Cloud migration in the region has unique constraints — and three cost surprises that don't show up in the vendor's sales deck. If you're planning a move in the next 12 months, here's what we wish more CFOs had budgeted for before signing.
Surprise 1: Data residency is not optional
KSA's PDPL, Egypt's PDPL, and similar regimes across the region have teeth. "We'll use the hyperscaler's nearest region" is no longer a safe answer for regulated workloads — financial services, healthcare, government-adjacent. Architect for residency from day zero, not as a remediation project later.
Surprise 2: Egress and cross-region replication
The compute is cheap. The data movement is not. Cross-region replication for HA, daily backups to a different geography, and egress to on-prem branches add up fast. Many teams discover this at month four when the first full-month bill arrives. Build a FinOps practice from week one — tagging, alerting, monthly review.
Surprise 3: Identity is the hard part
SSO across 30+ apps, RBAC that actually maps to the org chart, secrets management, audit trails for compliance — this is where most cloud programmes lose six weeks. Plan for an identity workstream in parallel with the migration, not after it.
A workable sequence
Pick one non-critical workload first to learn the cloud's quirks. Build your FinOps and identity foundations on that workload. Then move the harder things — ERP, data warehouse — with infrastructure-as-code, observability, and a rollback plan documented before the cut-over weekend.
We've seen 30% cloud-cost reductions on engagements where FinOps was built in from day one, and 30% over-runs on engagements where it wasn't. The architecture decides which side you're on.