VITI Security

Cloud Architecture for Scale: From Shopify to Custom

by CyberZestMay 17, 2026
Cloud Architecture for Scale: From Shopify to Custom - VITI Security

TL;DR: This guide on Cloud architecture ecommerce covers what changes in 2026, the controls that actually work, and the checklist you can hand to your team this week.

"Should we move off Shopify?" is the most common cloud architecture question Indian D2C brands ask between Series A and Series C. The answer is rarely yes-or-no; it is a series of moves on a maturity curve. Here is the curve.

Stage 1: Shopify standard (₹0-15 cr revenue)

Native Shopify theme, standard apps, default payment integrations. Cheap, reliable, fast to launch. The cost is flexibility — anything outside Shopify's envelope (custom inventory logic, complex pricing, multi-region currency) is painful.

Stage 2: Shopify + apps stack (₹15-50 cr)

Add specialized apps for marketing, inventory, fulfillment, customer support. Stitch the storefront experience together. Most Indian brands plateau here for years — and that is fine if Shopify's envelope contains your business.

Stage 3: Shopify Plus + headless

For brands needing performance and customization beyond Shopify's default theme, headless commerce — Hydrogen, Next.js Commerce, custom React frontend — combined with Shopify Plus backend. Storefront performance becomes a competitive advantage.

Stage 4: Composable / custom (₹100+ cr)

  • Custom storefront on Next.js or Remix.
  • Best-of-breed cart, payment, OMS — picked individually.
  • Self-hosted product catalog (Algolia, Elastic).
  • Custom inventory and order orchestration.
  • Multi-region presence with localized experience.

The infrastructure for Stage 3-4

  • CDN-fronted storefront (Cloudflare, Vercel, AWS CloudFront).
  • API gateway for backend services.
  • Microservices for cart, inventory, pricing, recommendations.
  • Async order processing via queues.
  • Real-time analytics (ClickHouse, Snowflake, BigQuery).
  • Event-driven architecture for downstream systems.

The migration costs

  • Shopify standard to Shopify Plus + headless: ₹40-100 lakh project, 4-6 months.
  • Shopify to custom: ₹2-5 crore project, 9-18 months. Risky if revenue dependent.
  • Annual ops cost for custom: ₹50 lakh-2 crore depending on traffic.

The honest answer to "should we move?"

Most Indian D2C brands should not move off Shopify until growth is genuinely constrained by it — and that point usually arrives well above ₹50 cr revenue. Migration projects done before they are needed delay growth and consume capital that should fund marketing.

Our cloud team advises on the right cloud architecture for your stage and runs migrations when they are genuinely the right move.

Cloud Architecture Ecommerce: where to start this week

If you are just starting on cloud architecture ecommerce, pick one application or one business unit and run the playbook above end-to-end. A focused cloud architecture ecommerce pilot beats a sprawling rollout every time — and the artefacts you produce (asset inventory, threat model, remediation tracker) seed every future engagement.

cloud architecture ecommerce
Cloud architecture ecommerce — visual reference.

Further reading

Key takeaways on cloud architecture ecommerce

  • Threat model first. Map the assets in scope for cloud architecture ecommerce, the attackers who would target them, and the controls already in place — before buying any tool.
  • Detection beats prevention alone. Pair every preventive control with telemetry; assume one layer of cloud architecture ecommerce defence will fail and design for visibility on the second.
  • Document the decisions, not just the configs. Auditors and incoming team members read the why, not the YAML. A short cloud architecture ecommerce architecture brief saves dozens of hours later.
  • Test against real adversary patterns. Tabletop exercises and red-team drills tell you whether the cloud architecture ecommerce plan survives contact with reality.
  • Iterate quarterly. Reassess the cloud architecture ecommerce posture every quarter; the threat surface changes faster than annual reviews can keep up with.

Cloud architecture ecommerce: frequently asked questions

What is the fastest first step in cloud architecture ecommerce?

Inventory. Until you know what is in scope, every other cloud architecture ecommerce decision is theoretical. A two-day inventory exercise typically uncovers more risk than a quarter of policy work.

How much should a small team spend on cloud architecture ecommerce each year?

Plan for 5–10% of IT budget on cloud architecture ecommerce controls and an additional 2–3% on assurance (audits, pentests, training). Mid-market teams often under-spend on assurance and over-spend on tooling.

Who owns cloud architecture ecommerce when there is no CISO?

The CTO or VP Engineering — accountability without ambiguity. Bring in a fractional CISO when cloud architecture ecommerce obligations cross regulatory boundaries (DPDP, HIPAA, PCI, RBI).

How do we measure whether cloud architecture ecommerce is working?

Three numbers: mean time to detect, mean time to recover, and the count of unpatched critical-severity vulnerabilities older than 30 days. Trend matters more than absolute value.