sustainability
Article
Data Governance Taxonomy:
Cloud versus Non-Cloud
Majid Al-Ruithe *, Elhadj Benkhelifa * and Khawar Hameed
Cloud Computing and Applications Research Lab, School of Computing and Digital Technologies,
Staffordshire University, Stoke-on-Trent ST4 2DE, UK; khawar.hameed@staffs.ac.uk
* Correspondence: majid.al-ruithe@research.staffs.ac.uk (M.A.-R.); e.benkhelifa@staffs.ac.uk (E.B.);
Tel.: +966-598-343-504 (M.A.-R.); +44-791-640-6720 (E.B.)
Received: 12 October 2017; Accepted: 14 December 2017; Published: 2 January 2018
Abstract: Forward-thinking organisations believe that the only way to solve the data problem is the
implementation of effective data governance. Attempts to govern data have failed before, as they were
driven by information technology, and affected by rigid processes and fragmented activities carried
out on a system-by-system basis. Until very recently, governance has been mostly informal, with very
ambiguous and generic regulations, in siloes around specific enterprise repositories, lacking structure
and the wider support of the organisation. Despite its highly recognised importance, the area of
data governance is still underdeveloped and under-researched. Consequently, there is a need to
advance research in data governance in order to deepen practice. Currently, in the area of data
governance, research consists mostly of descriptive literature reviews. The analysis of literature
further emphasises the need to build a standardised strategy for data governance. This task can
be a very complex one and needs to be accomplished in stages. Therefore, as a first and necessary
stage, a taxonomy approach to define the different attributes of data governance is expected to make
a valuable contribution to knowledge, helping researchers and decision makers to understand the
most important factors that need to be considered when implementing a data governance strategy
for cloud computing services. In addition to the proposed taxonomy, the paper clarifies the concepts
of data governance in contracts with other governance domains.
Keywords: data governance; cloud computing; cloud data governance; taxonomy; systematic
review; holistic
1. Introduction
We are accustomed to the concepts of information technology (IT) governance [1] and corporate
governance [2]. The term “governance”, in general, refers to the way an organisation ensures that
strategies are set, monitored, and achieved [3]. As IT has become the backbone of every organisation,
by definition, IT governance becomes an integral part of any business strategy, and falls under
corporate governance. Historically, data emerged out of disparate legacy transactional systems.
Then, data was seen as a by-product of running the business, and had little value beyond the
transaction and the application that processed it, hence data was not treated as a valuable shared
asset. This continued until the early 1990s, when the value of data started to take another trend
beyond transactions. Business decisions and processes increasingly started to be driven by data
and data analysis. Further investment in data management was the approach taken to tackle the
increasing volume, velocity, and variety of data, such as complex data repositories, data warehouses,
Enterprise Resource Planning (ERP), and Customer Relationship Management (CRMs) [4]. Data links
became very complex and shared amongst multiple systems, and the need to provide a single point
of reference in order to simplify daily functions became crucial, which gave birth to master data
management [5].
Sustainability 2018, 10, 95; doi:10.3390/su10010095
www.mdpi.com/journal/sustainability
Sustainability 2018, 10, 95
2 of 26
Data complexity and volume continue to explode; businesses have grown more sophisticated in
their use of data, which drives new demands that require different ways to combine, manipulate, store,
and present information. Forward-thinking companies recognised that data management solutions
alone are becoming very expensive and are unable to cope with business realities, and the data problem
must be solved in a different way [6]. During this time, the notion of data governance started to take
a different direction, a more important one. Attempts to govern data failed before, as they were driven
by IT, and affected by rigid processes and fragmented activities carried out on a system-by-system
basis. Until very recently, governance has been mostly informal, in siloes around specific enterprise
repositories, lacking structure and the wider support of the organisation. Despite its recognised high
importance, data governance is still an under-researched area and less practised in industry [7,8].
Researchers differ in their definitions of data governance. The governance concept can be understood
in different contexts, for instance, corporate governance, information governance, IT governance,
and data governance; Wende [9] and Chao [10] argue that data governance and IT governance need to
follow corporate governance principles.
To achieve successful data governance, organisations need a strategy framework that can be
easily implemented in accordance with the needs and resources of information [11,12]. A good data
governance framework can also help organisations to create a clear mission, achieve clarity, increase
confidence in using organisational data, establish accountabilities, maintain scope and focus, and define
measurable successes [11,13]. To facilitate data governance, Seiner [14] argues that organisations
must design a data governance model of role responsibilities to identify people who have a level of
accountability to define, produce, and use data in the organisation. Along similar lines, some authors
in the literature argues that organisations should obtain responsibility for data from the information
technology (IT) department, with the participation and commitment of IT staff, business management,
and senior-level executive sponsorship in the organization [15]. Experts in this field show that where
organisations do not implement data governance, the chaos is not as obvious, but the indicators are
glaring, including dirty, redundant, and inconsistent data; inability to integrate; poor performance;
terrible availability; little accountability; users who are increasingly dissatisfied with IT performance;
and a general feeling that things are out of control [16]. The first efforts to create a framework for data
governance were published in 2007 [9,17].
