Cloud migration is one of the most impactful infrastructure decisions an IT organization makes — and one of the most frequently underplanned. The promise of reduced capital expenditure, improved scalability, and better disaster recovery is real, but so are the risks of a poorly scoped or rushed migration.
Whether you're moving workloads to Azure, AWS, or Google Cloud — or consolidating into SaaS platforms like Microsoft 365 — the work before the migration largely determines whether the move succeeds or becomes a costly lesson.
This checklist is designed for IT managers and technical decision-makers who are evaluating, planning, or actively executing a cloud migration.
Phase 1: Discovery and Assessment
Before a single workload moves, you need a clear picture of what you have and what it's doing.
✅ Complete a Full Application and Workload Inventory
Document every application, server, database, and service in your current environment. Include owner, business criticality, current performance baselines, and interdependencies. Migrations that skip this step frequently hit unexpected dependency failures mid-move.
✅ Classify Workloads by Migration Strategy (The 6 R's)
Not everything should be lifted-and-shifted to the cloud. Use the 6 R framework to categorize each workload:
- Rehost — Lift and shift to IaaS (quick, minimal optimization)
- Replatform — Minor adjustments to leverage cloud-native services
- Refactor — Re-architect for cloud-native design (highest benefit, highest effort)
- Repurchase — Replace with SaaS equivalent
- Retire — Decommission workloads that are no longer needed
- Retain — Keep on-premises for now (compliance, latency, or complexity reasons)
✅ Assess Data Sensitivity and Compliance Requirements
Identify which workloads handle regulated data (HIPAA, PCI-DSS, SOC 2, CMMC, etc.). Understand your compliance obligations and verify that your target cloud environment meets them. Some data may need to remain in specific geographic regions.
✅ Evaluate Network Connectivity and Bandwidth
Cloud workloads that users will access over the internet require adequate and reliable bandwidth. Assess whether your current connectivity infrastructure supports the expected load — and whether a direct connection service (Azure ExpressRoute, AWS Direct Connect) is warranted.
Phase 2: Planning and Architecture
✅ Define Your Target Architecture
Design the cloud environment before you start deploying into it. Define your virtual network topology, subnet segmentation, identity integration strategy, naming conventions, and tagging policies. Retrofitting architecture into a cloud environment that's already running is painful and expensive.
✅ Establish Identity and Access Management
Determine how users will authenticate to cloud workloads. Integrate with your existing identity provider (Azure AD / Entra ID, Okta, etc.), enforce MFA, and define role-based access control policies from the start.
✅ Plan for Backup, DR, and RTO/RPO Requirements
Define your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each workload and design your backup and disaster recovery architecture accordingly. Cloud doesn't inherently mean resilient — high availability and DR must be intentionally architected.
✅ Budget for Total Cost of Ownership
Cloud costs are operational, not capital, and they require ongoing management. Build a cloud cost model that includes compute, storage, egress, licensing, management tools, and support. Factor in FinOps practices from day one — unmanaged cloud spend grows quickly.
✅ Create a Migration Sequence and Wave Plan
Prioritize workloads by complexity and business risk. Move low-complexity, non-critical workloads first to build team confidence and refine your process. Define rollback procedures for each wave before executing.
Phase 3: Execution and Testing
✅ Set Up Landing Zones Before Migrating Workloads
A landing zone is a pre-configured, secure cloud environment with networking, identity, logging, and governance controls in place. Migrating workloads into an unprepared environment is one of the most common sources of post-migration security and compliance problems.
✅ Test Migrations in a Non-Production Environment
Use staging environments to test your migration tooling and validate that applications function as expected after the move. Identify performance issues, dependency failures, and configuration drift before they affect production users.
✅ Validate Security Controls Post-Migration
After each wave, confirm that security controls are functioning as designed: firewall rules, network security groups, access policies, logging, and monitoring. Don't assume controls carried over from on-premises — verify them explicitly.
Phase 4: Post-Migration Operations
✅ Decommission On-Premises Resources (On Schedule)
Leaving decommissioned on-premises infrastructure running "just in case" is a common and costly habit. Build a decommission plan into your migration project timeline and execute it within a defined window post-cutover.
✅ Implement Cloud Cost Monitoring
Deploy cost management tooling from day one. Set budget alerts, review resource utilization regularly, and rightsize compute instances. Idle resources and oversized VMs are the most common drivers of cloud cost overruns.
✅ Train Your Team on Cloud Operations
Cloud operations require different skills than traditional data center management. Ensure your team is trained on cloud-native tooling, security models, and governance practices. Operational maturity in the cloud takes time — plan for it.
How Fortis Enterprises Supports Cloud Migrations
Cloud migrations are complex, multi-month engagements that benefit enormously from experienced guidance. Fortis Enterprises has deep experience designing and executing migrations to Azure and Microsoft 365 for mid-market organizations, with a strong focus on security, compliance, and operational readiness.
From initial assessment through post-migration support, we provide the architecture, project management, and hands-on technical delivery to move your organization to the cloud with confidence.
Planning a cloud migration? Contact Fortis Enterprises to start with a cloud readiness assessment.
——
Fortis Enterprises is a managed IT services provider helping businesses across the mid-market navigate technology complexity with confidence.