What Are Containers? + Why Should You Use Them

Containers are virtualized computing environments that package everything required to run an environment. Keep reading to learn why you should use them.
Josh Stuts

by Joshua Stuts

December 01, 2022

The speed, flexibility, and scalability of containers makes them ideal for cloud-first organizations.

It enables development teams to quickly and reliably push new and updated applications across varied cloud infrastructures without potential conflicts or unexpected errors. As a result, containers have grown exponentially in popularity, replacing Virtual Machines (VMs) for many organizations. Below, we go through an overview of containers, creating them, orchestration, and reasons why you should be using them.

What Are Containers?

Docker defines a container as, "a standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another."

Containers are virtualized computing environments. They allow developers to package everything required to run an application—including code, dependencies, and libraries—into a single software unit that can be deployed on any infrastructure, be it public, private, or hybrid cloud.

Containers are similar to VMs, but with some key differences. VMs virtualize the entire environment needed to run an application. They contain a full guest Operating System (OS), binaries, libraries, and the application itself.

Typically, multiple VMs are hosted on the same infrastructure, sitting on top of a hypervisor such as VMware ESXi. VMs achieved mainstream adoption in the early 2000s because they addressed a series of challenges that plagued developers up to that point.

Unlike VMs, containers don’t include a guest OS. Instead of a hypervisor, containers sit on top of a host OS and rely on its features and resources. As a result, containers are lighter weight than VMs—the smallest Node.js VM is around 400MB, while a Node.js container could be under 15MB—and can execute much more quickly.

This enables organizations to run more containers on the same infrastructure, resulting in significant cost savings.

Note that while smaller and faster, containers aren’t better than VMs, they are simply a different type of technology. There are several instances where VMs are preferable to containers. Notably, because VMs are fully isolated, they are arguably more secure.

Creating Containers

Containers aren’t new. In 1999, container-like functionality called jails was committed into FreeBSD, and in 2005, Solaris followed suit with Zones. In 2008, cgroups functionality was merged into the Linux Kernel, paving the way for container technologies as we know them today. However, for most modern developers, the most significant event in container evolution was Docker's release in 2013. 

Docker is an open source platform that enables developers to build, deploy, and manage containers. As of 2022, Docker is the most popular container platform, enabling developers to:

  • Package application code, dependencies, and libraries into a container image.

  • Store container images in a single location (known as a registry) and push them anywhere.

Docker also provides Docker Engine, the most popular container runtime—software that pulls images from the registry and runs containers. While Docker is the most popular, it is far from the only option. There are widely used alternatives at every stage of the container lifecycle.

Container Orchestration

For small numbers of containers, you could get by with just an image builder, registry, and runtime. You could use Docker for everything or an alternative at every stage—for instance, Buildah to create container images, Harbor to host them, and containerd as the runtime.

But what if you’re working with thousands?

Containers are temporary by nature and typically have lifespans of just a few days. In environments that scale up and down frequently to match demand, container lifecycles are often measured in hours or minutes, making it impossible to manage everything manually. This is where container orchestration platforms come in.

Orchestration platforms provide tools and automation to manage large container environments. Their capabilities span the container lifecycle, including provisioning, deployment, scaling, networking, load balancing, and more.

Kubernetes is the most widely used platform—a 2021 study by the Cloud Native Computing Foundation found that 96% of organizations are either using or evaluating Kubernetes.

A Side Note on Pods

Kubernetes (and alternatives like Red Hat OpenShift) doesn’t deal directly with containers—it deals with pods. Kubernetes describes pods as “a group of one or more containers, with shared storage and network resources.

This extra layer is important because it solves a series of networking challenges that would otherwise arise in a multi-container environment.

Most pods hold one container, while more advanced pods could hold one container for a primary application plus additional containers for helper applications such as data pullers/pushers or proxies.

Does Most Widely Used = Best?

In a word, no. Docker and Kubernetes are the most widely used tools, but they are far from the only option—and they may not be the best option for your organization. There are many ways to adopt, create, and maintain container environments, some of which can drastically simplify the process, reduce manual burden, and help shift security responsibilities onto suppliers.

Why Use Containers?

Containers solve a host of challenges for developers and cloud-first organizations. They’re lightweight, lightning fast, easy to deploy across different infrastructures, readily scalable (up and down), and—due to greater hardware utilization—significantly lower cost compared to VMs.

Some of the most common use cases for containers include:

  • Delivering cloud native applications at low cost across public, private, and hybrid environments.

  • Lift and shift existing applications to the cloud without rewriting code.

  • Batch processing repetitive tasks cost effectively.

  • Tailoring supply to need by automatically provisioning and retiring containers.

While essential, writing policy and governance documentation and collecting evidence for compliance audits can be labor and resource intensive. Drata’s continuous compliance platform helps cloud-first organizations design, implement, and maintain secure and compliant container security programs that support business objectives—while drastically reducing operational overheads.

Book a demo to learn how you can securely scale your cloud-first organization while achieving continuous compliance with SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, CCPA, and multiple other frameworks.

Trusted Newsletter
Resources for you
New Launches From Drataverse

New Launches From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Image - SOC 2 penetration test list

Penetration Tests and SOC 2: Preference, Tradition, or Requirement?

Josh Stuts
Joshua Stuts
Josh is a Security Manager at Drata. He is building the team and technical controls responsible for protecting Drata and our customers. Josh started his career in Cloud Security at J.P. Morgan Chase, where his work helped secure millions of customers. He is an Offensive Security Certified Professional (OSCP), Google Cloud Security Engineer Certified, and an AWS Certified Security professional.
Related Resources
Container Security

Container Security: Build a Program That Meets Your Objectives

Blog Featured Images (33)

An Introduction to Container Risks and Security Issues

Drata Building Secure, Compliant Containers

New Resource: Guide to Building Secure, Compliant Containers


What Are Containers? + Why Should You Use Them