It’s hard not to admire confidence in marketing. Take Fortra, for example. Fortra is the new parent company of GoAnywhere, a Managed File Transfer (MFT) solution that’s been around for years. The Fortra website proudly declares, “We break the attack chain.” Catchy, right? Except… “break” might have been a little too on the nose. Because that’s exactly what happened recently: their security response came to a screeching halt. On September 11th, a new critical vulnerability (CVE-2025-10035) was d…

Igor Debatur, the founder of Uploadcare, joins us to discuss the complexities and challenges of file management in modern applications. Uploadcare specializes in making the file upload experience seamless for users. Igor shares how their journey started from being an agency that built products for clients to creating a comprehensive solution for file management that addresses the needs of engineers today. We delve into the intricacies of file uploads, which may seem straightforward but are frau…

It seems like AI has become suddenly important to Software Architects in nearly all industries. It’s the latest and greatest technology in a world of fast moving technologies. Actually, AI is not “suddenly” important. AI has been around for as long as software has been around, dating back as early as the 1950s. In the 1970’s, AI technology in the form of Lisp software systems, were believed to be a very promising but just a bit out of reach “silver bullet” solution to every problem. But the “si…

Michi Kono, the CTO of Garner Health, joins us to discuss the intersection of technology and healthcare. Garner Health leverages advanced data management techniques to help employers find the best healthcare providers for their employees. Michi shares insights from his extensive background in the financial sector, where he led significant tech initiatives, and explains how those experiences inform his current work in healthcare. We explore the complexities of the U.S. healthcare system, includi…

Welcome to the first episode of the Software Architecture Insights new podcast! The landscape of software development has notably transformed in 2024, with 62% of developers now leveraging AI in their workflows. While this integration has significantly boosted productivity, it has also raised concerns regarding code quality and complexity. The discussion reflects on findings from the recent 2025 GitClear AI Code Quality Research report, which analyzed over 211 million lines of code and reveale…

It's 2025. AI is no longer a novelty. It’s a fact of life. Generative AI models have matured, multimodal systems can process text, images, and speech relatively seamlessly, and AI-powered copilots have found their way into developer tools, office suites, and even design platforms. And yet… the hype hasn’t gone away. If anything, the AI hype is getting louder. Every product launch announcement now must include a phrase like “Now with AI!” Investors want to know what your “AI strategy” is. Com…

Not all applications are created equal. Some are built to process transactions and maintain state, while others focus on delivering content, data, or experiences to users. For software architects and engineering leaders, distinguishing between these core application types is critical for making sound decisions about scalability, infrastructure, security, and data management. Why? Because how you design, build, construct, and operate your application is different based on your customer use pat…

Another critical principle in maintaining a safe and secure application running in the cloud is understanding the Principle of Least Privilege. The Principle of Least Privilege is an industry-standard security principle widely known to reduce the impact of bad actor attacks. The idea behind the principle of least privilege is to: 1. Grant an entity the minimum permission it absolutely needs to perform its operations. 2. Grant no more permissions than that. This principle applies to cloud infra…

If you’ve ever spoken out to your iPhone and said “Hey Siri, what’s the weather in Seattle, WA”, or spoke to an Amazon Echo device and said “Alexa, turn on the bedroom lights”, you’ve given an AI a set of instructions for it to execute. You’ve given an AI a prompt. In the Alexa case, the phrase is converted from an audio snippet into text, and that text is sent to an AI system — Amazon Alexa in this case — for it to determine the desired actions. The output of that process is a set of actions …

As modern applications grow more complex and valuable, their security becomes increasingly critical. Yet many organizations still operate with a flat security model—one breach and attackers gain access to everything. This approach is like building a house with a reinforced front door but paper-thin walls. How can you improve your application security to reduce your risk of attack? Use isolation zones. Isolation zones aren’t just a best practice—it’s the difference between a minor security incid…

Both you and your cloud provider have a critical role in keeping your application safe. It’s a principle of security known as the Principle of Shared Responsibility. It describes a model for assigning ownership of various security aspects between the cloud provider and you. It’s a principle that has been championed heavily by AWS, but it applies to all cloud providers in all situations. The key to the principle is an agreed-upon set of responsibilities for keeping the application safe for eac…

The software development landscape has shifted dramatically. In 2024, a whopping 62% of professional developers use AI in their development process. This has done wonders for the productivity of an average software developer, and has led many people to assume this means that either we need fewer software developers or, more likely, we can get more and better software developed with existing staff. However, there are issues with this shift. Last year, I read and loved the 2024 GitClear AI repo…

Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes and lend themselves particularly well to applications deployed in the public cloud. But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploit…

In my previous article, I discussed five best practices for managing configurations in cloud-native applications. This article expands those recommendations by giving strategies for how to manage large scale configuration systems for large modern applications. The Configuration Explosion ProblemRemember when our simple applications had a single configuration file? Those days are long gone. Today’s applications don’t just have more configuration—they have exponentially more complex configuration…

Managing configuration information in a complex, cloud-native application can be daunting. There is seemingly configuration everywhere. • There’s configuration describing the network interconnections in your system, including routing rules and port blocking. • There’s configuration for your load balancers, determining where to send traffic destined for your service. • There’s configuration for security permissions needed for databases, caches, servers, third-party applications, and other system…

Software architects hold a unique and influential position in the product development lifecycle, guiding technical decisions that shape the product's future. Let me be clear - architects aren't just technical decision makers, they're risk managers who shape your entire product's future. I've seen this firsthand in my years at AWS, New Relic and other enterprises. When you're operating at scale, every architectural decision carries both opportunity and risk. Technical debt isn't just a burden - …

