DeMISTIfying Infosec: Containerization

October 31, 2015
By Katherine Teitler

Containerization

Containerization is an alternative approach to virtualization. In a traditional virtual machine environment, each VM "guest" runs a full copy of the operating system plus its relevant libraries and systems tools on top of a hypervisor. Each workload has its own physical server hardware, which, in turn, necessitates heavy system requirements.

Containerization, by comparison, eliminates the hypervisor, meaning that only the resources needed to run the container are in use when an instance is spun up. Each application deployed in a container environment runs on a single, shared instance on the OS kernel. One benefit is that, for rapid deployment of applications, containers eliminate the need for VMs altogether.

InfoSec World 2016 Conference & Expo returns to Disney's Contemporary Resort April 4-6, 2016. Click here for agenda details.

Because the resources required to run a container are smaller and utilize less memory than hypervisors, containers are more efficient and reduce virtualization overload.

Containers like Docker are popular with DevOps because they allow developers to build and test applications in a testing environment before rolling the applications into the production environment. In BYOD scenarios, containers are popular because they allow for separation of applications and infrastructure, which means that IT teams can keep an eye on user-installed applications which may not be secure or approved for use by the organization. Some security professionals have argued that containers are not inherently secure, but new guidelines for secure implementation are starting to emerge.

prestitial ad