10 cloud architecture anti-patterns to avoid

As any cloud architect knows, there are many ways to build a solution, but the chosen design doesn’t always meet an organization’s needs. Below is a list of some common cloud architecture anti-patterns to watch out for.

1. Overengineering

Commonly known as “Building a cathedral,” as architects who fall into this anti-pattern tend to treat the task like building a complex, monolithic structure, rather than something that will only last a few years before being replaced. 

While it’s natural to architects to want to design a solution that will cover every single contingency, this can result in the organization being saddled with a costly solution that’s overkill for its needs. An example would be running an EKS cluster for an app that just runs two containers.

The tell-tale signs: The cloud architect can’t draw the system on a whiteboard from memory anymore.

The solution: Build what is asked for and the minimum that will work. While architects should plan for the future, they shouldn’t invent solutions in search of a problem.

2. Underengineering

This commonly falls under “not thinking cloud-native.” Only 8% of organizations fully leverage the cloud in a highly mature way, failing to leverage techniques like Infrastructure-as-Code (IaC), containers, or serverless computing. This results in “lift and shift” where architects replicate what was done on-prem but in the cloud, resulting in disappointing cloud ROIs.

The tell-tale signs: The cloud architect is overprovisioning resources and using them in a static way, not leveraging managed services, ignoring fault tolerance, and not optimizing for latency and performance. In fact, the whole thing could be replicated in a data center.

The solution: Redesign things to be cloud-native, such as using managed services and variable workload handling, and leveraging containers and serverless.

3. Poor scoping

Like any project, failing to scope properly results in disappointed stakeholders, a solution that doesn’t solve the problem, and unexpected costs. These unscoped costs are one of the big reasons nearly three in four (72%) of IT decision-makers exceed their cloud budget every year. 

If the poor scoping was around compliance and regulatory requirements, this can result in costly fines, lawsuits, and reputational damage. Since reputation arrives on foot and leaves on horseback, this is hard to rectify after the fact.

The tell-tale signs: Nobody’s assessed the current IT landscape. There’s insufficient guidance from the cloud leadership team, and a lack of clarity around the main objectives and goals of the project, including what problem it’s solving. Everything is rushing towards choosing the technology and delivery, not gathering requirements.

The solution: The current IT landscape should be assessed. Enough time and resources should be allocated towards fully understanding the specifications, goals, and direction of the project. Teams should be in lockstep with cloud leadership.

4. Lack of automation

One of the biggest benefits of cloud computing is automating repeatable processes to make things more efficient. Not doing this results in a lot of configuring cloud resources by hand (ClickOps), compliance and cost attribution gaps (because governance and policy enforcement is not implemented programmatically), and increases the risk of human-introduced errors since tasks are not always repeated the same way. Again, this results in disappointing cloud ROI for the organization.

The tell-tale signs: The solution requires human intervention to work and/or does not leverage a reusable template to ensure consistency. Deploying, maintaining, and governing cloud resources and services is time-intensive and manual.

The solution: Implement tools and processes that eliminate the manual work of cloud provisioning, configuration, and management. 

5. Insecure design

There are many, many ways to create insecure cloud architecture, from failing to have proper IAM policies in place to not encrypting data at rest or in transit. These simple mistakes result in the organization being at greater risk of losing data and functionality from a cyberattack. A famous example is when Capital One, a major American bank, suffered a data breach from a misconfigured AWS server and wound up paying $80 million in fines. Don’t neglect security!

The tell-tale signs: Security practices like IAM, encryption, and logging have not been factored into the architecture at all, or have not been implemented in the proper way.

The solution: Read things like the OWASP Cloud Architecture Security cheat sheet. Use techniques like Zero Trust, multi-factor authentication (MFA), key rotation, and other cloud security best practices.

6. Poor / slow design

Cloud infrastructure can often suffer from “cold start” delays and bottlenecks, and speed is a customer expectation. Failing to account for latency can result in poor user experiences, data transfer delays, financial losses (particularly for trading firms), or even impacts on human health (such as latency for telehealth or remote surgeries relying on real-time data.)

The tell-tale signs: Geographic distance and network congestion have not been factored into the architecture at all.

The solution: Use latency engineering techniques such as placing cloud resources closer together, deploying edge networking resources, leveraging CDNs, using network monitoring tools, and conducting load testing.

7. Scalability issues

Many cloud failures occur when architecture meets a sudden spike in scale. An example is if a solution is not designed to handle a x10 spike in traffic, resulting in requests timing out, serious bottlenecks, and skyrocketing cloud bills. While cloud architects shouldn’t overengineer, it’s still important to build for relevant future needs.

The tell-tale signs: Latency is rising when traffic rises, peak hours produce errors, there’s no proper load distribution, and your database is not designed with read replicas or caching.

The solution: Leverage autoscaling, rightsizing, and load balancing. Add health checks. Build independently deployable components to minimize disruptions should things go south.

8. No cost visibility or management

Overprovisioning and under-utilization are both bad patterns to fall into, resulting in cloud waste. These can be especially hard to detect if you’ve got ineffective cloud spend tracking in place, such as reviewing costs at an aggregate level with no or spotty attribution.

The tell-tale signs: There’s a spike in cloud spend somewhere, but nobody knows what the cause is and who’s responsible. Alternatively, you’re spending too much or too little to meet your actual cloud demands.

The solution: Automate cost management where possible, including rightsizing and eliminating unused resources. Set up real time monitoring, forecasting, and budget alerts. Use serverless where it is appropriate. 

9. No resilience

Disasters happen. That’s why cloud providers only promise uptime of 99.9% or 99.99999%, never 100%. Things going south is a “when” and not an “if”, so if the solution isn’t designed with recovery and uptime in mind, it’s not a complete solution.

The tell-tale signs: Nobody has talked about what happens if a key component fails.

The solution: Designing failure-tolerant architectures, particularly in areas where a service disruption would heavily damage your organization.

10. Skill stagnation

It’s practically cliche to mention that any area of tech moves fast, but it still needs to be said in this context, as outdated cloud knowledge can result in selecting more costly, less competitive solutions simply by not knowing about the alternatives. There’s comfort in selecting familiar architectural paradigms, designing like it’s 2020 rather than the here and now. 

The tell-tale signs: There are better architectural paradigms or services that could be selected. Some of the cloud features and services are nearing the end of their lifecycle, falling into the maintenance or sunset categories. 

The solution: Adopt cloud upskilling strategies to grow talent and stay cloud competitive. These could include access to cloud-specific learning resources by experts, reimbursing staff for sitting cloud certification exams, celebrating and recognizing cloud learning achievements, and providing virtual environments (labs, sandboxes) to safely practice cloud skills.