The emergence of cloud computing is a recent development in technology. The National
Institute of Standards and Technology (NIST) [18] defined cloud computing as “a model for enabling
ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction”. The cloud computing model enhances
availability, and is composed of five essential characteristics, four deployment models, and three service
models [19]. The essential characteristics of cloud computing include on-demand self-service, broad
network access, resource pooling, rapid elasticity, and measured service [20]. The cloud deployment
models are the private, public, hybrid, and community models [21]. In addition, cloud computing
includes three service delivery models, which are: Software as a Service (SaaS), Platform as a Service
(PaaS), and Infrastructure as a Service (IaaS) [22]. Cloud computing offers potential benefits to public
and private organisations by making IT services available as a commodity [23,24]. The generally
claimed benefits of cloud computing include: cost efficiency, unlimited storage, backup and recovery,
automatic software integration, easy access to information, quick deployment, easier scale of services,
and delivery of new services [25]. Furthermore, other benefits include: optimised server utilisation,
dynamic scalability, and minimised life cycle development of new applications. However, cloud
computing is still not widely adopted due to many factors, mostly concerning the moving of business
data to be handled by a third party [6], where, in addition to the cloud consumer and provider,
there are other actors: the cloud auditor, cloud broker, and cloud carrier [26]. Therefore, loss of control
of data, security and privacy of data, data quality and assurance, data stewardship, etc. can all be
cited as real concerns of adopting the cloud computing business model [27]. Data lock-in is another
Sustainability 2018, 10, 95
3 of 26
potential risk, where cloud customers can face difficulties in extracting their data from the cloud [28].
Cloud consumers can also suffer from operational and regulatory challenges, as organisations transfer
their data to third parties for storage and processing [29]. In addition, it may be difficult for the
consumers to check the data handling practices of the cloud provider or any of the other involved
actors [23,30,31]. The cloud computing model is expected to be a highly disruptive technology, and the
adoption of its services will, therefore, require even more rigorous data governance strategies and
programmes, which may be more complex, but are necessary.
The general consensus among authors is that data governance refers to the entirety of decision
rights and responsibilities concerning the management of data assets in organisations. This definition
does not, however, provide equal prominence for data governance within the cloud computing
technology context. Therefore, this deficit calls for in-depth understanding of data governance
and cloud computing. This trend contributes to changes in the data governance strategy in the
organisation, such as the organisation’s structure and regulations, people, technology, processes, roles,
and responsibilities. This is one of the great challenges facing organisations today when they move
their data to cloud computing environments, particularly regarding how cloud technology affects data
governance. The authors’ general observation reveals that the area of data governance in general is
under-researched and not widely practised by organisations, let alone when it is concerned with cloud
computing, where research is in its infancy and far from reaching maturity.
This forms the main motivation behind this paper, which attempts to provide the readers with
a holistic view of data governance for both cloud and non-cloud computing, using a taxonomy
approach. The contribution of this paper is unprecedented, with this taxonomy expected to be very
valuable in developing coherent frameworks and programmes of Data Governance for both cloud and
non-cloud computing. One main question has been considering to formulate the results in this study
which is following: what is the main factor that require to develop the data governance for non-cloud
and cloud computing?
The remainder of the article is structured in seven sections. The next section discusses what
data governance is, and why it is important, followed by a section reviewing the literature on data
governance. A subsequent section presents the relationship between data governance and other
governance domains. Following this, the data governance taxonomy section presents a holistic
taxonomy for data governance for cloud and non-cloud. The final Section presents the conclusions,
limitations of research and future work.
2. What Is Data Governance and Why Is It Important?
It is important, before developing a holistic taxonomy, to define the context of data governance.
Often, researchers and practitioners confuse data governance and data management. The definition of
data management provided by the Data Management Association (DAMA) is: “data management is the
development, execution and supervision of plans, policies, programs and practices that control, protect, deliver
and enhance the value of data and information assets” [12]. Data management in general focuses on the
defining of the data element, how it is stored, structured, and moved. Although there is no official
standard definition of data governance, to provide clarity, we refer to the most cited definitions offered
by some important organisations and specialists.
According to the Data Governance Institute (DGI), data governance is “a system of decision
rights and accountabilities for information-related processes, executed according to agreed-upon
models which describe who can take what actions with what information, and when, under what
circumstances, using what methods” [32]. The IT Encyclopedia defines data governance as: “the overall
management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound
data governance program includes a governing body or council, a defined set of procedures, and a plan to
execute those procedures” [7]. DAMA, on the other hand, defines data governance as: “the exercise of
authority, control and shared decision-making (planning, monitoring and enforcement) over the management of
data assets” [33]. According to DAMA, data governance is, therefore, high-level planning and control
Sustainability 2018, 10, 95
4 of 26
over data management [33]. Wende [9] have also argued that data governance is different from data
management, that data governance complements data management, but does not replace it. Ladley [34]
defined data governance as “a system of decision rights and accountabilities for information-related
processes, executed according to agreed-upon models which describe who can take what actions with
what information, and when, under what circumstances, using what methods”. Weber [7] suggested
that data governance “specifies the framework for decision rights and accountabilities to encourage
desirable behaviour in the use of data. To promote desirable behaviour, data governance develops
and implements corporate-wide data policies, guidelines, and standards that are consistent with the
organization’s mission, strategy, values, norms, and culture.” More recently, “Non-Invasive”, a book
by Seiner in 2014, defines data governance as “the formal execution and enforcement of authority over
the management of data and data related assets” [14].
