Understanding the Enterprise

Advantages of Application
Containerization: An Overview
FIRST IN A WHITE PAPER SERIES FROM ISACA

ABSTRACT
Application containers are transforming enterprises all over the world and, as a result,
their adoption is on the rise. Application containers allow data centers to deploy business
applications more rapidly, with reduced development overhead, lower costs, more efficient
use of resources and increased business agility. This business value is driving significant
gains in interest and market adoption of application containerization. In the first installment
in this white paper series, we examine the factors contributing to the popularity of this
innovation. In the next installment to be released in this white paper series, we turn to the
practitioners and the risk management issues surrounding this innovation.
In the second installment in this white paper series, we turn to the practitioners and
the risk management issues surrounding this innovation.

Understanding the Enterprise Advantages of Application Containerization: An Overview

Containerization is becoming popular among developers and

data centers as a method to separate an application from the
operating system and the physical infrastructure that it uses
to connect to the network. In a recent survey by Docker
the leading application containerization platformnearly 60
percent of respondents say that their enterprises are running
a Docker-containerized application in production.1 Numerous
production enterprise deployments, including Netflix, have
transitioned from little or no use of containers to an almost
fully containerized environment. Close to 19 million images are
pulled from the Docker image registry every day.2
This white paper is the overview component of the ISACA
Application Containerization Series of white papers. The
overview component describes the technology, explains how
application containers and supporting tools work, and provides
examples of application containerization products that are
available in the market today. This overview is complemented
by the second white paper in this series, Understanding
the Enterprise Advantages of Application Containerization:
Practitioner Considerations, which focuses on the benefits and
challenges of application containers, including risk and value
impacts, and provides practical guidance to enterprises on
application containerization and its orchestration technologies

WHAT IS AN
APPLICATION CONTAINER?
An application container is a mechanism that is used to isolate
applications from each other within the context of a running
operating system instance. Although it is experiencing a
renaissance currently, containerization is not a new concept.
In much the same way that a logical partition (LPAR) segments
multiple system resources in mainframes, a computing
environment employing containers segments and isolates
the underlying system services so that they are logically
sequestered from each other.
Note: Application containerization is very different from
mobile containerization, which places enterprise data that are
on a mobile device inside a container and applies security
policies to the container to keep enterprise data protected and
separate from the mobile device users data. This white paper
focuses on application containerization and does not discuss
mobile containerization.

Conceptually, an application container is similar to a jail

filesystem, such as one might create using a tool like chroot
on a UNIX device. Chroot can be used to create a virtual
environment with its own root directory. Applications in the
chroot environment cannot access files outside of its directory;
therefore, the chroot environment is known as a chroot jail or
jail filesystem.3 While there are some limitations in practice,
the goal of containerization is to segment all of the operating
system servicesfrom memory, to storage, to the network
stackso that each application can run in its own discrete
world, without impacting other applications on the same host.
A container is instantiated within the kernel of the operating
system and virtualizes the instance of the application.4
Each application container holds an application that can
execute without interfering with other applications that are
running in parallel, i.e., within other containers on the same
host. An application container:
Usually contains a separate instance of an application image
May contain its own libraries and configurations of
underlying services and middleware (each of which might
require configuration tweaks to support the application)
Can, if configured to do so, reuse libraries and share data
between containers
Has a segmented network stack, process space and
instance of a filesystem
Shares the operating system with other containers that are
running on the host
Multiple containers can be based on the same image, so
multiple instances of an image can be running concurrently.

