yosh on Nostr: npub1c4k22…wzxvw I’d say it’s more like: “container = secure, VM = more ...
npub1c4k22r4x370749ucypzn3t0jaxnh3zerwgfp287hv09mqwkpkcaq7wzxvw (npub1c4k…zxvw)
I’d say it’s more like: “container = secure, VM = more secure”.
You have to be pretty crafty to be able to break out of a container. And that’s probably good enough if you control all the workloads, and you all trust them kind of equally.
However, if you’re a cloud provider than that’s just not good enough. It’s really bad not good if customers can break out of their assigned sandbox and start poking around at other customer’s data. So for that purpose VMs are a hard requirement.
I’d say it’s more like: “container = secure, VM = more secure”.
You have to be pretty crafty to be able to break out of a container. And that’s probably good enough if you control all the workloads, and you all trust them kind of equally.
However, if you’re a cloud provider than that’s just not good enough. It’s really bad not good if customers can break out of their assigned sandbox and start poking around at other customer’s data. So for that purpose VMs are a hard requirement.