Chiranjeevi Devi's research focuses on building reliable data systems through anomaly detection, DevSecOps automation, and policy-as-code for compliance.

The data infrastructure ecosystem is changing in ways few of us anticipated just a decade ago. And while organisations are now asked to deliver insights quicker than we thought possible, now they are being asked to also assure regulators, auditors, and customers that every single piece of data is being handled responsibly. The conflict between innovation and compliance has given rise to new ways of enforcing privacy, detecting anomalies, and automating infrastructure.

As we take a look at this shifting landscape, work sits at the intersection of technical rigor and application. Chiranjeevi Devi is one of the researchers working in the space with an interesting body of work about privacy observability, policy enforcement, and DevSecOps-enabled automation. Altogether, his work tells a story about how to enable both agility and accountability in data systems.

Identifying Subtle Risks to Privacy

One challenge of privacy governance is to recognise situations when enforcement systems are quietly failing. Dashboards may display traffic as normal, yet policies can be drifting, filters may be misfiring, or access frequencies may have changed all in ways that a rules-based alert may not see.

To address this challenge, Chiranjeevi Devi co-authored "Autoencoder-Based Anomaly Detection on Metadata Metrics for Privacy Enforcement Monitoring", published in Journal of Artificial Intelligence & Machine Learning Studies, Vol. 8 (2024).

This research introduced deep autoencoders to compliance monitoring. Instead of depending on static thresholds, the system was trained on what telemetry "normal" looked like in relation to policy compilation time, filter hit rates, and dataset access frequencies, and when it started to deviate from "normal" a flag was raised. What was different about this research was that it modelled metrics relating to privacy, a literature gap in anomaly detection. Rather than using z-score or moving averages, the approach reduced false positives and ranked deviations sooner - paving the way for those results to connect to platforms such as Prometheus and OpenTelemetry.

Assess Environment Automation

In addition to monitoring, Chiranjeevi Devi looked at ways of removing the friction involved in preparing the test infrastructure. He contributed as a co-author to “Event-Driven Test-Environment Provisioning with Kubernetes Operators and Argo CD,” published in the American Journal of Data Science and Artificial Intelligence Innovations, Vol. 4 (2024), which described how an event-driven model may streamline the test-environment provision process.

In this approach, instead of requesting an environment through a ticketing system or waiting for the static QA clusters to become free, the proposed architecture listens for events from the issues tracker, Jira. An issue event in Jira triggers the custom Kubernetes operator to provision ephemeral namespaces from Helm charts that adhere to GitOps through Argo CD. The namespaces are reclaimed by TTL controllers as soon as the namespaces are no longer needed.

The metrics outlined in the paper indicated an improvement from several hours of provisioning time to minutes. Along with time, the proposed framework added additional namespace isolation and automatic tear down, achieving improved compliance with the multi-tenant security expectations. The article serves as a nice example of how we can align efficiency and compliance, which are typically at odds with one another, through architecture built on declarative policies.

Establishing Access Policies

The notion of codification is already present in Devi's earlier work on access governance. In "Policy-as-Code Row-Level Security: Compiling DPL Rules into Spark SQL Views", Published in American Journal of Data Science and Artificial Intelligence Innovations, Vol. 2 (2022), he presented an exploration of frameworks for organizations to methodically place policy documents into usable rules.

In establishing row-level security (RLS) in a policy-as-code framework, the article demonstrated how data access could dynamically adapt (or adjust) to user attributes, state of consent, and jurisdictional requirements, among other determinants that drive the underlying rationale for elasticity of access. This paper's contribution was less about introducing new cryptographic controls and more about bringing law and code closer together. Policies that required developers or administrators to reason through aspects of semblance represented by access permitted became programmable entities that were auditable and had the potential to be extensible across institutions. Compliance to models of regulation sank deeper than a reactive list of check-off items and instead made access patterns an architectural feature in an evolving structure.

A More General Thread

Considered collectively, these papers suggest a coherent trajectory. The anomaly detection paper discusses how to observe privacy-preserving systems at scale. The Kubernetes provisioner discusses how to automate secure environments on demand. The last paper on policy-as-code discusses how to codify legal constructs into technical enforcement.

Despite that variation, they are all pointing to the same larger philosophy to achieve compliance at scale in a sustainable way, automation is a necessity. Specifically embedding policies into the systems that process the data, teaching monitoring tools how to detect nuanced deviations, allowing infrastructure to react to events instead of tickets, all can lessen the friction between speed and governance.

This philosophy fits well within Devi's more general specialisation of data privacy engineering and compliance bearing frameworks such as GDPR, CCPA, and DMA. His experience in building products within a large-scale data platform, alongside compliance frameworks, reflects research in how engineering decisions can manifest in trust and compliance within data ecosystems.

The Convergence of Data Governance

The current narrative on data governance is about convergence. Regulatory compliance, observability of systems, and velocity of development are no longer separate and distinct (or even in contradiction). They are now mutually reinforcing. Chiranjeevi Devi’s research shows the following: All monitoring for privacy, using automation in provisioning test environments, and performing policy-as-code are mutually reaffirming to the idea of systematic improvement – we cannot have one without the others. The research points to a way forward that is arguably a requirement for organizations dealing with globally representative data regulations and modern cloud-native architectures without inherent observability: machine-learning-powered observability and declarative workflows, not just for automation but for provisioning, and a codified policy as a characteristic of governance. All assuredly contributing towards fewer blind spots, faster delivery and provisioning, and accountability in unprecedented volume.

Devi's adjoining of anomaly detection and compliance monitoring, declarative policies and infrastructure provisioning, codification and access control provides a roadmap not just to efficient systems, but systems which are respectful of future regulatory and operational conditions.

About Chiranjeevi

Chiranjeevi Devi is an engineer and researcher who has a focus on data governance, privacy, and large-scale data systems. He has over 16 years of experience architecting and developing data-intensive systems. His expertise includes existing and emerging regulatory compliance frameworks, such as GDPR, CCPA, and DMA, and building scalable infrastructure on a cloud and/or on-premises basis to extract data at scale. He has also advanced research that involves privacy enforcement monitoring, anomaly detection, policy-as-code automation, and further development of DevSecOps and Kubernetes-native provisioning. His research has centered around embedding compliance and privacy into the future’s data-intensive systems, as well as the increasingly complex digital environments organisations attempt to demonstrate trust, accountability, and resilience.