Google Cloud Architecture & Modernization
I work with engineering teams to design and modernize cloud architectures on Google Cloud — helping organizations move from legacy or on-premises systems to secure, scalable, production-ready platforms. This goes beyond migrating workloads. It means rethinking how applications are structured, how infrastructure is provisioned and automated, how identity and security are managed from day one, and how the platform evolves as the business grows.
I’m Amit Malhotra, a Principal GCP Architect based in Toronto with 20+ years in IT and 6+ years hands-on with Google Cloud, Terraform, GKE, and DevSecOps. I’ve modernized GCP platforms at regulated enterprises including RBC, Tangerine Bank, Telus Health, and Loblaws, and for SaaS teams building at scale. Every architecture engagement I run is guided by the SCALE Framework — my structured methodology for building GCP platforms that are secure, automated, and built for long-term growth.
Instead of simply moving virtual machines, I focus on improving platform scalability, security posture, and operational velocity — so your engineering team spends less time managing infrastructure and more time building product.
PLATFORM MODERNIZATION
From Legacy Infrastructure to a Production-Ready GCP Platform
Managed Service Transition: I move workloads from high-maintenance VM environments and legacy on-premises infrastructure to GCP-native managed services — GKE, Cloud Run, Cloud SQL, and Memorystore — reducing operational overhead, eliminating undifferentiated heavy lifting, and cutting total cost of ownership. Every service transition is designed with zero-downtime migration and rollback capability.
Infrastructure as Code with Terraform: I build modular, version-controlled Terraform frameworks that allow your team to provision complete environments — Dev, Staging, and Production — from the same codebase, with no manual steps and no configuration drift. Every GCP resource is reproducible, peer-reviewable, and auditable. If you can’t provision your environment from code, you don’t have infrastructure — you have a snowflake.
Standardized CI/CD Pipelines: I implement automated CI/CD pipelines — using GitHub Actions, Cloud Build, or your existing toolchain — that replace manual deployments with fast, repeatable delivery workflows. Every pipeline includes automated testing, security scanning, and deployment validation so releases become routine rather than high-stakes events.
SECURITY & IDENTITY BY DESIGN
Security Designed Into the Architecture — Not Added After the Fact
Zero Trust & Keyless Architecture: I eliminate the risk of leaked static credentials by implementing Workload Identity Federation — moving your GCP environment to a keyless authentication model where workloads prove their identity through federated tokens rather than long-lived service account keys. No more credentials in code repositories, environment variables, or CI/CD secrets.
Automated Compliance Guardrails: I codify your security posture through Policy-as-Code — using OPA/Gatekeeper, Terraform Sentinel, or GCP Organization Policies — so compliance isn’t a manual audit exercise but a platform property enforced automatically on every deployment. Security controls that live in policy code are consistent, auditable, and can’t be bypassed by accident.
Least-Privilege IAM Architecture: I restructure complex, overgrown IAM hierarchies into a clean least-privilege model — scoped service accounts, Workload Identity per pod, resource-level bindings rather than project-level, and Access Context Manager for context-aware access controls. The result is a security model that protects your most critical data and APIs without blocking engineering velocity.
OPERATIONAL EXCELLENCE IN PRACTICE
Platform Design That Works in Production — Not Just in Architecture Diagrams
Standardized GKE Foundations: I deploy GKE clusters architected for multi-tenancy, workload isolation, and operational reliability — with standardized deployment patterns, node pool strategy, pod security baselines, Binary Authorization, and autoscaling configured from day one. Your team gets a Kubernetes foundation that’s solid enough to build on and clear enough to operate without specialist knowledge.
Serverless and Managed Compute Strategy: I leverage Cloud Run for stateless APIs and event-driven workloads — giving you a scale-to-zero cost model, sub-second autoscaling, and zero cluster management overhead for the services that don’t need Kubernetes. I design the right compute strategy for each workload rather than defaulting everything to GKE.
Resilient Multi-Region Architecture: I design multi-region and high-availability GCP architectures using Cloud Load Balancing, regional GKE clusters, Cloud Spanner or AlloyDB for globally distributed data, and Cloud CDN for low-latency content delivery — so your platform stays online during regional GCP outages and performs reliably for users across North America.
WHO I WORK WITH
The Engineering Teams and Leaders I Typically Work With
High-Growth SaaS and Technology Companies: For engineering teams moving from ‘it works at our current scale’ to ‘it needs to handle 10x users without a redesign’ — I design the GCP platform foundation that supports rapid growth without accumulating the technical debt that slows teams down later.
Enterprise Platform Modernization: For organisations carrying legacy infrastructure debt — on-premises systems, manually managed VMs, or fragmented GCP environments built without a consistent architecture — I provide an expert-led path to a modern, automated, secure GCP platform without disrupting ongoing operations.
Engineering Leadership: For CTOs, VPs of Engineering, and Platform Leads who need a principal-level GCP architect to establish the architecture direction, make the high-stakes early decisions correctly, and give their internal team a solid foundation to build on — without committing to a large consulting engagement or a long hand-off period.
LET’S TALK
Ready to Build a GCP Platform Your Engineering Team Can Actually Trust?
Whether you’re architecting from scratch, modernizing a legacy platform, or embedding security and automation into an existing GCP environment — I start with a free 30-minute architecture review. An honest conversation about where your platform is, what’s holding it back, and what the right path forward looks like.
You work directly with me throughout — Amit Malhotra, Principal GCP Architect. No account manager, no junior delivery team, no hand-offs. Book a free architecture review here.
Speak Directly With Amit Malhotra
Operating From
Based in Toronto (EST), working with engineering teams across Canada & USA
Ready to Architect Your Future on Google Cloud?
Speak directly with me — a Principal Cloud Architect — about your GCP architecture, security, platform engineering, or MLOps goals. I typically respond within one business day.
✓ Free 30-minute call ✓ No proposal, no pressure ✓ Responds within one business day
Get In Touch
Trusted Technical Advisor
Amit works as a true architecture partner, not just a consultant. He focuses on making the right decisions early and designing systems that remain maintainable as they scale. His guidance helped us avoid costly redesigns and establish a solid cloud foundation from the start.
- Kanishk P,
- Binoloop Inc
Architecture leadership
Amit helped us redesign our Google Cloud architecture to support rapid growth without increasing operational complexity. His ability to simplify difficult architectural decisions and design scalable platform foundations had an immediate impact on our engineering velocity and system reliability.
- Rohit Kulkarni,
- Cascade Cloud Inc.
Platform engineering & DevSecOps
We engaged Amit to build a secure and scalable platform on Google Cloud with Terraform, Cloud Run, Kong API gateway and automated CI/CD. He brought deep hands-on expertise and designed everything with long-term operability in mind. Our deployment process is now significantly more reliable and secure.
- Hema Kumar,
- Pemvish.com