Taking advantage of the cloud's inherent potential is achievable by approaching design strategically and with intentionality. A well-architected cloud is one that meets a company’s business and operation objectives in the most secure, reliable, efficient, and cost-effective way.
Start with a solid plan that aligns to the business objectives and use the planning process to outline guiding principles. Adopting best practices and selecting the most appropriate cloud services becomes more straightforward when you have guiding principles to validate your assumptions.
During the architecture design phase, address and mark these items off your list:
Security – Goes without saying, right? It should always be a top concern in any environment whether on-premise or in the cloud.
Reliability – The architecture needs to be able to withstand failure at many levels. It needs to have built-in disaster recovery and backup/restore potential.
Efficiency & Scalability – The architecture needs to accomplish the operational goals most efficiently. It also needs to be scalable since modern day IT systems need to grow/shrink at a moment’s notice in order to keep pace with production demands.
Cost-Effectiveness – The architecture needs to be designed in a way where there are no unnecessary costs.
Testing - the hallmark of a successful cloud architect!
During implementation or even the architecture design phase, test your assumptions. We all know that cloud innovation is happening at an exponential pace. As new cloud services become available, keep an open mind and harness your technical curiosity to explore by testing new services. It can be inexpensive and ultimately, provide the cloud platform better performance and overall cost savings. If testing shows that service isn’t the best fit, then delete the resources and move on.
There are two main pitfalls I’ve seen with cloud architectures. They are poor Identity and Access Management (IAM) policies and running resources when they are not needed.
Regarding IAM, the sheer number of cloud resources and services offered can make setting up user access time-consuming and its tempting to circumvent the "principle of least privilege (PoLP)." This can result in users being granted more rights than they need because it is just easier and quicker to grant full privileges than it is to create a custom policy. This can lead to many security risks and the potential for critical data and resources to be changed or deleted.
Running resources when they aren’t being utilized is an easy way to waste money. For example, if an organization has several developer servers that are used between 8-5 on Monday through Friday. Leaving those resources on 24/7 accounts for 123 hours of non-utilized compute time that the company is charged for every week. Depending on the number of servers this could easily be costing a company thousands of dollars every month.
Information and material in our blog posts are provided "as is" with no warranties either expressed or implied. Each post is an individual expression of our Sparkies. Should you identify any such content that is harmful, malicious, sensitive or unnecessary, please contact firstname.lastname@example.org