Some other researchers or practitioners seem also to confuse IT governance and data governance.
IT governance is a much more mature area, with the first publications on the topic released about
four decades ago [35], while data governance is still under-researched. Organisations with mature
IT governance practices tend to have a stronger alignment between IT and business [36], and the
author argues that organisations should gain the responsibility for data from the IT department.
Besides IT governance, data governance also has a significant role in aligning the organisation’s
business. Data governance can be used to solve an assortment of business issues related to data
and information [16]. Otto [37] argued that a data governance model helps organisations to
structure and document the accountabilities for their data quality. Some authors have explicitly
demonstrated that data governance is different from IT governance in principle and practice [9,24].
In principle, data governance is designed for the governance of data assets, while IT governance makes
decisions about IT investments, the IT application portfolio, and the IT projects portfolio. In practice,
IT governance is designed primarily around an organisation’s hardware and applications, not its data.
Al Rifai M. et al. [30] argues that enterprise-wide data strategy and governance are important for
organisations, and are required to achieve competitive advantage. In addition, all existing sources
have hitherto only addressed data governance. The fact that organisations need to take many aspects
into consideration when implementing data governance has been neglected so far [9,16,38]. Moreover,
some researchers show that organisations which do not implement effective data governance can
quickly lose any competitive advantage [14,39]. Seiner [14] illustrated that working without a proper
data governance programme is analogous to an organisation allowing each department and each
employee to develop, for instance, their own financial chart of accounts. Data governance in any
organisation requires the involvement and commitment of all staff, with full sponsorship by the
management and senior-level executive sponsorship [40].
Recently, many organisations have become aware of the increasing importance of governing
their data to ensure the confidentiality, integrity, quality, and availability of customer data [41,42].
Currently, there is no single approach for the implementation of a data governance programme for
all organisations [3]. Good data governance can help organisations to create a clear mission, achieve
clarity, increase confidence in using organisational data, establish accountabilities, maintain scope
and focus, and define measurable successes [33,43]. Moreover, many authors have suggested that
developing effective data governance will lead to many benefits for organisations. These benefits are:
enabling more effective decision-making, reducing operational friction, and protecting the needs of data
stakeholders as central to a governance programme [44,45]. In addition, other benefits include: training
of management and staff to adopt common approaches to data issues, build standard, repeatable
processes, reducing costs and increasing effectiveness through coordination of efforts, and ensuring
the transparency of processes [16,17,37].
3. Review of the Literature on Data Governance
An up-to-date literature review has been undertaken to help us and the readers understand
the research landscape in data governance. This review will be instrumental in developing the
Sustainability 2018, 10, 95
5 of 26
aforementioned taxonomy. The review followed the systematic literature review protocol, defined
by [46], with customised search strings, a study selection process, and inclusion and exclusion criteria.
The search was conducted in the following libraries and databases: Google Scholar, Staffordshire
e-resources Libraries, Saudi Digital Library, and the British Library (Ethos). The term “data governance”
was used in this search, but we also tried a combination of keywords in order to test for synonyms
used in the literature and to cover all relevant publications. The following search strings were also
used, “data governance organization”, “governance data”, “data governance in cloud computing”,
“data governance for cloud computing”, and “cloud data governance”. All these search strings were
combined by using the Boolean “OR” operator as follows: ((data governance) OR (data governance
organization) OR (governance data) OR (data governance in cloud computing) OR (data governance
for cloud computing) OR (cloud data governance)).
The search covered the period between 2000 and 2017. The study selection process was based
on four stages, and only 52 records on data governance, which meet the criteria and fall within the
scope of the study, were attained for the final review. Table 1 provides a summary of these 52 papers,
categorised by academic- and practice-oriented contributions for cloud and non-cloud computing.
Table 1. Categorisation of the resultant records on data governance.
Nature of Contribution
Format
References
Academic
Papers in journals and conference
proceedings, books, working reports
and theses
Non-cloud:
[6,7,9,11–14,30,33,34,37,44,47–59].
Cloud Computing:
[60–62].
Practice-oriented
Publications by industry associations,
software vendors and analysts
Non-cloud:
[38,39,63–65], [50,52,66–111].
Cloud Computing:
[41,42,53,70–72].
