Policy-Driven DevSecOps Automation for Secure CI/CD in Regulated Multi-Cloud Healthcare Ecosystems
Keywords:
DevSecOps, CI/CD, Multi-cloud, Healthcare Security, Policy Automation, HIPAA Compliance, Secure Deployment, Infrastructure as CodeAbstract
The global burden of non-communicable diseases (NCDs) has escalated rapidly, creating profound implications for health systems, especially in low- and middle-income countries. Addressing this burden requires robust and adaptive health system strengthening (HSS) frameworks. This paper explores relevant HSS models tailored to managing NCDs and evaluates their applicability, effectiveness, and integration strategies within contemporary healthcare systems. Emphasis is placed on governance, service delivery, financing, and data systems, as pivotal levers for intervention. The study situates the analysis in the global health landscape, accounting for evolving policy contexts and post-pandemic rebuilding efforts. Visual data are presented through tables, and graphs structural and policy-level transformations needed for sustainable NCD management.
References
Sharma, Priya, and Tarun Taneja. "Secure Deployment Models Using Static Analysis in DevSecOps." Journal of Healthcare Systems, vol. 11, no. 2, 2023, pp. 45–58.
Kim, Samuel, et al. "Policy Automation in GitOps CI/CD Frameworks." Cloud Computing in Healthcare Journal, vol. 9, no. 3, 2022, pp. 92–103.
Gundaboina, A. (2025). Endpoint Security for Healthcare Devices: Protecting Patient Data on Windows and Samsung Assets. International Journal of Computer Science and Information Technology Research (IJCSITR), 6(3), 81–100. https://doi.org/10.63530/IJCSITR_2025_06_03_007
Johnson, Rebecca, and Nikhil Patel. "OPA-Driven Security Policies for HIPAA Workloads in Kubernetes." International Journal of Secure Systems, vol. 7, no. 1, 2021, pp. 14–27.
Gundaboina, A. (2025). Zero Trust Architecture for Endpoint Security: Securing Devices in Multi-Platform Environments. World Journal of Advanced Research and Reviews, 26(2), 4531–4543. https://doi.org/10.30574/wjarr.2025.26.2.1672
Wang, Lin, et al. "Compliance Automation in Multi-Cloud Healthcare Pipelines." Journal of Cloud Security, vol. 10, no. 4, 2024, pp. 66–78.
Thomas, Elaine. "Automating Governance in Cloud-Native Pipelines." Information Security Review, vol. 15, no. 2, 2023, pp. 38–49.
Gundaboina, A. (2025). Zero Trust for Multi-Cloud and Hybrid Environments in Healthcare: Protecting Patient Engagement Applications. World Journal of Advanced Research and Reviews, 26(1), 4236–4245. https://doi.org/10.30574/wjarr.2025.26.1.1140
Ahmed, Omar, and Leah Gross. "HIPAA-Compliant DevOps: A Case Study in Hospital Software Delivery." Secure Systems Quarterly, vol. 18, no. 1, 2023, pp. 9–22.
Zhang, Wei. "Role of IaC in Multi-Cloud Healthcare Environments." DevOps Research Journal, vol. 12, no. 3, 2022, pp. 77–89.
Singh, Rajeev, et al. "Dynamic Threat Modeling in CI/CD." Cybersecurity Engineering, vol. 9, no. 2, 2024, pp. 104–118.
Fernandez, Lucia. "Container Security in Healthcare DevOps." Journal of Digital Health Infrastructure, vol. 6, no. 4, 2021, pp. 44–56.
Yoon, Grace, and Han Li. "Policy-as-Code in Regulated CI/CD Pipelines." Cloud Native Security, vol. 10, no. 2, 2023, pp. 59–71.
Gundaboina, A.K. (2025). Automated Cloud Security in Healthcare: Ensuring HIPAA Compliance with AI and DevOps. Journal of Artificial Intelligence & Cloud Computing, SRC/JAICC-461. https://doi.org/10.47363/JAICC/2025(4)434
Martinez, David. "Compliance Testing Automation in CI/CD." Secure Pipelines Journal, vol. 13, no. 3, 2022, pp. 81–95.
Nelson, Chris. "Audit-First CI/CD in Healthcare IT." Journal of Medical Informatics, vol. 8, no. 1, 2023, pp. 33–47.
Gao, Xin. "Security-as-Code in Automated Healthcare Deployments." HealthTech DevOps Review, vol. 7, no. 2, 2024, pp. 28–39.
Koenig, Marta. "Data Residency Compliance in Multi-Cloud Systems." Journal of Compliance Engineering, vol. 9, no. 3, 2024, pp. 71–84.
Gundaboina, A. (2025). Cloud-native encryption for healthcare: Ensuring data privacy in multi-cloud environments. World Journal of Advanced Research and Reviews, 25(1), 2500–2509. https://doi.org/10.30574/wjarr.2025.25.1.0068
Iyer, Neha. "Policy Frameworks for Kubernetes in Regulated Sectors." Cloud DevSecOps Digest, vol. 11, no. 1, 2022, pp. 12–26.
