[toddgardner]

How you approach this is very different depending on the size of organization. We're a small shop (3), but we deliver big services to lots of people.

We do this by owning everything we can, and using simple vendors for what we can't.

[1970-01-01]

Understanding exactly who does what and how they can be reached to work an emergency is all part of the availability pillar. Size matters not. Your security team needs to vet your team, your critical systems, your code, and your 3rd and 4th party dependencies constantly.

[iso1631]

Depends on what your goal is -- minimal downtime or minimal blame

A 5 hour outage when headlines say "the internet is broken" may well be preferable to a 5 minute outage related to your far simpler and far more resilient setup