Out of the retained 52 records, only five records were reported in academic literature on data
governance for cloud services. All reported research agrees that only a few organisations have
addressed data governance, and only partially. Additionally, all reported academic literature stated
that data governance is one of the key components for any enterprise cloud; they also described
some issues related to moving data to the cloud outside the organisation’s premises, such as security,
data migration and interoperability. Felici et al. [60] focused more on one aspect of data governance,
accountability, where they proposed an accountability model for data stewardship in the cloud,
which explains data governance in terms of accountability attributes and cloud-mediated interactions
between actors. This model consists of accountability attributes, accountability practices and
accountability mechanisms. Tountopoulos [73] focused on addressing interoperability requirements
relating to the protection of personal and confidential data for cloud data governance. They also
categorised the accountability taxonomy, composed of seven main roles, which are: cloud subject,
cloud customer, cloud provider, cloud carrier, cloud broker, cloud auditor, and cloud supervisory
authority. Figure 1 shows the numbers of published research on data governance in the last 10 years,
following a systematic review.
Cloud data governance has also been overlooked by industry. Cloud Security Alliance,
Trustworthy Computing Group, and Microsoft Corporation are regarded as the recognised leaders
in this area. The Cloud Security Alliance cloud data governance working group currently focuses
on the data protection aspect, with an aim to propose a data governance framework to ensure the
availability, integrity, privacy, and overall security of data in different cloud models; this is far from
being realised [74]. Trustworthy Computing Group and Microsoft Corporation describe the basic
elements of a data governance initiative for privacy, confidentiality, and compliance, and provide
guides to help organisations embark on this path [41]. According to a MeriTalk report in 2014,
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
6 of 26
6 of 26
Sustainability 2017, 9, 0095 10.3390/su10010095
6 of 26
practices
This report
also federal
suggestsgovernment
that about 56%
of agencies
are currently
the process
only 44%inofthe
ITcloud.
professionals
in the
believe
their agencies
haveinmature
data
of
implementing
data
stewardship
or
data
governance
programmes
[75].
governance
practices
in
the
cloud.
This
report
also
suggests
that
about
56%
of
agencies
are
currently
practices in the cloud. This report also suggests that about 56% of agencies are currently in the processin
Evaluating
thedata
existing
work
data
governance
traditionalprogrammes
IT and cloud[75].
computing reveals
theofprocess
of implementing
data on
stewardship
or datafor
governance
implementing
stewardship
or
data
governance
programmes
[75].
that itEvaluating
isEvaluating
still verythe
limited,
lacking
standards
and unified
hence
acloud
taxonomy
approach
to
existing
work
traditionalIT
IT
andcloud
computing
reveals
the
existing
workon
ondata
data governance
governance
for definitions,
traditional
and
computing
reveals
classify
aspects
and
attributes
of data
governance
will be a highly
contribution
that
is
stillvery
very
limited,
lacking
standards
and
hence
approach
toat
that
it it
isdifferent
still
limited,
lacking
standards
and
unified definitions,
definitions,
henceavaluable
ataxonomy
taxonomy
approach
to
this
stage.
classify
differentaspects
aspectsand
andattributes
attributes of
of data
data governance
governance will
atat
classify
different
will be
beaahighly
highlyvaluable
valuablecontribution
contribution
this
stage.
this
stage.
7
7
6
6
5
5
4
4
3
3
2
2
1
0
1
0
2005 2006 2007 2008 2009 2010 2011
2005 2006 2007 2008 2009 2010 2011
N0n-Cloud Academic
N0n-Cloud Academic
Cloud Computing Academic
Cloud Computing Academic
2012
2012
2013
2013
2014
2014
2015 2016 2017
2015 2016 2017
Non-Cloud Practice Oriented
Non-Cloud Practice Oriented
Cloud Computing Practice Oriented
Cloud Computing Practice Oriented
Figure
1.1.1.
Number
in
the
last
10
years.
Figure
Number
of
published
research
on data
data governance
governancein
inthe
thelast
last10
10years.
years.
Figure
Numberof
ofpublished
publishedresearch
researchon
data
governance
4.
Governance
and
4.
Data
Governance
andOther
OtherGovernance
GovernanceDomains
Domains
4. Data
Data
Governance
and
Other
Governance
Domains
With
name
but
the
most
relevant
ones,
Withthe
theemergence
emergenceof
new governance
governance domains—to
domains—to name
With
the
emergence
ofofnew
new
governance
domains—to
name but
but the
themost
mostrelevant
relevantones,
ones,
Corporate
Governance,
IT
Governance,
Information
Governance,
and,
more
recently,
Cloud
Corporate
Governance,
IT
Governance,
Information
Governance,
and,
more
recently,
Cloud
Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing
Computing
Governance—it
isiseasy
totoconfuse
them,
have
observed
theliterature,
literature,
Computing
Governance—it
easy
confuse
them,
something
we have
observed
ininthe
Governance—it
is easy to confuse
them,
something
wesomething
have observed
in the
literature,
where
authors
where
authorshave
have
interchanged
these
governance
domains
as if
the
same
ItItisis
where
authors
interchanged
governance
domains
if they
they are
are
the
samething.
thing.
have
interchanged
these
governancethese
domains
as if they
are the same
thing.
