Cloud Migration Checklist: Everything You Need to Know

Cloud migration is one of the highest-ROI technology decisions a small business can make — but it's also one of the most commonly bungled. Companies that rush in without a plan end up with higher cloud bills than their old on-premise costs, performance problems, security gaps, and months of painful cleanup.

In 2025, cloud adoption among SMBs crossed 94% for at least one workload (Flexera 2025 State of the Cloud). But having something in the cloud and having a cloud strategy are very different things. This checklist is built from 200+ cloud migrations we've managed. Follow it and you'll avoid 90% of the common mistakes — including ones that became more prevalent in 2025 as AI services and new pricing models complicated migration planning.

Phase 1: Pre-Migration Assessment (Weeks 1–2)

Inventory Your Current Environment

• List every server, application, and database in your infrastructure — use a discovery tool (AWS Application Discovery Service, Azure Migrate, or open-source alternatives like Netdata) rather than relying on manually maintained asset lists
• Document dependencies — what talks to what? (e.g., your CRM calls your billing database; your web app calls your API server). Missed dependencies are the #1 cause of migration failures.
• Identify data volumes, peak usage times, and performance requirements for each workload
• Note compliance requirements: HIPAA, PCI-DSS, GDPR, SOC2, CCPA — these affect where and how data can be stored and which cloud regions are permissible
• Identify any AI/ML workloads — these may benefit from specialised services: AWS Bedrock, Azure OpenAI Service, or GCP Vertex AI, rather than self-hosted models

Categorise Your Workloads Using the 6 Rs

Every application should be categorised by migration strategy:

• Rehost (Lift and Shift): Move as-is to cloud VMs. Fast, low risk, limited optimisation. Good for applications where cloud agility matters more than immediate cost savings.
• Replatform (Lift, Tinker, and Shift): Minor optimisations (e.g., move from self-managed MySQL to Amazon RDS or Azure Database for MySQL). Moderate effort, strong value — often 20–30% cost reduction immediately.
• Refactor/Re-architect: Redesign for cloud-native (containers on ECS/AKS/GKE, serverless Lambda/Functions/Cloud Run). High effort, maximum long-term benefit — best for core business applications with years of runway ahead.
• Repurchase: Replace with SaaS (e.g., move from on-premise CRM to Salesforce, on-premise HR to Workday). Fast but requires change management and data migration.
• Retain: Keep on-premise (regulatory reasons, latency requirements, recent hardware investment with remaining useful life).
• Retire: Decommission — the application is no longer needed. In every migration we've run, 15–25% of servers fall into this category. Retiring them before migration avoids paying cloud bills for dead weight.

Calculate Your Total Cost of Ownership (TCO)

Before committing to a cloud provider, calculate your projected cloud spend using the provider's TCO calculator — all three major providers (AWS, Azure, GCP) have free, detailed tools. Include: compute, storage, networking egress, managed services, AI/ML service costs, licensing (Windows Server licensing changes significantly in cloud), and support tier costs. Compare to your current all-in cost: hardware amortisation, power, cooling, data centre rental, maintenance contracts, and IT labour for on-prem management.

In 2025, several new cost categories caught migrating businesses off guard: AI inference costs (if you plan to use cloud-hosted LLMs like AWS Bedrock or Azure OpenAI), data egress fees (still high at $0.08–$0.09/GB out of AWS/Azure to internet), and cross-region replication costs for multi-region redundancy.

Phase 2: Migration Planning (Weeks 3–4)

Choose Your Cloud Provider(s)

Match workloads to providers based on their 2025–2026 strengths:

• AWS: Broadest service catalogue (240+ services), best for general workloads, mature DevOps tooling, and AI/ML with Bedrock (Claude, Llama, Titan models available). Best reserved instance pricing flexibility.
• Azure: Best for Microsoft-heavy environments (Entra ID, Microsoft 365, SQL Server). Azure OpenAI Service gives exclusive access to GPT-4o and o3 models with enterprise SLAs — compelling if you're building AI-powered applications.
• GCP: Best for data analytics (BigQuery remains the gold standard), Kubernetes workloads (Kubernetes originated at Google), and Gemini 2.0 AI services via Vertex AI. Often 15–20% cheaper for data-heavy workloads due to Committed Use Discounts.