“Ready to pull the ripcord on VMWare? On Nov 6, join my friends over at CAST and AWS to learn how software intelligence can speed up and derisk the move to best-fit cloud services. Register today!” In the complex ecosystem of software development, the role of a software architect is critical in shaping the direction and success of product development. Software architects wield significant influence that extends well beyond writing code or making isolated technical decisions. Software architect…

In world of software development, the role of a software architect often appears to stand at the top of the technical leadership ladder. With that responsibility comes an even greater need for continuous learning and adaptation. As someone who's spent years in the trenches of cloud architecture, I can tell you that the moment you stop learning is the moment you start becoming obsolete. The Shifting Sands of Technology Let's face it: the tech landscape is changing faster than ever before. What…

Migrating to the cloud can be daunting, especially when dealing with complex applications, which can have a life of their own. These applications can act in seemingly random ways when exposed to unexpected stimuli, such as moving from a stable data center environment to a more chaotic cloud environment. This inherent complexity makes migrating to the cloud risky, but there are ways to mitigate the risk. Piecemeal MigrationProper pre-migration preparation is critical to a successful cloud migrat…

As the world of software development continues to evolve at a rapid pace, organizations are increasingly turning to tools such as Kubernetes to deploy, scale, and manage their containerized applications. Kubernetes and containers have, in particular, revolutionized how we build and deploy applications, but with this power comes the responsibility of ensuring our systems' health, performance, and reliability. This is where effective monitoring comes into play. I've spent years working with comp…

As someone who has spent decades at the forefront of the tech industry, I've seen firsthand how emerging technologies can disrupt the status quo. With the rapid advancement of artificial intelligence (AI), it's natural to wonder about its potential impact on the job market, particularly for roles that rely on uniquely human skills. However, I believe that most human-centric jobs, including writers, actors, and lawyers, will not only survive but thrive in the age of AI. The recently released St…

In the rapidly evolving world of artificial intelligence (AI), getting caught up in the hype is easy. After all, computer intelligence appears poised to surpass human intelligence in every domain. However, despite the remarkable progress AI has made in recent years, there are still areas where humans maintain a clear advantage. According to Stanford University's AI Index report for 2024, AI systems continue to lag behind human performance in tasks that require complex cognitive abilities, such…

The world of artificial intelligence (AI) is undergoing a profound transformation, and at the heart of this change is the rise of open-source AI models. According to Stanford University's AI Index report for 2024, a remarkable 65.7% of the 149 foundation models released in 2023 were open-source, up from 44.4% in 2022 and 33.3% in 2021. This shift towards open-source AI is not just a passing trend; it's a movement that is redefining the very nature of AI development and deployment. Open-Source A…

In all the different ways we know in order to migrate an application to the cloud, the lift-and-shift strategy is often the first method organizations attempt. It’s a simple concept: take your existing applications and move them, as is, to the cloud. But simplicity can be deceptive. I’ve seen firsthand how this approach can lead to a host of issues, particularly when it comes to the underutilization of dynamic cloud resources. Migrating to the cloud using lift-and-shift may be the most expensi…

GitHub has published research on the growth and impact of AI on software development. Among their findings is that developers write code “55% faster” when using the GitHub Copilot code automation tool. But this finding doesn’t tell the whole story. Is this code high-quality? Is this code necessary? Is the code contributing to the long-term value of our applications? Does the code contribute to the operation of the application in a clear and concise manner? In other words, is Copilot (and simil…

Consider the following story: ““I went into my CEO’s office. Our CEO is a very driven, technical, hands-on CEO. All technical decisions have to go through him before the company goes forward with a plan. Today, the discussion was the cloud. The problem? The CEO said we couldn’t move our application to the cloud because it was too expensive. His evidence? ‘If you compare the cost per hour of a cloud-based server instance, to the monthly costs we pay for our servers, the cloud-based servers are j…

In the dynamic world of software development, complexity is often viewed as the arch-nemesis of productivity and efficiency. Yet, here lies the paradox: embracing complexity can actually pave the way to simplicity. How can this be the case? Let’s focus a bit on complexity in software development. We can often think of complexity as a big, tangled ball of yarn. The more you pull on one thread, the messier it gets. Now imagine breaking up that big ball of yarn into smaller, neat little bundles…

Don’t be fooled into thinking your site is highly available when it isn’t. Planned and regular maintenance involving unavailable applications still counts against availability for those applications. After all, from your customer’s viewpoint, your application is still unavailable. The fact that you planned that it would be unavailable is not important to your customers.</p> I often hear companies using routine maintenance windows as an excuse. Usually, the argument goes like this: ““We have fan…

Are you planning an application migration? Perhaps you are moving your on-premise application to the cloud, or perhaps you are modernizing an older application to a more appropriate application architecture. Migrations such as these are commitments. Commitments of time. Commitments of resources. Commitments of mindset and corporate energy. They can involve long and evolved transitions. They involve lots of effort—an effort that does not directly, immediately correspond to a realized benefit. I…

Your application is large. You have many customers, and they make good use of your many features and capabilities. You have a large catalog of products, and your store is big and feature-rich. You are doing well. Except, you are having problems. Your application crashes too often. Your developers are always on it when it fails, and they are very fast at fixing your site, but it takes time and energy. You are down at least once a month or so—and you can be down for hours at a time. Imagine the…