It is
important,
therefore,
important,
therefore,
to
differentiate
between
these
domains,
more
important
to
define
how
they
important,
therefore,
to
differentiate
between
these
domains,
and
more
important
to
define
how
to differentiate between these domains, and more important to define how they are linked to they
each
are
linked
each
other,particularly
particularlywith
respectto
to data
data governance.
governance. Figure
22isisaasimplified
view
are
linked
to to
each
other,
respect
Figureview
viewofof
other,
particularly
with
respect
to datawith
governance.
Figure
2 is a simplified
ofsimplified
the interrelations
the
interrelations
betweenthese
thesedomains.
domains.
the
interrelations
between
between
these domains.
Figure 2. The interrelations between governance domains.
Figure
Figure2.
2.The
Theinterrelations
interrelationsbetween
betweengovernance
governance domains.
domains.
Corporate governance has become important, as effective governance ensures that the business
Corporate governance
has becomeand
important,
as effective
ensures for
that the business
environment
fair and transparent,
that companies
can governance
be
held accountable
Corporate is
governance
has become important,
as effective
governance
ensures thattheir
the actions
business
environment
is
fair
and
transparent,
and
that
companies
can
be
held
accountable
for their
actions
[76].
In
contrast,
weak
corporate
governance
leads
to
waste,
mismanagement
and
corruption.
environment is fair and transparent, and that companies can be held accountable for their actions [76].
[76].
In contrast,
corporateforgovernance
leads to waste,
and corruption.
According
to theweak
Organization
Economic Cooperation
and mismanagement
Development (OECD),
corporate
According to the Organization for Economic Cooperation and Development (OECD), corporate
Sustainability 2018, 10, 95
7 of 26
In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to
the Organization for Economic Cooperation and Development (OECD), corporate governance is “a set
of relationships between a company’s management, its board, its shareholders, and other stakeholders, corporate
governance also provides the structure through which the objectives of the company are set, and the means of
attaining the objectives and monitoring performance are determined” [77].
In recent years, IT has been the backbone of every business [78]. As a result, the concept of
IT governance has become more important for organisations. IT governance, similarly to corporate
governance, is the process of establishing authority, responsibilities, and communication, along with
policies, standards, control mechanisms and measurements to enable the fulfilment of defined roles
and responsibilities [79]. Thus, corporate governance can provide a starting point in the definition
of IT governance [7]. According to Herbst et al. (2013), IT governance is defined as “procedures and
policies established in order to assure that the IT system of an organization sustains its goals and strategies” [80].
It is pertinent, however, to note that there is a difference between IT governance and IT functions;
this difference is not just about the centralisation or decentralisation of IT structures, but also that it is
not the sole responsibility of the CIO [81].
The term “information governance” was introduced by Donaldson and Walker (2004) as
a framework to support the work of the National Health Society in the USA. Unfortunately, many
organisations have not yet established a clear distinction between information governance and IT
governance [82]. Information governance can be viewed as a subset of corporate governance, with the
main objectives being to improve the effectiveness and speed of decisions and processes, to reduce the
costs and risks to the business or organisation, and to make maximum use of information in terms of
value creation [83]. Gartner defines information governance as “the specification of decision rights and an
accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and
deletion of information” [84]. The information governance approach focuses on controlling information
that is generated by IT and office systems, or their output, but does focus on detailed IT or data capture
and quality processes.
Cloud governance is a new term in the IT field; however, it has not been given a clear definition
yet [85]. Microsoft defines cloud governance as “defining policies around managing the factors: availability,
security, privacy, location of cloud services and compliance and tracking for enforcing the policies at run time
when the applications are running” [86]. The core of cloud governance revolves around the relationships
between provider and consumer, across different business models [87]. The business model should
define the way in which an offer is made and how it is consumed. To function at all cloud levels (IaaS,
PaaS and SaaS), the business model should be devoid of the type of resources involved.
The literature reported different views on what drives what within these governance domains; in
our research, we argue that data governance should be the key driver for all other governance domains,
sitting at the heart of everything. The most debated relationship among these governance domains
has been that of information governance and data governance, where numerous schools of thought,
including the Data Governance Institute, have consistently used information and data governance
interchangeably, connoting the understanding that the two terms mean the same thing. A very
recent paper, published only in 2016, as part of the proceedings of the 28th Annual Conference of the
Southern African Institute of Management Scientists, presented a systematic analysis to prove that data
governance is indeed a prerequisite for information governance, and hence the argument was extended
to state that data governance must become an ingrained part of both corporate governance and IT
governance [88]. Figure 3 provides an illustration of the advocated hierarchy of these governance
domains, showing also the difference between management and governance.
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
8 of 26
8 of 26
Figure
3. The
hierarchy
for the
between
management
and and
governance.
Figure
3. The
hierarchy
for difference
the difference
between
management
governance.
5. Data
Governance
Taxonomy
5. Data
Governance
Taxonomy
To construct
a holistic
taxonomy,
we we
must
determine
the the
key key
dimensions
of data
governance.