APPLICATION
CONTAINER BENEFITS
Users expect applications to be always available, elastic,
scalable and interoperable.5 The application service must
always be available; therefore, the logical software component
needs to be independent from the underlying infrastructure.
If a machine is down, upgraded or moved, the application still
needs to be available. Application containers solve this problem
for developers: containers are easy to update and portable

1 Docker, The Evolution of the Modern Software Supply Chain: The Docker Survey, 2016, www.docker.com/survey-2016
2 Marks, Mano; Docker Hub Hits 5 Billion Pulls, Docker, 11 August 2016, https://blog.docker.com/2016/08/docker-hub-hits-5-billion-pulls/
3 Computer Hope, Chroot, 2016, www.computerhope.com/jargon/c/chroot.htm
4 Hogg, Scott, Software Containers: Used More Frequently than Most Realize, Network World, Inc., 26 May 2014,
www.networkworld.com/article/2226996/cisco-subnet/software-containers--used-more-frequently-than-most-realize.html
5 Hykes, Solomon, Docker: The Need for a Cohesive Tooling Solution, Keynote Speech at New Relics FutureStack14 Conference, 2014,
http://thenewstack.io/the-new-stack-makers-docker-creator-solomon-hykes/

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

For example, akin to OS virtualization, if a host operating

system is in the scope of Payment Card Industry Data Security
Standard (PCI DSS) compliance, i.e., it stores, processes or
transmits cardholder data and is thereby considered part of
the cardholder data environment per those requirements,
the containers running on that host should likewise be
considered in scope for PCI DSS. Also, if the entity that owns
the underlying server on which the host operating system runs
is different than the entity that owns the virtual machine (VM)/
application containers and host operating system, both the
entities are considered in scope. Therefore, rather than the
scope getting reduced, it gets expanded.

(comparatively small) and, therefore, can move from machine

to machine, e.g., from development, to quality assurance (QA),
to staging and to production, which can significantly shorten
the development life cycle time. Likewise, because application
containers segment closer to the application level than
operating system (OS) virtualization (i.e., a type 2 hypervisor),
data centers can increase allocation density because
redundant copies of similarly configured guest OS instances
do not need to be allocated and continually supported.
A container executes its application processes in isolation
from the underlying host operating system. Therefore, the
operating system does not need software that is specific to the
applications that it runs. The separation of the underlying OS
from applications allows them to be more available for updates
and security patches.6

Isolating applications into containers instead of running them

directly on the host operating system can, in many situations,
provide some security benefits. For example, a container
can be configured to include only application-required
dependencies, which decrease the vulnerability surface of
the application environment and potentially make it easier
to lock down. A smaller footprint also potentially has fewer

It is important to note that, because containers and the host

operating system share a kernel, containerized applications
should ideally have the same security profiles as the host.

FIGURE 1How Virtual Machines and Application Containerization Differ

App 1

App 2

App 3

Bins/Libs

Bins/Libs

Bins/Libs

Guest OS

Guest OS

Guest OS

App 1

App 2

App 3

Bins/Libs

Bins/Libs

Bins/Libs

Hypervisor

Docker Engine

Host Operating System

Operating System

Infrastructure

Infrastructure

Virtual Machines

Containers

Each virtual machine includes the application,

the necessary binaries and libraries and an
entire guest operating system all of which
may be tens of GBs in size.

Containers include the application and all of its dependencies,

but share the kernel with other containers. They run as an isolated
process in userspace on the host operating system. Theyre also not
tied to any specific infrastructure Docker containers run on any
computer, on any infrastructure and in any cloud.

SOURCE: Docker, What Is Docker?, 2016, www.docker.com/what-docker

6 GitHub, Inc., App Container, Readme.md, 2016, https://github.com/appc/spec

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

components to be patched by security updates or maintained

by system administrators.7 These properties are in many
respects similar to security strategies that are employed in
OS virtualization strategies. Figure 1 shows the differences
between virtual machines and application containerization,
using the Docker containerization platform as an example.

HOW CONTAINERS WORK

Note: To explain how application containers work, we use
Docker as an example container platform. Although many
different containerization platforms exist, Docker is by far
the most ubiquitously deployed platform, so it is useful for
illustrative purposes.
Docker is an open-source container environment that was
developed originally for Linux, but now supports OS X, Linux
and Microsoft Windows Server (OS X and Windows are
currently available in beta). Docker leverages the resource
isolation features of Linux to create a segmented, virtual
environment within which applications can operate. This is
conceptually similar to using a tool like chroot to create an
isolated, protected filesystem, although the segmentation
under Docker extends beyond filesystem isolation alone to
encompass other computing and network resources.

containerized applicationsDocker uses a client-server

architecture. The Docker client talks to the Docker daemon,
which is on the host operating system and builds, runs and
distributes containers. Docker users communicate with the
daemon through the client, which is the Docker binary. The
Docker client and daemon communicate via sockets or
through a RESTful API.9
Figure 2 shows the Docker architecture.

