CFP last date
22 December 2025
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 22 December 2025

Submit your paper
Know more
The week's pick
Responsive image
A Hybrid Transformer-CNN Framework with Early and Late Fusion for Robust Skin Lesion Classification

Raihan Tanvir
Random Articles
Reseach Article

Governance-Aware Observability Pipeline (GAOP): Embedding Compliance Enforcement and Cryptographic Lineage into Telemetry Data Flows

by Priyanka Kulkarni
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 50
Year of Publication: 2025
Authors: Priyanka Kulkarni
10.5120/ijca2025925867

Priyanka Kulkarni . Governance-Aware Observability Pipeline (GAOP): Embedding Compliance Enforcement and Cryptographic Lineage into Telemetry Data Flows. International Journal of Computer Applications. 187, 50 ( Oct 2025), 49-58. DOI=10.5120/ijca2025925867

@article{ 10.5120/ijca2025925867,
author = { Priyanka Kulkarni },
title = { Governance-Aware Observability Pipeline (GAOP): Embedding Compliance Enforcement and Cryptographic Lineage into Telemetry Data Flows },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2025 },
volume = { 187 },
number = { 50 },
month = { Oct },
year = { 2025 },
issn = { 0975-8887 },
pages = { 49-58 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number50/governance-aware-observability-pipeline-gaop-embedding-compliance-enforcement-and-cryptographic-lineage-into-telemetry-data-flows/ },
doi = { 10.5120/ijca2025925867 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-10-23T00:18:35.946071+05:30
%A Priyanka Kulkarni
%T Governance-Aware Observability Pipeline (GAOP): Embedding Compliance Enforcement and Cryptographic Lineage into Telemetry Data Flows
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 50
%P 49-58
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Observability pipelines—systems that collect, process, and route telemetry from distributed applications—are increasingly central to the resilience of cloud-native infrastructures and compliance-intensive domains such as healthcare and finance. Yet these pipelines are fragile: telemetry often contains personally identifiable information (PII), clinical data, or financial identifiers. Misconfigurations, such as AWS CloudTrail log exposures or multi-tenant monitoring dashboard leaks, show how ungoverned telemetry creates regulatory violations and reputational harm. Existing governance solutions, including Apache Atlas, Marquez, and Pachyderm, address metadata or provenance in batch pipelines, while observability frameworks like OpenTelemetry and Fluent Bit emphasize scale and interoperability. None operationalize governance enforcement inline at event velocity. This paper introduces the Governance-Aware Observability Pipeline (GAOP), a framework embedding compliance directly into the telemetry data path. GAOP integrates: A policy enforcement engine translating legal clauses (GDPR, HIPAA, CCPA, PCI-DSS) into machine-verifiable rules. Cryptographic lineage mechanisms providing tamper-evident accountability at streaming throughput. Compliance mapping aligning regulatory obligations with telemetry lifecycle stages. Evaluation across three domains—cloud-native microservices, healthcare telemetry, and financial fraud detection—demonstrates governance coverage exceeding 95% with latency overhead under 12%. Comparative benchmarks against Atlas, Marquez, Pachyderm, and OpenTelemetry highlight GAOP’s novelty: inline enforcement, scalable cryptographic proofs, and domain adaptability. Beyond technical performance, GAOP addresses ethical and regulatory tensions: compliance theater, cross-jurisdictional contradictions, and the balance between diagnostic richness and privacy. By embedding governance as a first-class concern, GAOP reframes observability infrastructures as infrastructures of compliance, accountability, and trust.

