When I started in the technology industry, virtualisation was the hot topic where I was located. Virtualisation enabled organisations to have fewer physical machines, to make use of cloud offerings, and in some cases to reduce the maintenance overhead involved with using software-as-a-service solutions. This is different than containers, which are those beautifully restricted, short-lived dynamic environments that are spun up to complete a sequence of data exchange and related work known as a transaction. The concept of reduced overhead for dynamic environments continues forward.
When creating these massively reduced environments, a technician is able to limit its design to absolutely required services. It’s almost like the principle of least privilege for systems and services i.e. everything required to get the job done but nothing more. This goes to the core of security by design. If done right, the technician has control over exactly what is installed.