 component services, with
several already moved and running smoothly.

Cloud Lessons Learned 8

The result Benefits
Thanks to new flexibility and agility on Azure, eClinicalWorks gives customers more control of
eClinicalWorks has added new customers and their data with Azure virtual machines.
deployed new applications faster than previously
possible. With the flexibility of Azure and its ability | eClinicalWorks saw improved platform agility,
to support speedy development, the company is resilience, and uptime.
deploying new features into its customer offerings
| The move to Azure accelerated time to market
faster—and more securely—than it was able
for new physical hardware from three months
to deliver new capabilities in the past, often in
to two weeks.
weeks versus months or even years. In addition
to optimizing its operating speed, eClinicalWorks
| Azure VMs helped the company provide every
has accelerated time to market for new physical
customer with their own back-end database
hardware from three months, in its previous
so there’s no comingling of data, providing the
colocation model, to a maximum of two weeks with
same high-quality service without interruptions
Azure—including security and compliance checks.
or data leakage.

As we get out of the infrastructure

management business, Azure has
given us platform agility, resilience,
and uptime. We’re able to build
those benefits into our deployments
and ensure that we have high
availability so we can handle
potential failures without issue.”
Bharat Satyanarayan
Vice President of Technology and
Quality Assurance, eClinicalWorks

Cloud Lessons Learned 9

Chapter 4

Unify complex systems

Tecnicas Reunidas migrates its on-premises The path to migration
facilities to Azure to enable a simplified
hybrid environment. When the Tecnicas Reunidas IT team began to
face limitations with managing security across
Managing over 1,000 industrial plants in more its estates, it was clear they needed to modernize.
than 50 countries, engineering and construction They wanted a way to unify their environments
company Tecnicas Reunidas is a leader in energy and increase efficiencies both on-premises and
innovation. With an extensive global footprint across cloud environments. The company launched
and a complex set of operational, regulatory, and an ongoing migration to Microsoft Azure to meet
digital requirements, the company’s growth began this challenge. They as also adopted Microsoft
to create new challenges—and limitations—to Azure Arc and cloud-native services to help the
security and scalability. IT team unify deployments and establish central
control over the company’s hybrid infrastructure
and apps.

Running Windows Server across its environments,

the IT team at Tecnicas Reunidas unified its
expanding hybrid environment by connecting nearly
900 on-premises and cloud servers to Azure Arc.
As the migration proceeded and IT team members
became more engaged with their interoperable
solutions, they discovered new ways to manage
security, governance, and compliance for
infrastructure and apps across all its environments.
Whether teams are working on-premises or in the
cloud, everything runs as if it’s a workload in Azure,
creating a more harmonious and efficient workflow
that’s also more secure.

Nearly

900
on-premises and cloud servers
connected to Azure Arc.

Cloud Lessons Learned 10

The result Benefits
Migrating to Azure has helped the IT team Tecnicas Reunidas runs its Windows Server using
consolidate the company’s on-premises and Azure Arc for a streamlined and cost-effective
cloud environments for a more unified innovation hybrid infrastructure.
workflow. The result is enhanced, scalable security
that also saves costs, delivers data analytics, and | AI-enabled threat detection gives teams more
opens new paths for innovation and efficiency visibility into threats, provides real-time alerts, and
as new AI-powered capabilities are developed. generates responses to suspicious incidents, all
Looking ahead, Tecnicas Reunidas is working from a single dashboard.
to develop a corporate data platform using
Azure Arc–enabled SQL Server to get insights | During migration, Tecnicas Reunidas discovered
that will help them create workbooks, define key it could get rid of obsolete security tools and save
performance indicators, and draw on all data on costs, thanks to new comprehensive security
sources to generate custom views. Additionally, coverage in the cloud.
in its goal to achieve zero net carbon emissions
by 2040, the company also plans to apply AI | Increased automation and security let teams focus
and data innovations to research promising new on more advanced infrastructure management,
approaches to sustainability. rather than day-to-day worries.

Our work approach has changed

with Azure. Now, we’re putting
more emphasis on governance
instead of just loading up on
services and tools.”
Israel Pérez Jiménez
IT System and Cloud Architect
Tecnicas Reunidas

Cloud Lessons Learned 11

Conclusion

Lay a foundation
for limitless
innovation
While Orca Security, Loyal, eClinicalWorks, and
Tecnicas Reunidas had different IT goals and
challenges, they all found that their migration
to Azure helped them save costs and improve their
security posture. Their Azure migrations helped
pave the way for AI readiness and rapid innovation
at scale, giving their IT teams the tools and support
to create new business value without complicating
Get expert help and
their workloads and operations. guidance on your
Organizations of all sizes can use streamlined
cloud adoption journey
migration tools, high performance, centralized through Azure Migrate
control, and seamless hybrid capabilities found
on Azure. Azure lets you adopt the cloud with
and Modernize.
hybrid, multicloud, and edge solutions, including
robust security and threat detection, so you can
Contact Sales
migrate on your terms.

Try Azure Migrate and Modernize, a unified offering

that helps you assess your on-premises resources
and plan your database and workload migration
using built-in security guidance and access to top
specialized partners.

1
Business Value of Azure IDC Study | Microsoft
2
The Total Economic Impact™ Of Microsoft Azure Network Security

© 2023 Microsoft Corporation. All rights reserved. This document is

provided “as-is.” Information and views expressed in this document,
including URL and other internet website references, may change without
notice. You bear the risk of using it. This document does not provide you
with any legal rights to any intellectual property in any Microsoft product.
You may copy and use this document for your internal, reference purposes.

Cloud Lessons Learned 12