Virtualization vs Containerization vs Serverless Computing

Modern infrastructure of computer systems often includes virtualization, containerization, and serverless computing, which can be run on-site and in the cloud. 

Because companies use these system infrastructures, as a cybersecurity professional, you must be familiar with these systems in order to know how to secure them. 

Virtualization uses software to run virtual computers on underlying real hardware. This way, a user can run multiple systems, running multiple operating systems, all of which act as if they are on their own hardware. This approach provides additional control of factors like resource usage and what hardware is presented to the guest operating systems (such as specifying the amount of RAM that you want to allocate to a given virtual machine), and it allows for efficient use of the underlying hardware because you can leverage shared resources. 

Virtualization is used in many ways. It is used to implement virtual desktop infrastructure (VDI), which runs desktop operating systems like Windows on central hardware and streams the desktops across the network to systems. Many organizations virtualize almost all their servers, running clusters of virtualization hosts that host all their infrastructure. For security of these virtual systems, virtual security appliances and other vendor-provided virtual solutions are a part of the virtualization ecosystem.

Containerization provides an alternative to virtualizing an entire system and instead permits applications to be run in their own environment with their own required components, such as libraries, configuration files, and other dependencies, in a dedicated container. Kubernetes and Docker are examples of containerization technologies. 

Containers provide application-level virtualization. Instead of creating complex virtual machines that require their own operating systems, containers package applications and allow them to be treated as units of virtualization that become portable across operating systems and hardware platforms. 

Containerization is the process of packaging software with libraries and other dependencies that they need. This creates lightweight, portable containers that can be easily moved between environments while remaining less resource-hungry than a virtual machine since they use their host system. 

Organizations implementing containerization run containerization platforms, such as Docker, that provide standardized interfaces to operating system or hardware, and the consistency of the interface allows containers to shift between systems as needed. 

Containerization platforms share many of the same security considerations as virtualization platforms. They must enforce isolation between containers to prevent operational and security issues that might occur if an application running in one container is able to accidentally or intentionally interact with resources assigned to another container. 

Containerization allows for a high level of portability, but it also creates new security challenges. Traditional host-based security may work for the underlying containerization server, but the containers themselves need to be addressed differently. At the same time, since many containers run on the same server, threats to the host OS can impact many containerized services. Fortunately, tools exist to sign container images and to monitor and patch containers. Beyond these tools, traditional hardening, application and service monitoring, and auditing tools can be useful. 

One more infrastructure concept that you should is serverless computing. Serverless computing in a broad sense describes cloud computing. It describes technology that is sometimes called function as a service (FaaS). In essence, serverless computing relies on a system that executes functions as they are called. That means that when an action needs to be performed, the function is run- thus a function call. Amazon's AWS Lambda, Google's App Engine, and Azure Functions are all examples of serverless computing FaaS implementations. 

Serverless computing brings reduced costs in some cases because it is billed as it is used rather than constantly running. In addition, overhead costs like server maintenance and management are no longer a consideration as the service is simply used on an as-needed basis at the scale and frequency required by the application or service. 

For these systems, security models typically address the functions like other code, meaning that the same types of controls used for software development need to be applied to the function-as-a-service environment. In addition, controls appropriate to cloud computing environments such as access controls and rights, as well as monitoring and resource management capabilities, are necessary to ensure a secure deployment. 

Related Resources