Cloud Migration Checklist: A Complete Guide for Small Businesses
Moving to the cloud without a plan costs more than staying on-premise. This checklist walks through every phase of a real cloud migration — from the first assessment to decommissioning your old servers.
Cloud migration is not a product you buy — it is a multi-month project with real planning requirements, real costs, and real failure modes. Companies that treat it as a simple infrastructure swap end up with higher bills, security gaps, and applications that do not work the way they did on-premise.
This checklist covers the complete migration lifecycle. Use it as a working document, not a one-time audit. The sections build on each other — skipping ahead creates rework.
1. Pre-Migration Assessment
Before evaluating vendors or setting timelines, get a clear picture of what you are moving and what it costs today. This is where most cloud migration failures originate — an incomplete picture of the current state.
Audit your current infrastructure
Document every server, workstation, network device, software license, and application currently in use. Include: physical hardware under maintenance contracts, cloud services currently in use (even informal ones your team signed up for), network equipment, and any shadow IT outside the official stack.
Small businesses routinely discover 20-40% more infrastructure than they expected once they do a thorough inventory. Missing infrastructure does not get migrated — it gets forgotten, then causes problems.
Calculate your current total cost
Do not compare cloud costs to your server hardware budget alone. Include: hardware lease or depreciation, maintenance contracts, power and cooling, ISP and network costs, internal IT time spent managing infrastructure, and the cost of downtime when systems fail. Cloud pricing looks expensive when compared against hardware cost alone — it looks very different against your actual total cost of ownership.
Classify your applications
Sort every application into three categories before you move anything:
| Category | Description | Migration Approach |
|---|---|---|
| Cloud-ready | Email, CRM, collaboration, most SaaS apps | Move as-is, minimal configuration |
| Requires modification | Custom software, databases, line-of-business apps | Refactor or reconfigure before migration |
| Not viable for cloud | Very old or highly customized legacy systems | Replace before migration or keep on-premise |
Pre-migration output
You should be able to answer: how many applications need migration, what percentage fall into each category, what your realistic timeline is, and what the total monthly cloud cost will be before you sign anything with a vendor.
2. Vendor Evaluation
Most small businesses focus on features when comparing cloud vendors. The questions that actually matter are the ones you find uncomfortable to ask before signing.
Questions to answer before selecting a vendor
- Where will our data physically be stored? This matters for compliance, latency, and your ability to retrieve data if the relationship ends badly.
- What are the egress fees? Moving data out of the cloud is not free. Some vendors charge $0.05–$0.12 per GB to pull data out. If you ever need to migrate away, egress fees can run into thousands of dollars.
- What does the SLA actually guarantee? Uptime guarantees of 99.9% still allow for 8+ hours of downtime per year. Ask specifically: what is the recovery time objective, and what happens to your SLA credits when the vendor goes down?
Major platform options
For small businesses, the three options worth serious consideration:
| Platform | Starting Price | Best For | Small Business Consideration |
|---|---|---|---|
| AWS | ~$0.01/hr compute | Technical teams, broad service catalog | Best documentation but steep learning curve |
| Microsoft Azure | ~$0.01/hr compute | Businesses already using Microsoft products | Deepest Microsoft integration; good for SMBs |
| Google Cloud | ~$0.01/hr compute | Data-heavy or developer-focused teams | Strong analytics, simpler interface than AWS |
If you do not have a cloud engineer on staff, working with a managed service provider (MSP) who specializes in one of these platforms is almost always the better call. An MSP handles the architectural decisions, vendor management, and day-two operations so you do not need to staff a cloud team. Typical MSP cloud management fees run $500–$3,000/month for a 10-50 person business.
What to look for in a cloud MSP: Experience in your industry, hands-on migration support (not just post-migration management), transparent pricing with predictable monthly costs, and relevant certifications for your compliance requirements (SOC 2, HIPAA, PCI-DSS, etc.).
3. Data Migration Steps
Data migration is not one event — it is a process with a beginning, a middle, and an end, each with distinct risks.
Phase 1: Bulk initial migration
Move the majority of static data (file shares, archived data, historical records) during off-peak hours. Schedule this when business impact is lowest. For a 10-50 person SMB, this typically takes 4-12 hours.
Phase 2: Incremental sync
Keep both systems running in parallel for a period — typically 1-3 days — during which changes in the source system are mirrored to the target. This is the highest-risk window for data inconsistency. Designate a migration lead who tracks the sync status and can freeze changes if the sync falls behind.
Phase 3: Cutover and validation
The final cutover — switching from the old system to the new one — happens during a defined window. Build time for validation into that window. For a 10-50 person business, the cutover process typically runs 2-6 hours including verification.
