Security issues remain a key challenge in cloud adoption while the ever increasing need for more software drives cost and complexity up. Unikernels are widely acknowledged as the future of cloud infrastructure yet they remain inaccessible to most organizations.
What gives it that security?
Ransomware is terrorizing banks, hospitals, and entire cities. There is a new data breach every single day affecting millions. Nation states and other large scale threat actors are steal sensitive IP and proprietary data.
Linux and Windows are both multiple process systems that were designed decades ago and could not envision the cloud environment we live and work in today. Unikernels are single process systems. By design they can *not* run code that was not intended to run - flat out - do not pass go - do not collect $200. Shell code exploits by definition do not work on unikernels. We've just eliminated the vast majority of your security problems. You're welcome.
When your website boots up you not only have remote code execution in place but you have tens of potential users that can login to execute said code (and they are always "bad users"). Unikernels have *no* users and no remote code execution - it's designed that way. No more Equifax incidents - not on your watch.
The shell is at least a 40 year old construct designed in a different time period. Today in Silicon Valley engineers are used to working with tens, hundreds, thousands or even more systems at a time. It's an antiqutated concept that only lends it's hands towards those who want to do your company harm. There are no shells on unikernel systems - they simply don't exist. They can not exist. This is by design.
Reduced Attack Surface
Compared to a bloated Linux system that has hundrds of millions of lines of code with drivers for everything from USB drives (which you won't use on the cloud) to audio drivers (which you won't use on the cloud) to libraries such as libxslt that have ftp servers embedded in them unikernels are refreshingly small. Sometimes as small as 10Mb or maybe even kilobytes. Smaller than some of the images on this webpage.
Less code == Less exploits
Introducing the future cloud.