1. How can I ensure that security issues in the OS do not affect the containers running it, and vice versa?
It’s important to understand that containers are an operating system technology. But unlike virtual machines, containers use the OS more efficiently and in a different way. Each VM runs its own complete operating system, while containers share the same underlying operating system (the single host OS). There is also a portion of the OS inside the container, such as libraries needed for the application. This provides efficiencies and easy scale, but it can also present specific security challenges: Any vulnerability in the OS can affect the containers it is hosting, and any vulnerability in a container can affect the host OS. Look for a container solution that is built on a hardened operating system platform, supports capabilities such as isolation and vulnerability scanning, and effectively enables portability through consistency all along the container stack.