Most businesses benefit from a primary provider covering 80% of workloads plus selective use of specialist services from others. See our Multi-Cloud Management guide for how to manage this without complexity spiralling out of control.

Design Your Cloud Architecture

Don't replicate your on-premise architecture in the cloud — that misses most of the value. Key decisions for 2026:

• VPC/VNet design with proper subnet segmentation (public, private, management, AI/data tiers)
• Identity and access management (IAM) structure — follow least-privilege principles from day one; retrospective access cleanup is 3x more expensive than getting it right initially
• Backup and disaster recovery strategy (RTO and RPO targets) with immutable backup storage (S3 Object Lock, Azure Blob immutability) for ransomware resistance
• Monitoring and observability stack — Datadog, New Relic, or cloud-native (CloudWatch, Azure Monitor) with AI-powered anomaly detection enabled
• Cost management guardrails (budget alerts, spending limits, resource tagging policies) — essential given how quickly cloud AI service costs can escalate unexpectedly

Set Up Your Landing Zone First

A landing zone is a pre-configured, secure cloud environment that all migrated workloads deploy into. It includes: security baselines, logging configuration, network topology, IAM policies, and governance guardrails. Setting this up before migrating anything prevents the security and cost problems that plague reactive migrations.

Use AWS Control Tower, Azure Landing Zone accelerators, or GCP Cloud Foundation Fabric — all are free, opinionated starting points that encode years of best practices. This step alone saves 20–30 hours of cleanup post-migration and prevents the most common security misconfigurations (public S3 buckets, missing CloudTrail, over-permissive IAM roles).

Phase 3: Migration Execution (Weeks 5–10)

Migration Sequence: Start Low-Risk

Never migrate your most critical systems first. Follow this proven sequence:

1. Development/test environments — lowest risk, great for practising your migration runbooks and discovering issues in a safe context
2. File storage and archival data — straightforward S3/Azure Blob/GCS migration, immediate storage cost savings of 40–70% vs on-prem NAS
3. Non-critical applications — internal tools, staging environments, monitoring systems
4. Business-critical applications — only after your migration process is proven and your team is confident
5. Core databases — last, with a carefully planned cutover window during lowest-traffic periods

Database Migration: The Tricky Part

Database migrations are where most projects run into trouble. Key 2026 considerations:

• Run source and target databases in parallel for at least 2 weeks before cutover using continuous data replication (AWS DMS, Azure Database Migration Service, GCP Database Migration Service)
• Test your application against the cloud database under production-equivalent load before cutting over — performance characteristics differ between on-prem and managed cloud databases
• Consider managed database services: Amazon RDS, Azure SQL Managed Instance, Cloud SQL — they handle patching, backups, and high availability automatically, often at lower total cost than self-managed
• Schedule the cutover window for your lowest-traffic period (typically Sunday 2–4am for most SMBs)
• Have a rollback plan executable in under 30 minutes, and test it before cutover day

Cutover Day Checklist

• Notify all stakeholders of the maintenance window at least 48 hours in advance
• Take a final snapshot/backup of all data immediately before cutover begins
• Update DNS records using low TTL (300 seconds) set 24 hours before cutover for fast propagation
• Run smoke tests on all critical user journeys immediately after cutover using automated test scripts, not manual checks
• Keep the old environment running for 72 hours post-cutover before decommissioning — not 48, given how some issues take time to surface
• Have a direct line to your cloud architect for the first 6 hours post-cutover

Phase 4: Post-Migration Optimisation (Weeks 11–16+)

Right-Size Your Instances with AI Assistance

Most teams over-provision during initial migration. After 2–4 weeks of real traffic data, use AI-powered rightsizing tools: AWS Compute Optimiser, Azure Advisor, or GCP Recommender all use ML models to analyse actual utilisation and recommend specific instance type changes. Instances running below 40% average CPU and memory utilisation are candidates for downsizing. This typically reduces compute costs by 25–35% — often the single highest-ROI action in the first 90 days.

