Cost, Not Scalability, Is Now the Primary Architectural Constraint

General
1

For the past decade, the default architectural question was: “will it scale?” In 2026, the question that actually drives decisions in most organizations is: “can we afford it?”

This shift is one of the most significant in enterprise software architecture, and it’s happening quietly while the industry still talks about microservices as if cost isn’t a factor.

The Numbers That Changed My Mind

I spent 25 years believing that architectural sophistication was always worth the investment. Then I started looking at the actual cost data:

  • Microservices infrastructure costs are 3.75x to 6x higher than monoliths for equivalent functionality
  • At enterprise scale: monoliths cost roughly $15,000/month vs. microservices at $40,000-$65,000/month when you factor in infrastructure, operations, platform teams, and coordination overhead
  • Cloud spending hit $723.4 billion in 2025, and organizations waste 32% of their cloud budget
  • 84% of organizations struggle to manage cloud spend, with budgets exceeding limits by 17% on average

Those aren’t theoretical numbers. They’re what I see in my P&L every quarter.

The 42% Consolidation: This Isn’t Retreat, It’s Pragmatism

According to a 2025 CNCF survey, 42% of organizations that initially adopted microservices have consolidated at least some services back into larger deployable units. The O’Reilly survey tells a similar story: 61% of enterprises adopted microservices, but 29% returned to monolithic architectures.

The consolidation drivers aren’t “microservices didn’t work.” They’re:

  1. Debugging complexity — tracing a bug across 15 services with distributed logging is exponentially harder than grep-ing a monolith
  2. Operational overhead — every service needs its own CI/CD pipeline, monitoring, alerting, scaling policies, and on-call rotation
  3. Network latency — what was an in-process function call becomes an HTTP request with serialization, network hop, deserialization, and error handling
  4. Coordination cost — cross-service changes require synchronized deployments, API versioning, and backward compatibility guarantees
  5. Platform team tax — you need a dedicated team just to maintain the infrastructure that makes microservices manageable

The Case Studies That Should Make You Reconsider

Amazon Prime Video migrated their Video Quality Analysis system from distributed microservices to a single-process monolith. The result: 90% infrastructure cost reduction with improved scaling capabilities. Amazon — the company that popularized service-oriented architecture — concluded that a monolith was the right answer.

Twilio Segment collapsed 140+ microservices into a single monolith after discovering that three full-time engineers spent most of their time firefighting distributed systems issues rather than building features.

Shopify runs a modular monolith with 2.8 million lines of Ruby code and 500,000 commits. During Black Friday, it handles 30 terabytes per minute, 32 million requests per minute, and 11 million MySQL queries per second. If Shopify doesn’t need microservices at that scale, most companies definitely don’t.

Netflix runs 700+ microservices but acknowledges the engineering investment required to make that work. Their tooling infrastructure — custom service meshes, distributed tracing systems, resilience libraries — represents millions of dollars in engineering time. This level of investment makes sense for Netflix’s scale. It doesn’t make sense for a Series B startup with 40 engineers.

And then there’s the cautionary tale: one startup raised $2.5M with 40% month-over-month revenue growth, moved to microservices, and was out of money within six months. The “microservices tax” exceeded their burn rate.

The Architecture Decision Framework I Use Now

When my engineering teams propose architectural changes, I now evaluate through a cost-first lens:

Decision Matrix

Factor Modular Monolith Microservices
Team size <100 engineers >100 engineers
User scale Thousands to millions Billions
Platform engineers needed <5 10-20+
Monthly infrastructure $5K-$15K $40K-$65K
Deployment complexity Single pipeline N pipelines
Debugging difficulty Low High
Independent scaling Limited Full
Polyglot support Limited Full

The honest assessment for most companies: you don’t need independent scaling, you don’t need polyglot, and you can’t afford the platform team. Microservices solve problems that most organizations don’t have, at a cost most organizations can’t sustain.

The Hybrid Consensus

The 2025-2026 industry consensus has converged on a pragmatic middle ground: modular monolith core with 2-5 selectively extracted services for genuine hot paths.

  • Payment processing that needs 50x the compute of other functions? Extract it.
  • A background job processor with fundamentally different scaling characteristics? Extract it.
  • An API gateway that needs to be independently deployable for security patches? Extract it.

Everything else stays in the monolith with proper module boundaries. Shopify’s Packwerk tool and frameworks like Spring Modulith provide the discipline to enforce those boundaries without the operational overhead of distributed systems.

What Actually Matters: The Right Question

The microservices vs. monolith debate was always the wrong frame. The real question is: what is the simplest architecture that serves your actual requirements within your actual budget?