FIGURE 2Docker Architecture

CLIENT
Docker
build

Docker
pull

Docker
run

DOCKER HOST
Docker daemon

Following are the three main functions of the Docker platform:

BuildDocker allows you to compose your application
from microservices, without worrying about inconsistencies
between development and production environments, and
without locking into any platform or language.
ShipDocker lets you design the entire cycle of application
development, testing, and distribution, and manage it with a
consistent user interface.
RunDocker offers you the ability to deploy scalable
services securely and reliably on a wide variety of platforms.8

CONTAINERS

IMAGES

REGISTRY

Docker has three main components:

Docker EngineOpen-source containerization platform
Docker Cloud, including Docker HubSoftware as
a Service (SaaS) platform for sharing and managing
Docker containers
Docker DatacenterOn-premise solution for
sharing and managing Docker containers and Docker-

SOURCE: Docker, Docker Overview, 2016, https://docs.docker.com/

engine/understanding-docker/

7 Zeltser, Lenny, Security Risks and Benefits of Docker Application Containers, 1 December 2015, https://zeltser.com/security-risks-and-benefits-of-docker-application/
8 Docker, Build, Ship, Run, 2016, www.docker.com/
9 Docker, Docker Overview, 2016, https://docs.docker.com/engine/understanding-docker/

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

Docker includes:
ImagesAn image is a read-only template with a
filesystem and parameters. Images are the Docker build
component. Docker images are built from base images
using instructions.
RegistriesRegistries are public or private stores that hold
images. Images are uploaded or downloaded from registries.
The Docker Hub provides access to the public Docker
registry. Registries are the Docker distribution component.
When users build an image, they can push that image to a
public registry, such as Docker Hub, or to their own registry
that runs behind a firewall. Through the Docker client, users
can search for published images and pull them down to their
Docker host and use them to build containers.10
ContainersA container is a running instance of an
image and holds everything the application needs to run.
Containers are a Docker run component.

Orchestration
Although containerization functionality is useful on its own, any
large-scale or distributed use of containers can be impracticable,
inefficient or challenging without the addition of ancillary tools
to support that usage. Therefore, application containerization
infrastructure often involves or includes cluster management
software, configuration management systems and monitoring
solutions that need to be installed, operated and scaled.
Architecting and managing the availability and scalability of
these systems can be difficult. Container orchestration integrates
and manages containers at scale. Container orchestration
tools are available that simplify container management and
provide a framework for deploying containers and managing
multiple containers as one entity, for availability, scaling, and
networking.11 These tools are described in the Orchestration
Tools section of this white paper.

Clustering
A cluster combines multiple engines and their capabilities
(container applications) and allows them to interface with each
other in a simple way. Clustering allows administrators and
developers to create a pool of engines that are container hosts
and scale out their applications as if they were using a single
engine.12 Most orchestration tools provide clustering capabilities.

Clustering is a containerization feature that creates a

cooperative group of systems that can provide redundancy
if one or more system nodes fail. Clustering also provides
administrators and developers with the ability to add or subtract
container iterations as computing demands change.13

OTHER CONTAINERIZATION
PRODUCT EXAMPLES
This section describes some of the major application
containerization products that are available in the market today.
Note that this is not intended to be an exhaustive list because
innovation in this space is high. In addition to the Docker
platform, the following examples are useful for practitioners
to understand some of the more popular and prevalent
products that are related to application containerization.

