4.1.4. Architecture Considerations

💡 First Principle: Every architecture decision involves trade-offs. More availability costs more. Stricter security reduces usability. Better performance may compromise data sovereignty. The architect's job is to make these trade-offs explicit and align them with business requirements.

Availability — designing for uptime through redundancy, load balancing, and failover. Measured by "nines": 99.9% (8.76 hours downtime/year) vs. 99.99% (52.6 minutes/year). Higher availability requires more infrastructure and cost.

Resilience — the ability to continue operating through failures. A resilient system degrades gracefully rather than failing catastrophically. If the primary database goes down, the application serves cached data rather than displaying an error page.

Cost — security budgets are finite. Architecture must balance protection against budget reality. Risk-based prioritization ensures the highest risks get the most investment.

Responsiveness — system response time affects both user experience and security (slow authentication pushes users toward workarounds). Edge computing and CDNs improve responsiveness by processing data closer to users.

Scalability — the ability to grow capacity without redesigning the architecture. Cloud elasticity enables scaling, but each new instance must inherit security configurations.

Ease of deployment — simpler architectures are easier to secure and audit. Complexity is the enemy of security — every unnecessary component is potential attack surface.

Risk transference — shifting risk to another party through insurance, SLAs, or outsourcing. Cyber insurance transfers financial risk; managed security services transfer operational risk. But responsibility for due diligence remains.

Ease of recovery — how quickly you can restore normal operations after an incident. Architectures designed for recovery include automated backups, infrastructure-as-code for rapid rebuild, and documented recovery procedures.

Patch availability — architecture choices affect patchability. Systems that can be patched without downtime (rolling updates, blue-green deployments) reduce the window of vulnerability.

Power and compute requirements — edge devices, IoT sensors, and mobile systems have limited power and compute, constraining which security controls can run on them.

⚠️ Exam Trap: Risk transference doesn't eliminate risk — it shifts the financial impact. You can buy cyber insurance, but the reputational damage and customer trust loss from a breach remain yours.