“Microservices reward organizational maturity; monoliths reward execution discipline.” Most organizations overestimate their maturity and underestimate the value of execution discipline.

My advice to other CTOs:

  1. Run the cost model before the architecture review. If you can’t quantify the operational cost of your proposed architecture, you’re not ready to propose it.
  2. Treat architectural decisions as financial decisions. Because they are. Every service boundary you create has a carrying cost that compounds over years.
  3. Start monolithic, extract when pain is measured, not anticipated. Premature extraction is the architectural equivalent of premature optimization — it makes everything harder for a benefit you may never need.
  4. Challenge the “scale” narrative. When someone argues for microservices because of scale, ask: what’s your current request volume? What’s your projected volume in 2 years? Does that actually require independent scaling? Usually, the answer is no.

The best architecture is the one your team can build, operate, and afford. In 2026, that’s increasingly a well-structured monolith — and there’s nothing wrong with that.

2

I want to validate this from the perspective of someone who’s lived on both sides of this divide.

Two Years in Microservices Hell

At my previous company (a Series B SaaS startup, ~30 engineers), we made the classic mistake: we adopted microservices because it was “best practice” and because our principal engineer came from Google.

The architecture looked great on the whiteboard. In practice:

The on-call tax was brutal. We had 12 services, which meant 12 things that could fail independently. A single user request touched 4-5 services. When something went wrong at 2am, my first 20 minutes were spent figuring out which service was the root cause before I could even start debugging. In a monolith, you start the debugger and trace the call. In microservices, you’re hopping between Datadog dashboards, correlating distributed traces, and SSHing into different containers.

API versioning consumed entire sprints. Every time we needed to change a data model that crossed service boundaries — which was constantly — we had to version the API, maintain backward compatibility, coordinate deployments across teams, and eventually deprecate the old version (which never actually happened, so we accumulated cruft).

Local development was a nightmare. To run the full system locally, you needed Docker Compose orchestrating 12 services, 3 databases, 2 message queues, and a service mesh. It took 15 minutes to start up and used 14GB of RAM. Half of our “onboarding” for new engineers was just getting the local environment working.

The Kubernetes bill was eye-opening. Each service needed a minimum of 2 pods for redundancy, each with resource requests that guaranteed a baseline even when idle. Our infrastructure bill was K/month for a product serving maybe 5,000 daily active users. That’s .60 per DAU per month on infrastructure alone.

What I See Now in a Monolith (And It’s Not Perfect Either)

At TechFlow (my current company), we run a modular monolith — Rails app with clear domain boundaries enforced through code conventions and automated checks. Here’s what’s genuinely different:

Debugging is 10x faster. One application, one log stream, one debugger session. When something breaks, I set a breakpoint and step through the code path. No distributed traces needed.

Deploys are simple. One test suite, one deployment pipeline, one artifact. We deploy 8-12 times a day. At the microservices shop, a “simple” cross-service change took 2-3 days to coordinate and deploy.

But the monolith has its own costs. Test suites get slow as the codebase grows (ours takes 18 minutes). You can’t scale the search subsystem independently from the API. One team’s bad database query can affect everyone. Merge conflicts happen more frequently because everyone’s working in the same codebase.

These are real tradeoffs. But they’re cheaper tradeoffs. Our infrastructure bill is ,200/month serving roughly the same user count. That’s an 85% cost reduction — remarkably close to the Amazon Prime Video case Michelle cited.

The “Resume-Driven Architecture” Problem

I want to name something nobody talks about openly: a meaningful percentage of microservices adoptions are driven by career incentives, not business needs.

“Designed and implemented a distributed microservices architecture” looks better on a resume than “maintained and improved a Rails monolith.” Architects and senior engineers have a career incentive to propose complex solutions because complex solutions demonstrate complex skills.

I’m guilty of this myself. Early in my career, I pushed for microservices at a startup that had 8 engineers and 200 users. We didn’t need independent scaling. We didn’t need polyglot. We needed to ship features fast. Instead, we spent 40% of our engineering capacity on infrastructure.

The cost-first framing Michelle proposes is a good corrective because it forces architects to justify complexity in dollars, not abstractions. “This will scale better” is vague. “This will cost us an additional K/month in infrastructure and require 2 dedicated platform engineers” is concrete and debatable.

Where I’d Push Back Slightly

The one place I’d nuance the argument: the modular monolith only works if you actually enforce the module boundaries. A modular monolith without enforcement quickly becomes a big ball of mud — and a big ball of mud is genuinely harder to work with than even poorly implemented microservices.