Rocket (rkt)
rkt (pronounced and sometimes written as Rocket) is a
containerization platform that was developed by CoreOS (a startup that is backed by Google Ventures) as a direct competitor
to Docker.14 Rocket was built as an implementation of the App
Container (appc) container specification, which defines security
aspects of containers, operating parameters and the generic
services that containers should implement without reference to
the specific underlying implementation. Part of the impetus for
the development of Rocket was to allow the flexibility and speedto-market advantages that are offered via containerization, but to
do so in a way that emphasizes certain security considerations
(specifically, allowing containers to be run under non-root
accounts) and that highlights a modular design approach.15

Kurma
Apcera released an open-source version of its Kurma
project. Kurma is a container runtime that is built to the appc
specification with a focus on making every system service
from clock syncing to log forwarding to console logins
run as a container.16
Note: CoreOS developed the appc specification to define a
standard application container. In June 2015, CoreOS joined
with other technical leaders to form the Open Container
Initiative, which is working toward a common application
container standard and format.

10 Ibid.
11 The Linux Foundation, 8 Container Orchestration Tools to Know, 2016, www.linux.com/news/8-open-source-container-orchestration-tools-know
12 GitHub, Inc., Working with Docker, 2016, https://github.com/Microsoft/HealthClinic.biz/wiki/Working-with-Docker
13 Rouse, Margaret and Kathleen Casey, Docker Swarm, TechTarget, November 2015, http://searchitoperations.techtarget.com/definition/Docker-Swarm
14 Willis, Nathan, The Rocket containerization system, LWN.net, Eklektix, Inc., 3 December 2014, https://lwn.net/Articles/624349/
15 Butler, Brandon, CoreOS launches Rkt- the container thats not Docker, Network World, Inc., 5 February 2016, www.networkworld.com/article/3030597/cloud-computing/coreos-launches-rkt-thecontainer-that-s-not-docker.html
16 Robertson, Ken, Apcera Open Sources New Kurma Project Built on App Container Specification, Apcera, 2 May 2015, www.apcera.com/blog/apcera-open-sources-kurma-project

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

Jetpack
Jetpack is an implementation of the appc specification for the
FreeBSD operating system. Note that a port of Docker is also
available for FreeBSD.17

THE OPEN CONTAINER

INITIATIVE (OCI)
The Open Container Initiative (OCI) is an open governance
project that was formed in June 2015, under the oversight
of the Linux Foundation. The OCI purpose is to create open
industry standards for container formats and runtime. Members
are industry leaders from enterprises such as Docker, CoreOS,
Amazon Web Services and Google.18
The OCI currently offers two specifications: the Runtime
Specification (runtime-spec) and the Image Specification
(image-spec).19, 20

Simplicity: Whats the learning curve to set up and

ongoing burden to maintain? How many moving parts
are there?
Flexibility: Does it integrate with my current environment
and workflows? Will my applications seamlessly move
from dev to test to production? Will I be locked into a
specific platform?22

Google Kubernetes
Kubernetes is an open-source system for managing
containerized applications across multiple Linux hosts and
provides the basic mechanisms for deploying, maintaining
and scaling applications.23 Kubernetes manages clusters
of containers. It can manage connecting and scaling
multi-container deployments across various container hosts.
Kubernetes allows a data center to orchestrate services
that are running in multiple hosts, into unified, large-scale
business applications.24
Kubernetes uses the following concepts (see figure 3):

ORCHESTRATION TOOLS
Container orchestration tools provide an enterprise-level
framework for integrating and managing containers at
scale. Container orchestration tools assist IT operations and
developers with managing container environments. Docker
Swarm and Google Kubernetes are two of the leading
container orchestration platforms. Other orchestration
solutions include Amazon ECS, Heat, Apache Mesos
and OpenShift.21 Google Container Engine is a container
orchestration system for running Docker containers on the
Google Cloud Platform.
To determine the orchestration tool that is right for a container
environment, Docker recommends that the following three key
features should be considered:
Performance: How fast can I get containers up and
running at scale? How responsive is the system when
under load?

