A DevSecOps Policy-as-Code Model for Compliance Automation in Lakehouse Environments

In modern data ecosystems, lakehouse architectures unify the flexibility of data lakes with the reliability of data warehouses, enabling versatile analytics and machine learning workflows. However, the dynamic and distributed nature of lakehouses introduces significant governance challenges, particularly in ensuring continuous compliance with evolving regulatory frameworks. This paper proposes a novel DevSecOps Policy-as-Code (PaC) model tailored for lakehouse environments that automates compliance enforcement across data ingestion, transformation, storage, and consumption layers. By integrating declarative policy definitions into CI/CD pipelines, the model enables real-time policy validation and enforcement through a centralized policy registry and a powerful policy engine. It supports multiple enforcement stages, pre-deployment checks, runtime validations, and periodic audits, while generating comprehensive, automated audit logs to ensure traceability and accountability. The architecture facilitates seamless integration with leading lakehouse platforms such as Databricks, Delta Lake, and Apache Iceberg, and automates security controls including role-based and attribute-based access management, secrets handling, and encryption enforcement. Observability features provide continuous monitoring of compliance posture, alerting mechanisms, and remediation workflows, transforming compliance from a static checkpoint to a dynamic, continuous process. This approach reduces manual overhead, mitigates risk, and fosters a compliance-first culture within agile data teams. The paper concludes by discussing practical implications for enterprise data governance and outlining future research directions, including semantic policy modeling, AI-enhanced compliance analytics, and multi-cloud policy harmonization. The proposed model represents a significant step toward scalable, auditable, and adaptive compliance automation in next-generation lakehouse data architectures.