To construct
a holistic
taxonomy,
must
determine
dimensions
of data
governance.
ThisThis
adopted
dimension-based
allowsfor
forthe
the
categories
in taxonomy
the taxonomy
to be broken
adopted
dimension-basedapproach
approach allows
categories
in the
to be broken
down into
down
into
discrete
areas.
A
dimension-based
approach
allows
more
flexibility
in
placing
content
discrete areas. A dimension-based approach allows more flexibility in placing content into variousinto
nodes,
various
nodes, represented
by thetodimension
which In
they
of datathis
governance,
represented
by the dimension
which theytobelong.
thebelong.
contextIn
ofthe
datacontext
governance,
approach will
thisallow
approach
allow users
to manage content
data governance
content
more efficiently.
Successfully
userswill
to manage
data governance
more efficiently.
Successfully
achieving
this could be
achieving
this
could
be
a
potentially
complex
process,
and
consequently
requires
more
investigative
a potentially complex process, and consequently requires more investigative effort and the involvement
effort
the involvement
of Therefore,
different stakeholders.
Therefore,
taxonomy
fordeveloped
data governance
of and
different
stakeholders.
the taxonomy
for data the
governance
was
following
wasexploratory
developed and
following
exploratory
and
qualitative
research,
where
the
method
employed
was
qualitative research, where the method employed was merrily based on a combination
merrily
based
on
a
combination
of
analysing
the
relevant
knowledge
in
the
public
domain,
resulting
of analysing the relevant knowledge in the public domain, resulting from the above described
from
the aboveliterature
described
systematic
literature
review (Section
3) andtheory
following
systematic
review
(Section
3) and following
the analytic
[89]. the analytic theory
[89].
The analytic theory has been useful in understanding the data governance aspects of traditional IT
Thecloud
analytic
theory has
been
useful
in understanding
the data
governance
and
technology.
Sein
M. et
al. [89]
state that “the analytic
theory
is used toaspects
describeof
ortraditional
classify specific
IT and
cloud
technology.
Sein
M.
et
al.
[89]
state
that
“the
analytic
theory
is
used
to
describe
or classify
dimensions or characteristics of individuals, groups, situations, or events by summarizing the commonalities
specific
dimensions
or
characteristics
of
individuals,
groups,
situations,
or
events
by
summarizing
found in discrete observations. Frameworks, classification schema and taxonomies are numerous the
in IS”.
commonalities
found
in discrete
observations.
anddata
taxonomies
are numerous
The analytic
theory
has been
chosen as Frameworks,
a concept forclassification
this study toschema
identify
governance
dimensions
in IS”.
analytic
theory has
been
chosentheory
as a concept
for this
study
to identify
data governance
for The
the cloud
services.
To use
analytic
in making
data
governance
dimensions,
we follow
dimensions
for
the
cloud
services.
To
use
analytic
theory
in
making
data
governance
weand
three steps. Firstly, understanding the state of the art of data governance fordimensions,
traditional IT
follow
Firstly,
understanding
thedimensions
state of the or
artcharacteristics
of data governance
forgovernance
traditional IT
and
the three
cloud.steps.
Secondly,
identifying
specific
of data
and
cloud
the computing.
cloud. Secondly,
identifying
specific
dimensions
or
characteristics
of
data
governance
and
cloud
Finally, developing the key data governance dimensions for cloud computing, based on the
computing.
Finally,
developing
theand
keyfactors
data governance
forreview,
cloud computing,
based on the
definitions
of data
governance
presented indimensions
the literature
which will construct
the definitions
of
data
governance
and
factors
presented
in
the
literature
review,
which
will
construct
desired taxonomy. The adopted approach is considered expedient in expounding a sound theoretical
the foundation
desired taxonomy.
The This
adopted
approach
expedient
in expounding
a sound
for the study.
approach
is usedistoconsidered
contextualise
the research,
for which authors
chose
theoretical
foundation
forrelevant
the study.
Thisstudy
approach
is used
contextualise
research,
for awhich
the contents
that were
for the
and how
thesetowere
employed the
in order
to reach
scientific
authors
chose the
contents
that were
relevant foressential,
the studyfollowing
and howathese
employed
in order in
conclusion.
Such
an approach
is considered
set ofwere
processes
or procedures
to reach
a
scientific
conclusion.
Such
an
approach
is
considered
essential,
following
a
set
of
processes
undergoing a systematic review, which can be verified or validated scientifically.
or procedures
undergoing
a systematic
review,and
which
can be verified
or validated research
scientifically.
To theinbest
of the authors’
knowledge,
following
the aforementioned
approach,
To
the
best
of
the
authors’
knowledge,
and
following
the
aforementioned
research
approach,
there is no published research that defines the key dimensions of data governance for cloud
there
is no published
research
that defines
the key dimensions
of data
governance
for albeit
cloud not
computing.
In contrast,
for traditional
IT (non-cloud),
there is some
reported
research,
computing.
