Beyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World
Dani Kaganovitch
fwd:cloudsec North America 2025 · Day 1 · Track 2 - Crestone
Dani Kaganovitch, a product manager at Rock Steady, presented an introduction to **Oracle Cloud Infrastructure (OCI)** security for practitioners accustomed to AWS, Azure, and GCP. With Fortune 100 customers increasingly adopting OCI -- driven by legacy Oracle product usage and aggressive infrastructure pricing -- the talk covered OCI's unique cloud structure, key architectural differentiators from other providers, and walked through two practical use cases for preventive security controls: **region management** using governance rules and IAM policies, and **blocking public internet access** using OCI's **Security Zones** feature. The talk arrived with a same-day announcement that OCI now supports **deny statements** in IAM policies, addressing a long-standing limitation.
AI review
An introductory overview of OCI security features aimed at multi-cloud practitioners who haven't worked with Oracle Cloud before. Covers compartment structure, governance rules, IAM policies, and Security Zones at a surface level with CLI examples. Zero offensive content, zero vulnerabilities, zero security research. This is a product walkthrough, not a security talk.