Cluster: A cluster is a set of physical or virtual machines

and other infrastructure resources used by Kubernetes to
run your applications. Kubernetes can run anywhere.
Node: A node is a physical or virtual machine running
Kubernetes, onto which pods can be scheduled.
Pod: Pods are a colocated group of application containers
with shared volumes. Theyre the smallest deployable
units that can be created, scheduled, and managed with
Kubernetes. Pods can be created individually, but its
recommended that you use a replication controller even if
creating a single pod.
Replication controller: Replication controllers manage
the lifecycle of pods. They ensure that a specified number
of pods are running at any given time, by creating or killing
pods as required.
Service: Services provide a single, stable name and
address for a set of pods. They act as basic load balancers.
Label: Labels are used to organize and select groups of
objects based on key:value pairs.25

17 FreeBSD Wiki, Application Containers on FreeBSD, https://wiki.freebsd.org/AppContainers

18 For a complete list of the Open Container Initiative members and information about the initiative, see www.opencontainers.org.
19 Open Container Initiative a Linux Foundation Project, About, www.opencontainers.org/about
20 For information about the Open Container Initiative projects, see https://github.com/opencontainers.
21 Wheatley, Mike, Dockers Swarm smashes Kubernetes in Docker-sponsored benchmark tests, SiliconANGLE Media, 14 March 2016, http://siliconangle.com/blog/2016/03/14/dockers-swarm-smasheskubernetes-in-docker-sponsored-benchmark-tests/
22 Coleman, Mike, #SwarmWeek: Docker Swarm Exceeds Kubernetes Performance at Scale, Docker, 9 March 2016, https://blog.docker.com/2016/03/swarmweek-docker-swarm-exceeds-kubernetes-scale/
23 GitHub Inc., Kubernetes, Readme.md, 2016, https://github.com/kubernetes/kubernetes
24 Red Hat, Inc., Red Hat Enterprise Linux Atomic Host, Datasheet INC0223751_v1_0215, 2015, http://fiercesw.com/wp-content/uploads/2016/01/Atomic-Host-Datasheet.pdf
25 Op cit GitHub Inc., Kubernetes

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

Amazon EC2 Container Service (ECS)

Amazon Web Services (AWS) EC2 Container Service (ECS)
installs and manages the infrastructure for Docker containers.
The Amazon EC2 Container Service lets administrators run and
manage Docker containers on a managed cluster of Amazon
Elastic Compute Cloud (EC2) instances. Each EC2 instance
in a cluster that is managed by Amazon ECS runs a Docker
daemon, so a local application container can deploy and run on
Amazon ECS without the need for configuration changes. The
administrator can launch a cluster of container instances and
specify the tasks to run, and Amazon ECS manages the cluster.26
Amazon ECS allows the administrator to define tasks through a
template called a task definition. A task definition file has no limit
on the number of tasks that can be launched. Task definition files
also allow application specifications to be version controlled.27
The administrator can manage clusters and Docker containers
and obtain detailed information about the state of the cluster
and its instances. Amazon ECS is integrated with Elastic Load

Balancing (ELB) allowing an administrator to distribute traffic

across containers.28

Docker Built-in Orchestration

Docker Swarm turns a pool of Docker hosts into a single, virtual
Docker host. Docker Swarm is a container orchestrator tool that
connects multiple Docker engines into a cluster that looks like a
single Docker engine. Developers and administrators can create
a pool of engines that are container hosts and scale out their
applications using Docker as if they were using a single engine.
Any tool that communicates with a Docker daemon can use
Swarm to scale to multiple hosts.29 Swarm has high scalability
and performance with the ability to scale up to 1,000 nodes and
50,000 containers with no performance degradation in spinning
up incremental containers onto the node cluster.30
Beginning with Docker 1.12, the core Docker Engine has
built-in orchestration capabilities through an embedded
Swarm mode, with no dependency on an external

FIGURE 3Google Kubernetes Architecture

FIREWALL
Internet

kubecfg
user commands

MINION
DOCKER
Authorization
authentication

kubelet

POD

APIs
Scheduling
actuator

REST
(pods, services,
rep. controllers)