In
contrast,
for
traditional
IT
(non-cloud),
there
is
some
reported
research,
albeit
much. As illustrated above, data governance for non-cloud and cloud, although showingnot
some
much.
As illustrated
above,
data
governance
for non-cloud
cloud, although
showing
some
similarities
at a higher
level,
differs
significantly
in details,and
in addition
to some new
factors
related
similarities
at a higher
level, differs
details,
addition
to some
new factors
related as
only to cloud
technology.
Figuresignificantly
4 shows theintwo
maininclasses
of data
governance,
considered
only to cloud technology. Figure 4 shows the two main classes of data governance, considered as sub-
Sustainability 2018, 10, 95
9 of 26
Sustainability 2017, 9, 0095 10.3390/su10010095
Sustainability 2017, 9, 0095 10.3390/su10010095
9 of 26
9 of 26
sub-taxonomies:
datagovernance
governance
non-cloud
computing,
referred
to herein
as traditional
taxonomies: data
forfor
non-cloud
computing,
referred
to herein
as traditional
datadata
taxonomies:
data
governance
for
non-cloud
computing,
referred
to
herein
as
traditional
data
governance,
and
data
governance
for
cloud
computing,
referred
to
herein
as
cloud
data
governance.
governance, and data governance for cloud computing, referred to herein as cloud data governance.
Data
Governance
Data
Governance
governance, and data governance for cloud computing, referred to herein as cloud data governance.
Traditional Data Governance
Traditional Data Governance
Cloud Data Governance
Cloud Data Governance
Figure 4. Two main blocks of the data governance taxonomy.
Figure 4. Two main blocks of the data governance taxonomy.
Figure 4. Two main blocks of the data governance taxonomy.
5.1. Traditional Data Governance
5.1. Traditional
Governance
As shownData
in the
systematic literature review above, the literature on traditional data governance
5.1. Traditional Data Governance
shown
ininthe
systematic
literature
review
above, the
literature
on views
traditional
data
governance
isAs
still
considered
Some authors
expressed
their
subjective
on data
aspects
of data
As shown
theinsufficient.
systematic literature
review
above, the
literature
on traditional
governance
is still
considered
insufficient.
Some
authors
expressed
their
subjective
views
on
aspects
of data
governance;
this
subjectivity
is
driven
by
the
fact
that
there
is
no
single
approach
to
implementing
is still considered insufficient. Some authors expressed their subjective views on aspects of data
governance;
this
subjectivity
is
driven
by
the
fact
that
there
is
no
single
approach
to
implementing
standard
data
governance
for
all
types
of
organisations
[4].
This
means
each
organisation’s
approach
governance; this subjectivity is driven by the fact that there is no single approach to implementing
to datadata
governance
couldfor
beall
different.
It is,
therefore, very
to capture
all
the different
views;
standard
governance
organisations
[4].difficult
Thismeans
means
each
organisation’s
approach
standard
data
governance
for
alltypes
types of
of
organisations
[4].
This
each
organisation’s
approach
after further
analysis
of the relevant
literature,
we
could identify
common
aspects
ofviews;
data
to data
governance
could
be
It is, therefore,
therefore,
very
difficult
capture
different
views;
toinstead,
data
governance
could
bedifferent.
different.
very
difficult
toto
capture
allall
thethe
different
governance
which
most
authors
seem
to
agree
upon.
Therefore,
traditional
data
governance
could
bedata
instead,
after
further
analysis
of
the
relevant
literature,
we
could
identify
common
aspects
of
instead, after further analysis of the relevant literature, we could identify common aspects of data
classified
into
three
main
categories:
people
and
organisational
bodies,
policy,
and
technology,
governance
whichmost
mostauthors
authors seem
Therefore,
traditional
datadata
governance
could as
be
governance
which
seemto
toagree
agreeupon.
upon.
Therefore,
traditional
governance
could
shown
in
the
simplified
taxonomy
below
(Figure
5).
This
is
followed
by
extended
descriptions
and
categories:
people
andand
organisational
bodies,
policy,
and technology,
as
be classified
classifiedinto
intothree
threemain
main
categories:
people
organisational
bodies,
policy,
and technology,
classification
of each aspect.
shown
in the simplified
taxonomy below (Figure 5). This is followed by extended descriptions and
Traditional
Data Data
Governance
Traditional
Governance
as shown in the simplified taxonomy below (Figure 5). This is followed by extended descriptions and
classification
eachaspect.
aspect.
classification
ofof
each
People and Organizational Bodies
People and Organizational Bodies
Policy and Process
Policy and Process
Technology
Technology
Figure 5. Traditional data governance taxonomy.
Figure
datagovernance
governancetaxonomy.
taxonomy.
Figure5.
5. Traditional data
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
10 of 26
10 of 26
5.1.1.
People
and
Organisational
Bodies
5.1.1.
People
and
Organisational
Bodies
Data
governance
will
influence
thethe
mix
of of
data
stakeholders
involved
in in
data-related
decisions
Data
governance
will
influence
mix
data
stakeholders
involved
data-related
decisions
and
actions
in
an
organisation,
as
well
as
the
amount
of
effort
required
of
each
stakeholder.