Do not skip parallel operation
Some vendors or MSPs offer \"lift and shift\" migrations that promise a single-cutover approach. This works for simple workloads. For anything with real business logic — databases, line-of-business applications, anything your team depends on daily — a phased migration with a parallel sync window catches data integrity issues before they become production problems.
4. Security Considerations
Security is not a step you add at the end. It shapes the architecture from the beginning.
- Encrypt everything in transit. All data moving between on-premise and cloud should use TLS 1.2 or higher. Most cloud providers enforce this by default for their internal services, but anything traversing public internet needs explicit configuration.
- Configure least-privilege access from day one. Identity and Access Management (IAM) policies define what each user and service can do. Default to the minimum permissions required for each function. It is much easier to add permissions than to audit and revoke overly broad ones after they have been in production.
- Enforce multi-factor authentication (MFA). Not optional. Not for a subset of users. MFA should be required for all administrative access and strongly enforced for all users.
- Classify sensitive data before migration. Know which data requires additional controls — customer records, financial data, health information. Apply encryption at rest for anything that fits these categories before it lands in the cloud.
- Restrict network access during migration. The migration window is the period of highest exposure, as the old and new systems are simultaneously live. Use temporary network controls to limit blast radius if something goes wrong.
If you have specific compliance requirements (HIPAA, SOC 2, PCI-DSS), those must be addressed in the pre-migration assessment — not discovered during migration. The architecture decisions made before migration determine whether you pass an audit after.
5. Cost Optimization
Cloud costs are where most SMBs get surprised. The pricing model looks simple; the actual bills rarely are.
Reserved instances vs. on-demand. If your compute needs are predictable (and they usually are for a small business), committing to a 1- or 3-year reserved instance plan cuts costs by 30-50% compared to on-demand pricing. If you do not know your needs yet, start on-demand and optimize after 60-90 days of real usage data.
Right-size your compute. After migration, most SMBs discover they overprovisioned by 30-40%. The cloud gives you elasticity — use it. Start conservatively and scale up when usage patterns are clear.
Watch for egress fees. Cloud pricing calculators give estimates that assume inbound data is free. Egress fees — charges to move data out of the cloud — are real and can be significant if you ever need to migrate away or run large data exports.
Set billing alerts. Configure alerts at 50%, 75%, and 90% of your projected monthly budget. Cloud billing surprises typically come from runaway processes or forgotten resources left running overnight or over weekends. Alerts give you a chance to catch them before they become invoice shocks.
6. Post-Migration Checklist
The migration ends when the old systems are decommissioned. Everything before that point is still in progress.
Validate before cutting over
Before fully switching to the cloud platform, verify: all critical applications work correctly in the cloud environment, file access and permissions are functioning as expected, integrations with external services (payment processors, vendor portals, etc.) are working, and performance is within acceptable parameters for your users.
Monitor for 2-4 weeks post-cutover
Cloud environments reveal their quirks under real usage patterns, not in test environments. Watch: application performance, billing vs. projections, access issues reported by users, and any security events or anomalies in the first two weeks after cutover.
Train your team
The single biggest driver of post-migration failure is users who do not know the new system well enough to use it correctly. Provide basic training on the cloud environment before cutover, not after. People fall back on old behaviors when the new environment feels unfamiliar — that fallback creates security gaps.
Decommission old infrastructure
This step is where most SMBs leave money on the table. After a successful cutover, your old servers, maintenance contracts, and backup systems are all still running — and still being paid for. Set a specific date to shut down the old environment and cancel associated contracts. Six months of unnecessary on-premise maintenance runs $3,000–$10,000 for most small businesses.
Why this checklist works: Cloud migration fails not because the technology is hard, but because companies skip steps in the sequence. You cannot evaluate vendors without knowing what you are migrating. You cannot migrate securely without the right architecture. You cannot optimize costs without real usage data. Work through the phases in order — the first 20% of planning effort prevents 80% of the problems that make cloud migration expensive.
How The Tech Ref Helps
Cloud migration involves real decisions with real consequences, and most small business owners do not have time to research every vendor, every pricing model, and every architectural decision. That is exactly what The Tech Ref's IT procurement service handles.
We evaluate cloud vendors and managed service providers on your behalf — comparing architecture proposals, flagging hidden costs, and identifying which questions the vendors are not answering clearly. We do this across managed IT services, cybersecurity, VoIP, and every other technology category relevant to a small business running in the cloud.
No cost. No obligation. No commission-driven recommendations.
If you are evaluating a cloud migration or have already started one and want a second opinion on whether the approach is right — email hello@thetechref.com.
The Tech Ref is a free, vendor-neutral IT procurement service for small and mid-sized businesses. We handle every vendor, every quote, and every installation — at zero cost to your business.
Get Free Cloud Migration Guidance
Tell us where you are in the migration process. We will help you evaluate options without the sales pressure.
Email hello@thetechref.com