Kublet
info service

cAdvisor

POD

Proxy

POD

MINION
DOCKER

Scheduler

Replication
controller

Distributed
Watchable Storage
(implemented via etcd)

Master components: Colocated, or spread across machines,

as dictated by cluster size.

kubelet

POD

cAdvisor

POD

Proxy

POD

SOURCE: Shalom, Nati, Orchestration Tool Roundup Docker Swarm vs. Kubernetes, TerraForm vs. TOSCA/Cloudify vs. Heat, LinkedIn Corporation,
21 May 2015, www.slideshare.net/giganati/orchestration-tool-roundup-kubernetes-vs-docker-vs-heat-vs-terra-form-vs-tosca-1

26 Amazon Web Services, Product Details, https://aws.amazon.com/ecs/details/

27 Ibid.
28 Ibid.
29 Docker, Docker Swarm, 2016, www.docker.com/products/docker-swarm
30 Ibid.

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

such as CPU, memory and number of replicas, and GKE

schedules containers into the cluster and manages them
automatically. GKE is built on the open-source Kubernetes
container orchestration tool and can be used with on-premise,
hybrid or public cloud infrastructures.

infrastructure.31 Administrators can use the Docker

application program interface (API), with service and node
API objects, to deploy and manage application containers
on a swarm. Every engine in the swarm is secure by default.
Mutually authenticated Transport Layer Security (TLS)
provides authentication, authorization and encryption to the
communications of every node in the swarm. If they desire,
advanced users are still able to control and audit certificate
signing and issuance.

Enterprises typically use Google Container Engine to:

Create or resize Docker container clusters

The embedded Swarm mode allows an IT administrator to

orchestrate and schedule container applications. A swarm
has two types of nodes (engines)manager and worker (see
figure 4). Manager nodes accept commands, schedule tasks
and check on the health of worker nodes. Manager nodes
continuously check and reconcile the environment to ensure
zero single-point-of-failure and no application downtime.
Worker nodes perform tasks, i.e., execute containers that
are dispatched by the manager.

Google Container Engine

Google Container Engine (GKE) is a cluster manager and
orchestration system for running Docker containers on the
Google Cloud Platform. Developers define the requirements,

Create container pods, replication controllers, jobs, services

or load balancers
Resize application controllers
Update and upgrade container clusters
Debug container clusters32
GKE contains of a group of Google Compute Engine instances
that run Kubernetes. A master node manages a cluster of
Docker containers. GKE also runs a Kubernetes API server to
interact with the cluster and perform tasks, such as servicing
API requests and scheduling containers. Beyond the master
node, a cluster can also include one or more nodes, each
running a Docker runtime and kubelet agent that are needed
to manage Docker containers.33

FIGURE 4Built-in Docker OrchestrationSwarm Architecture

Internal Distributed State Store

Manager

WORKER

WORKER

Manager

WORKER

WORKER

Manager

WORKER

WORKER

WORKER

SOURCE: Docker Core Engineering, Docker 1.12: Now with Built-in Orchestration!, 20 June 2016, https://blog.docker.com/2016/06/docker-1-12-built-inorchestration/

31 Docker Core Engineering, Docker 1.12: Now with Built-in Orchestration!, 20 June 2016, https://blog.docker.com/2016/06/docker-1-12-built-in-orchestration/
32 Rouse, Margaret and Stephen Bigelow, Google Container Engine (GKE), TechTarget, 2016, http://searchitoperations.techtarget.com/definition/Google-Container-Engine-GKE
33 Ibid.

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

CONCLUSION
Containerization is an important and potentially gamechanging technology for developers and data centers that
deploys business applications more rapidly, with reduced
development overhead, lower costs, more efficient use of
resources and increased business agility. New and unique
business opportunities can be engendered by the strategic
use of containers.
Like most new technologies, application containerization
presents some challengesparticularly, emergent behaviors
at scale, possible new risk that is not present until containers
start moving into the production environment and threat
scenarios that are unique to the usage. The second white
paper in this series, Understanding the Enterprise Advantages
of Application Containerization: Practitioner Considerations,
discusses these challenges and the risk/value equation of
application containers, and provides practical guidance for
security, auditing and governance practitioners.

