View analytic
Friday, May 18 • 9:00am - 9:45am
Containerization: a new Compartmentalization for Information Security

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Despite how very different a container is from a virtual machine(VM), that comparison is the easiest to understand if you’ve never dabbled in the world of containers. You can think of it as a VM that runs one specific application. Essentially, you spin up an image that is trimmed down to run whatever specific application it’s been built for.

“But why would I want a VM that runs just one application?”

Well, that’s where it begins to get interesting. Containers are super lightweight and have a minuscule footprint on systems. They can be tailored to only use the minimum resources needed just for that application as opposed to a traditional VM where you’re supporting an operating system, services, and any other resources that a full-fledged physical machine needs to run. Additionally, containers can be spun up to do a job and deleted right after completing that job with no loss of data, meaning they’re only there when you need them.

So for those of us that work in the realm of information security, we know that one of the best ways to protect systems is by layering security. In fact, if we had our way, we would just pile on the layers until no attacker would see the value in the attempt. However, in the real world that’s just not practical. So as mentioned earlier containers are… well… self-contained. They are utilized for a single application maintaining compartmentalization of data, access, and resources. They can also be used and then deleted after use while the data they utilize is stored elsewhere.

This makes for a very convincing tool in securing systems and networks. We can have a single instance of an application run with access only to the data it needs to operate, accessed only by the person who instantiated the container, and then potentially deleted after use. Not to mention that simultaneous containers can operate independently of each other with no crossover connections, effectively isolating those instances from other systems, networks, and users. Truly, this sounds like a very effective strategy in securing a variety of systems and networks in a variety of environments.


Corey McReynolds

Sword and Shield Enterprise Security
Corey graduated Carson-Newman University with Bachelor of Arts in Communications. He then started his career with the United States Army where he worked on numerous operations as a Military Intelligence asset. He was Honorably Discharged as a Military Intelligence Officer from the... Read More →

Friday May 18, 2018 9:00am - 9:45am
KEC (Knoxville Entrepreneur Center) 17 Market Square Suite 101, Knoxville, TN 37902