Best Practices for Designing Cloud Architecture 

by Riversafe

Developing and deploying applications in the cloud brings tonnes of benefits. But getting the best out of a cloud environment, and the products you build within it, means having the right architecture in place.  

Planning, designing, and implementing a cloud environment that best supports your business goals is the first step towards achieving success with cloud technology. Your cloud environment will connect every component of your digital infrastructure, from application development and access management to data storage and networking.  

All these mechanisms need to work seamlessly together to give users access to the resources they need and enable the network to fulfil its functions—and that’s where cloud architecture comes in.  

Architecting for the cloud 

How a cloud environment is architected will determine the way that all the components fit together, and by extension, how they perform.  

A well-architected cloud environment will be agile, scalable, and resilient, as well as able to shoulder your organisation’s workloads in a cost-effective way. 

A simple cloud architecture design could look something like this: 

Application (SaaS) SaaS applications, web services, multimedia (Salesforce, Dropbox) 


Operating System, Development environments (Google App Engine, Heroku, Azure App Service, AWS Elastic Beanstalk) 
Infrastructure (IaaS) Storage, Virtual Machines (AWS EC2, Microsoft Azure Virtual Machines, Google Compute Engine) 
Data centre (HW)  Physical resources (CPU, Bandwidth, Disk, Memory) 

Cloud architecture frameworks 

When designing your cloud environment, it’s a good idea to have something in place that gives you a starting point; something you can refer back to throughout your architectural journey to make sure you’re still on the right track and adhering to the fundamentals.  

These kinds of handy guides are known as cloud architecture frameworks, and unsurprisingly given how complex and unique each cloud environment can be, there’s a tonne of different frameworks to choose from.  

The big cloud service providers all have their own frameworks for those building on their platform: the AWS Well-Architected Framework, Google Cloud’s Architecture Framework, and the Microsoft Azure Well-Architected Framework are some of the most popular.  

There are also frameworks out there that focus on architecting environments for specific industries like Healthcare and Finance, or for building out services using a hybrid cloud model.  

You should take all these factors—objectives, technical requirements, industry context, and chosen Cloud Service Provider (CSP) —into account when choosing a cloud architecture framework to guide you.  

The six pillars of great cloud architecture 

What all these frameworks have in common, however, is that they provide you with tried-and-tested design patterns and best practices to help you achieve effectiveness around the core pillars of any good cloud environment: cost-effectiveness, operational excellence, resilience, high performance, sustainability, and security. 


Managing costs effectively starts with selecting the right services to deliver your goals. Poorly architected environments can be extremely costly.  

Best practices:  

  • Track and analyse how resources are used to see if you can scale down or change models 
  • Use managed services to reduce your total cost of ownership 
  • Plan consumption and reserve resources upfront as that can provide significant discounts. 

Operational excellence 

Ensuring operational excellence means building for observability and making sure that all services and processes running in your environment can be constantly monitored and optimised.  

Best practices:  

  • Automate everything 
  • Constantly refine operations procedures, making small manageable changes regularly 
  • Prepare for the worst and learn from operational failures by putting better processes in place to prevent and recover 
  • Design workloads to be observable and expose right metrics 
  • Define Service Level Objectives (SLO) and Service Level Indicators (SLI), ant track SLIs rigorously to fulfil SLO  


Your cloud environment should be highly available with minimal downtime, and equipped to recover quickly from any outages. 

Best practices:  

  • Test recovery procedures regularly  
  • Use automation to speed up recovery from failures 
  • Scale horizontally to boost system availability 
  • Design workloads for high-availability and fault-tolerance as necessary 
  • Design, implement and test a Disaster Recovery plan in order to be sure that workloads can be recovered within desired Recovery Time Objective (RTO) and Recovery Point Objective (RPO) 

High performance 

Architecting for speed and responsiveness requires a focus on handling requests quickly and efficiently, using things like load-balancing processes to cope with demand at scale. 

Best practices:  

  • Try using serverless arch 
  • Experiment with new ways to do things more efficiently 
  • Employ mechanical sympathy  
  • Use caching where appropriate to speed up data access 
  • Execute load and performance testing on regular basis 
  • Collect and analyse performance metrics in order to apple capacity planning techniques so that your workload performance meets current and future demands 


A relatively new addition to cloud architecture philosophy, the sustainability pillar focuses on ensuring your workloads are designed to use minimal energy while maximising efficiency. 

Best practices:  

  • Right-size workloads to minimise wasted resources and energy 
  • Monitor everything and focus on making workloads that use the most resources more efficient 
  • Optimise geographical workloads by the location of the user 


Your cloud environment should be architected with security in mind from the outset, with infrastructure and processes in place to protect networks, workflows, and data. 

Best practices:  

  • Make events and behaviour as traceable as possible 
  • Embed security within all layers of architecture 
  • Automate security best practices 
  • Encrypt data both in transit and at rest 
  • Implement a zero-trust approach 
  • Prepare for security events so you can recover fast 

Cloud architecture: Best practices you need to know 

As we mentioned above, every cloud environment is unique, and no single framework will provide a perfect cookie-cutter solution. But some key best practices generally apply across the board, no matter what industry you’re in or what vendor you’re using to host your cloud environment. 