2016 ISACA. All rights reserved.

10

Understanding the Enterprise Advantages of Application Containerization: An Overview

3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA

ISACA

Phone: +1.847.253.1545

ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving

Fax: +1.847.253.1443

digital world by offering innovative and world-class knowledge, standards, networking,

Email: info@isaca.org

credentialing and career development. Established in 1969, ISACA is a global nonprofit

Web site: www.isaca.org

association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity
Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to

Provide feedback:
www.isaca.org/containerization

govern enterprise technology.

Participate in the ISACA

Knowledge Center:
www.isaca.org/knowledge-center

Disclaimer

Follow ISACA on Twitter:

https://twitter.com/ISACANews
Join ISACA on LinkedIn:
ISACA (Official),
http://linkd.in/ISACAOfficial

This is an educational resource and is not inclusive of all information that may be needed to assure a successful outcome.
Readers should apply their own professional judgment to their specific circumstances.

Reservation of Rights
2016 ISACA. All rights reserved.

Like ISACA on Facebook:

www.facebook.com/ISACAHQ

2016 ISACA. All rights reserved.

Understanding the Enterprise Advantages of Application Containerization: An Overview

11

ACKNOWLEDGMENTS
ISACA wishes to recognize:
Expert Reviewers

Board of Directors

Madhav Chablan

Christos K. Dimitriadis

CISA, CISM, India,

TippingEdge Consulting Pvt. Ltd. (India)

Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Chair

Anuj Jain

CISM, RAK Ceramics P.S.C., UAE

CISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA, U.S. House

of Representatives, USA, Vice-chair

Shruti Shrikant Kulkarni

Robert Clyde

CISA, CRISC, CISSP, CCSK, CPISI, ITILv3 Expert,

LA - ISO27001, Monitise Group Ltd, UK

Michael R. Lawrence

CISSP, Hewlett Packard Enterprise, USA

Nathan McCauley
Docker, USA

Sergiu Sechel

CISA, CISM, CRISC, CSSLP, CEH,

Ernst & Young, Romania

Dan Walsh

Red Hat, USA

Theresa Grafenstine

CISM, Clyde Consulting LLC, USA, Director

Leonard Ong

CISA, CISM, CGEIT, CRISC, CPP, CFE, PMP, CIPM, CIPT,

CISSP ISSMP-ISSAP, CSSLP, CITBCM, GCIA, GCIH,
GSNA, GCFA, Merck, Singapore, Director

Andre Pitkowski

CGEIT, CRISC, OCTAVE, CRMA, ISO27kLA, ISO31kLA,

APIT Consultoria de Informatica Ltd., Brazil, Director

Eddie Schwartz

CISA, CISM, CISSP-ISSEP, PMP, WhiteOps, USA, Director

Jo Stewart-Rattray

CISA, CISM, CGEIT, CRISC, FACS CP, BRM Holdich,

Australia, Director

Tichaona Zororo

CISA, CISM, CGEIT, CRISC, CIA, CRMA, EGIT | Enterprise

Governance (Pty) Ltd., South Africa, Director

Zubin Chagpar

CISA, CISM, PMP, Amazon Web Services, UK, Director

Rajaramiyer Venketaramani Raghu

CISA, CRISC, Versatilist Consulting India Pvt. Ltd.,

India, Director

Jeff Spivey

CRISC, CPP, Security Risk Management, Inc., USA, Director

Robert E Stroud

CGEIT, CRISC, Forrester Research, USA, Past Chair

Tony Hayes

CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland

Government, Australia, Past Chair

Greg Grocholski

CISA, SABIC, Saudi Arabia, Past Chair

Matt Loeb

CGEIT, FASAE, CAE, ISACA, USA, Director

2016 ISACA. All rights reserved.