Implement FinOps Cost Governance

• Tag all resources with project, environment, team, and cost-centre tags — enforce tagging policies via AWS Service Control Policies or Azure Policy so untagged resources are automatically flagged
• Set up budget alerts at 50%, 80%, and 100% of monthly targets with SNS/email notifications
• Review your cost and usage report weekly for the first 3 months using a cost dashboard (AWS Cost Explorer, Azure Cost Management, or Datadog Cloud Cost Management)
• Purchase reserved instances or savings plans for stable workloads after 4+ weeks of real data — typical savings of 30–60% vs on-demand. In 2025, AWS introduced more flexible Compute Savings Plans that work across instance families — often better than traditional reserved instances for smaller workloads
• Implement anomaly detection on cloud spend — AWS Cost Anomaly Detection and Azure Cost Alerts can surface unexpected spend spikes before they compound over a billing period

Security Hardening

• Enable cloud-native CSPM services: AWS Security Hub (with all standards enabled), Microsoft Defender for Cloud, or GCP Security Command Centre Premium
• Run an external vulnerability scan on all migrated workloads using a tool like Wiz, Orca Security, or Tenable.io — cloud-specific CSPM misses many vulnerabilities that appear only at the application layer
• Review all security group and firewall rules — remove any "allow all" (0.0.0.0/0) inbound rules that appeared during migration
• Enable comprehensive audit logging: CloudTrail in all regions and all accounts, Azure Activity Log with 90-day retention, GCP Cloud Audit Logs — and ship logs to a central SIEM
• Enable GuardDuty (AWS), Microsoft Defender for Cloud (Azure), or Security Command Centre threat detection (GCP) — these AI-powered threat detection services catch anomalies invisible to rule-based systems

2025–2026 Migration Considerations: AI Workloads

If your business plans to use AI — whether customer-facing chatbots, internal automation, or data analysis — the cloud provider you choose for your primary infrastructure significantly affects your AI options and costs:

• AWS Bedrock: Access to Claude 3.5/4, Llama 3, Mistral, and Amazon Titan. Pay-per-token pricing with no GPU infrastructure to manage. Best for businesses wanting model choice flexibility.
• Azure OpenAI Service: GPT-4o, o3, and o3-mini with enterprise data privacy guarantees. Your data doesn't train Microsoft's models. Best for businesses with strict data handling requirements.
• GCP Vertex AI: Gemini 2.0 Flash/Pro, PaLM, and open-source models. Deeply integrated with BigQuery for AI on your data warehouse. Best for data-heavy AI use cases.

Budget 15–20% of your monthly cloud spend for AI services if you're actively building AI-powered features — inference costs can surprise unprepared teams.

The 7 Most Common Cloud Migration Mistakes in 2026

1. Not documenting dependencies before starting — leads to broken applications during migration; use automated discovery, not spreadsheets
2. Migrating without a landing zone — creates security debt that takes months to clean up; always set up governance before migrating workloads
3. Choosing instance sizes based on on-prem specs — cloud instances perform differently; benchmark under real load before committing
4. Forgetting data egress costs — $0.08–$0.09/GB out to internet adds up fast; design your architecture to keep data within-cloud and within-region
5. No rollback plan — always have a tested, documented way to revert within 30 minutes; test it before cutover day
6. Migrating everything at once — wave-based migration with validation checkpoints is always safer and catches problems before they cascade
7. Underestimating AI service costs — if you're using Bedrock, Azure OpenAI, or Vertex AI, set up spend alerts and per-application cost tracking from day one; token costs compound unexpectedly at scale

Ready to Migrate?

A well-executed cloud migration typically delivers 30–40% infrastructure cost savings within 6 months, alongside significant improvements in reliability, scalability, disaster recovery, and — critically in 2026 — access to AI capabilities that simply aren't available on-premise at any price.

The difference between a successful migration and a painful one comes down almost entirely to the quality of upfront planning. Our team has managed this process for companies across healthcare, finance, e-commerce, and professional services — we know exactly where the landmines are, including the 2025-era ones around AI cost management and egress architecture.

Book a free cloud migration assessment and we'll map your current environment, categorise your workloads using the 6R framework, and give you a migration plan with a realistic timeline, cost estimate, and AI readiness assessment.