Cloud adoption/migration is akin to festive shopping, where you have innumerable options in terms of variety, cost, speed, durability, quality, etc.
As first things first, you got to know what your core wants are from the endeavors you are about to carry on.
Then, if you are desirous of mitigating hard surprises, you should :
* do planning, and budgeting before you shop,
* do regular tracking of it all, on the go and
* do keep conversing and getting feedback
to help making better decisions for safe journey and enjoyable destination.
Not convinced? Here is a list of things that I have witnessed during my consulting stints with potentials and clients alike:
Blame vendor for security issues that the company should have taken responsibility for. Popular case in point, open SSH port of production instances to internet.
Do half-learning and implementation based on that. They say half learning is dangerous, and I say it is 10x more dangerous when it comes to security. Cases in point, using bastion hosts to access production instances, but then again open its SSH ports to public access.
Claiming that the cloud vendor is pricey by comparing apples with oranges. Story I hear repeatedly is that of using on-demand instances in cloud and comparing it with on-premise cost excluding the cost of labor to maintain it and the quality of services.
Not taking context to drive choice of services and/or lack of awareness of the available services provided by cloud vendors, results in bad selection of cloud services, resulting in app insecurity and burn-out of your pockets. If you are in doubt, ask yourself if you are :
using cloud as PaaS or IaaS.
using serverless or serverful services.
Planning, budgeting and tracking are basic sanity checks to have in place for any worthwhile endeavour. By not having having it all, you miss the opportunity to recognize gaps faster and do the necessary course correction. In the context of cloud environments, I ask enterprises if they have set budgets on cost and alarms to notify them in case of its breach. The answer is a "Ah NO!", almost always.