Skip to main content
Contact us
Heading to Anaheim for Atlassian Team '26? Come and meet our experts!
Resilience is an architecture decision, not an ops ticket
Share on socials
Matt Saunders on Resilience is an architecture decision, not an ops ticket
The Adaptavist glyph
Matt Saunders
Published on 24 March 2026

Resilience is an architecture decision, not an ops ticket

Resilience in 2026 starts with architecture, not ops. Learn how dependency mapping, abstraction layers, and graceful degradation keep API- and LLM-driven systems running when components fail.
For many engineers, adding resilience to an architecture still means deploying code to another data centre or availability zone, or adding database replicas and load-balancers. Of course, these are all essential things to have. But in 2026, there’s quite a lot more to making resilient architecture in 2026.Many applications are now built on a complicated mesh of APIs and third-parties services. And because of this, it is difficult to add redundancy and resilience after the fact to make sure applications stay running - proppery. It is especially true when downstream components can fail in less predictable and sometimes silent ways.
Now, hardware failures are no longer the only thing we need to watch out for. Seemingly small problems, like an issue in a cloud database provider, can cause downstream ripples and problems. Other APIs, including those that expose AI LLM capabilities, are just as susceptible to failure, yet they’re rarely accounted for in a consistent, standardised way within incident runbooks. It’s tempting to argue that bringing these dependencies in-house would reduce exposure to third-party outages. In reality, though, this shifts the burden inward—introducing significant cognitive overhead that ultimately constrains our capacity to focus on meaningful innovation.

Why traditional approaches to resilience fall short

In shaping resilience models, we’ve traditionally focused on infrastructure; focusing on concepts like N+1 capacity, active/passive failover, and multi-region replication. That approach made sense when we owned and operated the majority of our stack. But production platforms have since evolved into something far more complex: interconnected ecosystems of internal services and external dependencies, gradually assembled and tightly woven together over time.
Any of these services can become a single point of failure that can take your platform down. While they often come with SLAs or SLOs (some formal, so informal), a collection of 99% guarantees multiplied together equates to more downtime than you’d expect, and rarely adds up to the level of reliability we assume. This highlights an important distinction between uptime and true resilience: a single API returning poor or misleading data can be just as disruptive as a full outage, even if everything else appears healthy.
And not all risks are purely technical either. Vendors evolve, get acquired, or are impacted by regulatory and geopolitical shifts, as seen when France restricted foreign collaboration tools. Without a considered continuity plan that accounts for these scenarios, platforms remain exposed to failure in ways that aren’t always immediately visible.

Designing resilience around real user workflows

Resilience in 2026 isn't about having a diagram or a checklist. It's about the workflow. Start with the user journey. Ask: what happens when a dependency fails? When do we fall back on another service? When do humans need to step in? Designing for this isn't trivial. You need circuit breakers that check outputs, catch anomalies, and trigger the next-best move—retry, route around, switch providers, hand off to a human. Don't blindly trust every "200 OK."
The growth of LLMs in products makes this urgent. LLMs aren't deterministic. Providers change fast. Treat them like production dependencies and you'll need abstraction layers—ones that validate outputs, enforce guardrails, and let you swap providers on the fly, or even route to your own models if things degrade. Be curious about providers, but have a plan to replace them without pain.

How to modernise your resilience strategy

How do you upgrade a 2016-era resilience plan for today? Start here:
  1. Map your dependencies from the user journey, not just system boundaries. For each one, ask:
    • Is it interoperable? Can you swap it out easily?
    • Is it replaceable? How long would a real swap take?
    • Is it irreplaceable? And are you okay with that risk?
  2. Figure out how debuggable your system really is. If something breaks, can you trace it from the user impact back to the failing dependency? If not, you’ve got hidden architectural decisions that’ll hurt you when things go wrong.
  3. Architecture diagrams only take you so far. They won’t show where you’ve lost vendor-neutral optionality—where you’ve baked in assumptions about a specific API, pricing, or SLA.
Look at your dependency map with a sceptical eye. Where are you one bad API call away from an incident? Document how you’d fall back manually today. Then design abstraction layers so switching providers, or even relying on humans, is measured in days or weeks, not months.

From surviving incidents to exploiting them

Resilience has always been about keeping the lights on under adverse conditions. We learned that in the early cloud days—redundant, self-healing infrastructure. In 2026, the battleground is the platform and product layer. How you design journeys, model dependencies, and bake in graceful degradation will determine whether you just survive incidents—or use them to transform continuously. Teams that get this right don't fear change. They exploit it.