Shopify’s Packwerk tool isn’t optional — it’s what makes their architecture viable. If your team doesn’t have the discipline to enforce boundaries internally, the service boundary of microservices at least forces the issue (at much higher cost).

So the real question isn’t “monolith or microservices?” It’s: does your team have the discipline for a modular monolith, or do you need the forced boundaries of service separation? If the answer is “we need forced boundaries,” at least be honest about why — and budget accordingly.

3

Michelle’s post nails the financial analysis and Alex’s lived experience validates it. I want to add a dimension that I think is underrepresented in this conversation: the organizational cost of architecture choices.

Architecture Decisions Lock in Organizational Structure

Conway’s Law isn’t just an observation — it’s a forcing function. When you choose microservices, you’re not just choosing a technical architecture. You’re committing to:

  • Team topology: Each service needs an owning team. With 30 services, you need at minimum 6-10 teams with clear service ownership, on-call responsibilities, and SLAs.
  • Coordination overhead: Cross-service features require synchronized planning across teams. In my org, a feature that touches 3 services requires 3 separate planning sessions, 3 design reviews, and a coordination meeting. That’s easily 40 hours of engineering time before anyone writes code.
  • Hiring profile: You need platform engineers, SREs, and infrastructure specialists who are expensive and scarce. At a Fortune 500 financial services company, our platform team alone costs us $1.2M annually in salaries. That’s before infrastructure spend.

At my company, I inherited a microservices architecture built during our digital transformation push. We have 47 services across 8 teams. The organizational cost is substantial and often invisible:

The Hidden Governance Tax

Activity Hours/Quarter Teams Involved
Service contract reviews 120 4-6
Cross-service incident postmortems 80 3-5
API deprecation coordination 60 2-4
Shared library upgrade coordination 200 All 8
Platform team requests and support 400 All 8 + Platform
Architecture review board 80 Senior leads

That’s roughly 940 hours per quarter — nearly 6 full-time engineers’ worth of capacity — spent on coordination that wouldn’t exist in a well-structured monolith. At our loaded engineering cost, that’s approximately $280K per quarter in coordination overhead alone.

The “Decision Scalability” Problem

Michelle mentioned that most enterprises don’t hit technical scalability limits — they hit decision scalability limits. I want to expand on this because it’s the most underappreciated insight in this thread.

In a microservices architecture:

  • Data model changes require negotiation between service owners. “Should the user address live in the User service or the Order service?” becomes a political negotiation, not a technical decision.
  • Performance optimization requires tracing across service boundaries. I recently spent 3 weeks tracking down a latency issue that turned out to be a chatty communication pattern between two services — something that would have been a single query optimization in a monolith.
  • Technology standards are harder to enforce. When each team can choose their own stack, you end up with services in Python, Go, Java, and Node — all of which need different CI/CD configurations, different security scanning, different dependency management.

The result is what I call “governance fatigue”: the senior engineers and architects who should be doing creative technical work spend increasing amounts of their time on coordination, alignment, and standardization instead.

Where I Partially Disagree

I do want to push back on one thing: the framing of “cost as the primary constraint” risks overcorrecting.

In regulated industries like financial services, compliance isolation is a legitimate reason for service boundaries. Our payment processing service is separated not because it scales differently, but because PCI-DSS requires that payment card data be isolated in its own security boundary with separate access controls, audit logging, and penetration testing scope.

Similarly, our fraud detection system is a separate service because it needs different deployment cadences (real-time model updates) and because regulatory auditors want to see an isolated system with its own change management.

These aren’t “scale” reasons for microservices — they’re regulatory reasons. And they’re non-negotiable. The cost is real, but it’s a compliance cost, not an architectural vanity cost.

My Recommendation: The Total Cost of Architecture

For anyone making this decision today, I’d suggest building a Total Cost of Architecture (TCA) model:

  1. Infrastructure cost: Compute, storage, networking, managed services
  2. Platform team cost: Headcount dedicated to making the architecture work
  3. Coordination cost: Engineering time spent on cross-boundary communication
  4. Cognitive cost: Developer time lost to local setup, debugging, and context-switching
  5. Opportunity cost: Features not built because capacity was spent on infrastructure

Run this model for your proposed architecture AND a simpler alternative. The difference is your complexity premium. If that premium isn’t buying you a specific, measurable capability you genuinely need, you’re paying for architectural aesthetics.

In my experience, when organizations honestly calculate TCA, the modular monolith wins for about 80% of the cases. The 20% where microservices genuinely win tend to be large organizations (500+ engineers), multi-region deployments with genuine latency requirements, or regulated environments with mandated isolation. If you’re not in that 20%, save your money.