Design your architecture to be scalable 

Cloud architecture should be designed to scale up or down based on so that applications can ride out sudden spikes in traffic without crashing or slowing down. 

There are a few design strategies to consider when architecting for sustainability. Distributed architecture, for example, allows you to scale horizontally by adding more resources (such as servers, containers, or instances) as and when they’re needed to handle extra traffic or workloads. 

Load balancers help too, by spreading out traffic across multiple servers, instances, or containers so that no single resource gets overloaded, boosting improve performance and availability in the process.  

And if demand fluctuates, you can automate the process of adding or removing resources based on these changes. Based on metrics like CPU usage, network traffic, and queue length, you can use auto-scaling to make sure the appropriate amount of resources are available without the need for manual intervention.  

Architect for the worst-case scenario 

We’ve all heard about Murphy’s Law: everything that can go wrong, will go wrong. With data breaches, natural disasters, and system failures all having the potential to affect availability, cloud solutions are not exempt from this law. 

Build with the mindset that failure is an inevitability. Ensure your cloud architecture contains self-healing and recovery capabilities, automate the regular backup of data and make a plan for restoring systems quickly in the event of a failure.  

It can also help to design your solution around a pre-set availability target that gives you something to aim for.  

Break components up into smaller parts 

Decoupling is a useful design principle that involves separating different components or services of an application so that they can function independently, without affecting one another. This partitioning means you get greater flexibility, scalability, and resilience, as well as easier maintenance and upgrades.  

You can achieve decoupling in a few ways, including using APIs, microservices, and message queues: essentially any techniques that allow components to communicate without requiring them to share a common codebase or infrastructure.  

By decoupling components, you can create more modular, agile, and adaptable systems that can evolve and scale with changing business needs. 

Optimise storage for cost-effectiveness 

Data storage can be one of the costliest areas of your cloud setup. When designing your cloud environment, consider what data you have, what you need to keep, and what needs to be accessed (and how frequently). Breaking your data up into use cases will help you select the right storage tier for various chunks of data, and make sure you’re not paying over the odds for storage functionality that you don’t need. 

Each CSP has different storage tiers available, but whichever vendor you go with, you can be sure that they’ll have a variety of storage options ranging from more costly high accessibility classes to cheaper long-term classes for archiving and regulatory use.  

Automation can help here too. Build lifecycle policies into your design so that data you don’t need to access regularly can be moved to lower-cost storage tiers after a certain period.  

Think security first 

Security should be a top priority when architecting for the cloud, so be sure to implement cloud security best practices at every single layer. Remember, cloud security is a shared responsibility between you and your CSP, so get a thorough grasp of what kind of security posturing and infrastructure is down to you, and what you entrust to the vendor. 

Some of the things you’ll be responsible for, and therefore things you need to consider baking into your design, are data partitioning, encryption, multi-factor authentication, access control, monitoring, and data backups. 

Build in observability 

To keep your architecture performing at optimum levels, you need to collect as much information as possible and analyse system performance data and usage patterns. This allows for issues to be discovered and fixed before customers report them.  

As part of your cloud architecture, create log aggregation processes to collect data from multiple sources across your environment. Then you can set up cloud-native monitoring tools that improve observability by providing performance insights and potential issue alerts in real time.  

Automate whatever you can

Automating as much as possible allows your workloads and applications to respond to the demands of your users more quickly.  

There are several ways you can utilise automation in your architecture. As well as the aforementioned auto-scaling, other tasks can also be automated to increase performance and cut the risk of your environment being impacted by human error.  

Provisioning of resources like VMs, containers and test environments, for example, can be achieved by using infrastructure-as-code or DevOps-style methodology like continuous integration/continuous deployment (CI/CD) pipelines. Similarly, the deployment of applications and services can be automated, again using code.  

Outline policies and document everything

Once you’ve designed an effective, carefully architected cloud environment, you’ll need some documentation in place to help maintain it properly and consistently. Outline expected standards of governance developing and documenting policies, accountabilities and protocols that make sure you’re achieving the required levels of regulatory compliance at all times.  

Thoroughly documented architecture gives all teams that work with the environment a common blueprint, allowing them not only to understand the designs but also to communicate and collaborate more effectively when planning future use cases as business needs evolve.  

Don’t forget about sustainability  

Another factor that’s become increasingly central to cloud architecture over the past few years is sustainability. Computing, whether on-premise or in the cloud, uses a huge amount of natural resources. Sustainability’s role in cloud architecture is about building a cloud environment with minimal impact on our actual, physical environment.  

That means considering factors like being able to quantify (and offset) the effects of running your workloads in the cloud, optimising resource utilisation, and developing a model of shared responsibility to ensure your operations are sustainable long-term.  

You also need to position your cloud environment to be adaptable, as technologies and best practices around sustainability evolve. 

Looking for support for your cloud infrastructure? 

We deliver professional services that maximise value, increase efficiencies, improve processes, reduce risk, and accelerate time to value for your investment in security technologies. 

Whatever your business needs, we provide expert advice and technical delivery services across cyber security, data operations, and DevOps. 

We understand that every business does things differently. That’s why we have various engagement options available, so you can choose the best service for your organisation. 

 Book a consultation 



By Riversafe

Experts in DevOps, Cyber Security and Data Operations