Containerization packages an application and all its dependencies into an isolated unit — a container — that runs consistently across different computing environments. Containers share the host operating system kernel but are isolated from each other through namespace and control group mechanisms. Docker popularized containerization, and Kubernetes became the dominant orchestration platform.
The security implications cut both ways. Containers improve security by isolating applications. But container escape vulnerabilities can allow a compromised container to access the host, and a kernel vulnerability affects all containers on the host simultaneously.
CISSP Relevance
Containerization is addressed in Domain 3 (Security Architecture and Engineering) and Domain 8 (Software Development Security). CISSP candidates must understand container security principles, image security, orchestration security, and how containers change traditional security assumptions about system boundaries.
External reference: NIST SP 800-190 Application Container Security Guide
Related terms: Secure Software Development Lifecycle, Security Architecture