4

Good discussion, but I notice that security is being treated as a footnote in a conversation about architectural decisions. From a security engineering perspective, the monolith vs. microservices debate has implications that go beyond cost.

The Security Case for Consolidation

I’ll be direct: microservices expand the attack surface significantly, and most organizations don’t adequately account for this in their security budgets.

Here’s what a microservices architecture looks like through a security lens:

  • N services = N+1 network boundaries to secure. Every inter-service communication channel is a potential attack vector. Each one needs authentication, authorization, encryption in transit, and rate limiting. In a monolith, most of these interactions are in-process function calls with zero network exposure.

  • N services = N separate dependency trees to audit. Each service has its own dependencies, each of which can introduce vulnerabilities. A shared library vulnerability in a monolith means one patch, one deployment. In a microservices architecture, you’re coordinating patches across dozens of services — and Luis’s data showing 200 hours per quarter on shared library coordination confirms this.

  • Service mesh complexity is itself a vulnerability. Istio, Linkerd, Envoy — these tools are powerful but they introduce their own CVEs, configuration complexity, and failure modes. I’ve found misconfigurations in service meshes at multiple client organizations that allowed unauthenticated inter-service communication despite the team believing mTLS was enforced.

  • Secrets management multiplies. Each service needs its own credentials, API keys, and certificates. More secrets = more rotation burden, more potential for leaks, more attack vectors if any single secret is compromised.

In my experience doing security assessments for fintech startups across Africa and globally, the organizations with microservices architectures consistently have 2-3x more findings in penetration tests than equivalent monolithic applications. Not because microservices are inherently insecure, but because the operational complexity creates more opportunities for misconfiguration.

Where Luis Is Right: Compliance Isolation Matters

Luis made an important point about PCI-DSS requiring isolation of payment card data. I want to strongly second this and add context.

Compliance-driven service boundaries are a fundamentally different category than architecture-driven boundaries. When an auditor asks “show me the boundary between your payment processing and your general application,” they want to see:

  • Network-level isolation (VPC separation, security groups)
  • Independent access control and authentication
  • Separate audit logging with tamper detection
  • Independent deployment with its own change management
  • Isolated secrets and key management

You can achieve this with a well-structured monolith using database-level access controls and application-level boundaries, but it’s harder to demonstrate to auditors and harder to maintain as the team grows. This is one of the genuine security cases for service extraction.

However — and this is critical — this applies to maybe 2-3 services in a typical application, not 47. The PCI scope is payments. The HIPAA scope is health data. The SOC 2 scope is customer PII. You don’t need full microservices to isolate these; you need targeted extraction of compliance-critical components.

The Monolith Security Advantages Nobody Discusses

A well-structured monolith has security properties that are genuinely superior in some dimensions:

1. Single authentication boundary. One application, one auth system, one session management implementation, one place to enforce access controls. In microservices, I regularly find inconsistencies where Service A enforces rate limiting but Service B doesn’t, or where Service C has a different authorization model because a different team implemented it.

2. Transactional integrity. Security-critical operations often need atomicity. “Debit account A and credit account B” must happen together or not at all. In a monolith, this is a database transaction. In microservices, it’s a saga pattern with compensating transactions — which is a well-understood but significantly more complex (and bug-prone) pattern to get right.

3. Simpler audit trail. One application log, one request lifecycle, one correlation ID. When regulators or incident responders need to reconstruct what happened, a monolithic application provides a clearer narrative than distributed traces across 15 services.

4. Smaller deployment surface. One container image to scan, one dependency tree to audit, one runtime to harden. The security overhead scales roughly linearly with the number of independently deployed units.

My Recommendation: Security-Informed Architecture

When clients ask me to evaluate their architecture, I use this framework:

Extract into a separate service when:

  • Regulatory compliance mandates isolation (PCI, HIPAA, SOC 2)
  • The component processes data of a fundamentally different sensitivity level
  • The component needs independent security patching on a different cadence
  • Blast radius containment — if this component is compromised, does isolation limit damage?

Keep in the monolith when:

  • The components share the same trust boundary
  • The data sensitivity level is equivalent
  • The authentication and authorization model is shared
  • Transactional integrity across components is important

The cost conversation is important, and Michelle is right to center it. But I’d ask everyone in this thread to add a sixth item to Luis’s TCA model: security overhead cost — including penetration testing scope, secrets management, inter-service authentication, dependency auditing, and incident response complexity.

In my experience, this security cost alone can add 20-30% to the total operating cost of a microservices architecture. And unlike infrastructure costs, security costs don’t go down when you optimize your Kubernetes resource requests.