Abstract
Container technology promises greater agility and efficiency when it comes to building and deploying applications—a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. Indeed, containers can provide a technological edge that translates into significant business advantage, but some companies have been leery about adopting the technology because of (very valid) security fears stemming from the way in which containers interact with the OS: Containers share system resources for access to compute, networking and storage, but, unlike virtual machines, all containers on the same host share the same OS kernel. If the kernel is compromised, containers will be compromised–and vice versa.