References
  1. Sigelman, B. H., Barroso, L. A., Burrows, M., et al. (2010). Dapper: A Large-Scale Distributed Systems Tracing Infrastructure. *Google Research. * URL: https://research.google.com/archive/papers/dapper-2010-1.pdf
  2. OpenTelemetry Project. (2021). OpenTelemetry Documentation. *CNCF. * URL: https://opentelemetry.io/docs/
  3. European Union. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). *Official Journal of the European Union,* L119 (4 May). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
  4. California Legislature. (2018). California Consumer Privacy Act (AB 375). URL: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
  5. U.S. Department of Health and Human Services. (2013). HIPAA Privacy and Security Rules. URL: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
  6. Chen, X., Liu, Y., & Sharma, A. (2020). Failure Diagnosis in Distributed Systems Using Observability Data. *IEEE Transactions on Cloud Computing,* 8(3), 845–857. DOI: 10.1109/TCC.2020.2965329
  7. Kandula, S., Padhye, J., & Bahl, P. (2019). Scaling Monitoring Infrastructures in Cloud Environments. *Proceedings of the ACM Symposium on Cloud Computing (SoCC).* DOI: 10.1145/3357223.3362723
  8. DAMA International. (2019). *DAMA-DMBOK: Data Management Body of Knowledge* (2nd ed.). Technics Publications. ISBN: 9781634622349
  9. Pachyderm Inc. (2021). Provenance and Version-Controlled Data Pipelines (White Paper). URL: https://www.pachyderm.com/
  10. Zhang, Y., Lee, M., & Kim, T. (2021). Reliability in Microservice Architectures: An Observability-Centric Approach. *ACM SIGOPS Operating Systems Review,* 55(1), 23–30. DOI: 10.1145/3485989.3485991
  11. Muniswamy-Reddy, K.-K., Holland, D. A., Braun, U., & Seltzer, M. (2009). Provenance-Aware Storage Systems. *ACM Transactions on Storage,* 5(4), Article 13. DOI: 10.1145/1629080.1629084
  12. Li, J., Xu, W., & Jiang, C. (2020). Blockchain-Based Data Provenance for Secure and Trustworthy Systems. *Future Generation Computer Systems,* 102, 1–13. DOI: 10.1016/j.future.2019.07.010
  13. Mohan, P., Singh, R., & Iyer, S. (2021). Integrating Compliance into Enterprise Databases. *Proceedings of the VLDB Endowment,* 14(13), 3405–3417. DOI: 10.14778/3485450.3485457
  14. Halevy, A., Noy, N., & Yu, C. (2022). Compliance-Aware Data Warehousing. *Proceedings of the ACM SIGMOD International Conference on Management of Data.* DOI: 10.1145/3514221.3526182
  15. Honeycomb.io. (2023). The Hidden Risks of Sensitive Identifiers in Observability Systems (Blog). URL: https://www.honeycomb.io/
  16. Floridi, L., & Cowls, J. (2019). A Unified Framework of Five Principles for AI in Society. *Harvard Data Science Review,* 1(1). DOI: 10.1162/99608f92.8cd550d1
  17. Power, M. (1997). *The Audit Society: Rituals of Verification.* Oxford University Press. ISBN: 9780198293563
  18. Bovens, M. (2007). Analysing and Assessing Accountability: A Conceptual Framework. *European Law Journal,* 13(4), 447–468. DOI: 10.1111/j.1468-0386.2007.00378.x
  19. Friedman, B., Kahn Jr., P. H., & Borning, A. (2006). Value Sensitive Design and Information Systems. *Human–Computer Interaction,* 21(4), 421–448. DOI: 10.1080/07370024.2006.9667346
  20. Stilgoe, J., Owen, R., & Macnaghten, P. (2013). Developing a Framework for Responsible Innovation. *Research Policy,* 42(9), 1568–1580. DOI: 10.1016/j.respol.2013.05.008
  21. Sun, L.-S., Bai, X., Zhang, C., Li, Y., Zhang, Y.-B., & Guo, W.-Q. (2022). BSTProv: Blockchain-Based Secure and Trustworthy Data Provenance Sharing. *Electronics,* 11(9), 1489. DOI: 10.3390/electronics11091489
  22. Moreau, L. (2010). The Foundations for Provenance on the Web. *Foundations and Trends in Web Science,* 2(2–3), 99–241. DOI: 10.1561/1800000010
  23. Fdhila, W., Knuplesch, D., Rinderle-Ma, S., & Reichert, M. (2021). Verifying Compliance in Process Choreographies: Foundations, Algorithms, and Implementation. *arXiv preprint* arXiv:2110.09399.
  24. Augusto, A., Awad, A., & Dumas, M. (2021). Efficient Checking of Temporal Compliance Rules Over Business Process Event Logs. *arXiv preprint* arXiv:2112.04623.
  25. Tran, K., Vasudevan, S., Desai, P., Gorelik, A., Ahuja, M., Yadatore, A. V., Verma, M., Buenrostro, I., Rajamani, V., Gupta, A., & Raina, K. (2025). Data Guard: A Fine-Grained Purpose-Based Access Control System for Large Data Warehouses. *arXiv preprint* arXiv:2502.01998.
  26. Chakraborty, V., Elvy, S. A., Mehrotra, S., Nawab, F., Sadoghi, M., & Sharma, S. (2024). Data-CASE: Grounding Data Regulations for Compliant Data Processing Systems. *Proceedings of the 27th International Conference on Extending Database Technology (EDBT).* DOI: 10.48786/edbt.2024.10
Index Terms

Computer Science
Information Sciences

Keywords

Data Governance Observability Pipelines Compliance Data Lineage GAOP GDPR HIPAA CCPA PCI-DSS Cloud-native Infrastructures Healthcare Telemetry

Powered by PhDFocusTM