Container Tidbits: The Tenancy Scale
We often compare the security of containers to virtual machines and ask ourselves “…which is more secure?” I have argued for a while now that comparing containers to virtual machines is really a false premise – we should instead be comparing containers to processes.
We aren’t forced to get rid of virtual machines when we run containers. Containers can be run, in conjunction with virtual machines, in three ways – so it’s a straw man comparison.
- Containers inside of virtual machines.
- Containers in some places, virtual machines in others (the comparison).
- Virtual machines in containers (yes, you can do this).
We can run workloads using any of the three techniques as listed above… so forcing a security comparison isn’t exactly “natural”. I would argue that it’s more “natural” to think about the tenancy requirements of the workloads and the “amount” of isolation required.
Read the entire article here, Container Tidbits: The Tenancy Scale
via the fine folks at Red Hat.