Therefore,
and actions in an organisation, as well as the amount of effort required of each stakeholder. Therefore,
in in
traditional
data
governance,
thethe
people
and
organisational
bodies
play
important
parts
when
traditional
data
governance,
people
and
organisational
bodies
play
important
parts
when
organisations
implement
data
governance
forfor
their
business
[90].
people
and
organisations
implement
data
governance
their
business
[90].The
Theelement
elementof of
people
and
organisational
bodies
in
data
governance
can
be
defined
as
any
individual
or
group
that
could
organisational bodies in data governance
be defined as any individual or group that could affect
affect
or affected
be affected
by the
under
discussion.
People
in traditional
governance
many
or be
by the
datadata
under
discussion.
People
in traditional
governance
havehave
many
tasks,
tasks,
including
authority,
datastewardship,
stewardship,business
business rules, collaboration,
culture
including
authority,
data
collaboration,accountability
accountabilityand
and
culture
attitude
[91].
context
of of
traditional
data
attitude
[91].The
Thepeople
peopleand
andorganisational
organisationalbodies
bodieselement,
element,ininthethe
context
traditional
data
governance,
could
include
thethe
following:
data
governance
office,
data
governance
council,
executive
governance,
could
include
following:
data
governance
office,
data
governance
council,
executive
sponsorship,
chief
information
officer
(CIO),
data data
management
committee,
compliance
committee
and
sponsorship,
chief
information
officer
(CIO),
management
committee,
compliance
committee
data
stewards;
each has
specific
roles and
responsibilities
within their
organisations.
Figure 6 below
and
data stewards;
each
has specific
roles
and responsibilities
within
their organisations.
Figure 6
summarises
the most important
aspects of aspects
this class
traditional
data governance,
as agreed by
below summarises
the most important
ofof
this
class of traditional
data governance,
as most
agreed
reported
literature.
by most reported literature.
Data Governance Office
People and Organizational Bodies
Data Governance Council
Executive Sponsorship
Chief Information Officer
Data Management Committee
Compliance Committee
Data Stewards
Figure
6. People
and
organisational
bodies
taxonomy
in traditional
data
governance.
Figure
6. People
and
organisational
bodies
taxonomy
in traditional
data
governance.
5.1.2.
Policy
and
Process
5.1.2.
Policy
and
Process
Data
governance
policy
a set
measurable
acts
and
rules
a set
data
management
Data
governance
policy
is is
a set
of of
measurable
acts
and
rules
forfor
a set
of of
data
management
functions
in
order
to
ensure
the
benefit
of
a
business
process
[92].
Regarding
data
governance
functions in order to ensure the benefit of a business process [92]. Regarding data governance processes,
processes,
describeused
the methods
govern
data; these
processes
should bedocumented
standardised,
they
describethey
the methods
to governused
data;tothese
processes
should
be standardised,
documented
and
repeatable.
According
to
IBM
Institute
[69],
data
governance
policies
and
processes
and repeatable. According to IBM Institute [69], data governance policies and processes should
be
should
be
crafted
to
support
regulatory
and
compliance
requirements
for
data
management
crafted to support regulatory and compliance requirements for data management functions. The policy
functions.
The policy
and process
in traditional
data governance
could include
principles,
and
process aspects
in traditional
dataaspects
governance
could include
principles, policies,
standards
and
policies,
standards
and
process,
as
displayed
in
Figure
7.
process, as displayed in Figure 7.
Sustainability
2017,
9, 0095
10.3390/su10010095
Sustainability
2018,
10,2017,
95
Sustainability
9, 0095
10.3390/su10010095
11
11of
of
26
1126
of 26
Policy and Process
Policy and Process
Principles
Principles
Policies
Policies
Standards
Standards
Process
Process
Figure
7. Policy
and
process
elements
inintraditional
data
governance.
Figure
7. Policy
and
process
elements
traditional
datadata
governance.
Figure
7. Policy
and
process
elements
in traditional
governance.
5.1.3.
Technology
5.1.3.
Technology
5.1.3.
Technology
Technology
is an
integral
factor
forfor
data
governance;
ititisisthrough
technology
thatthat
cancan
ensure
Technology
is an
factor
data
governance;
technology
we we
can
ensure
Technology
is integral
an integral
factor
for
data
governance;
itthrough
is through
technology
ensure
automation
and
enforce
and
control
data
governance
policies.
However,
the
role
of
technology
comes
automation
and
enforce
and
control
data
governance
policies.
However,
the
role
of
technology
automation and enforce and control data governance policies. However, the role of technology comes
after
an approved
datadata
governance
policy
and
process.
Technology
in the
context
of data
governance
comes
after
anapproved
approved
data
governance
policy
and process.
Technology
in the
context
of data
after
an
governance
policy
and
process.
Technology
in the
context
of
data
governance
represents
the
engineering
methods
that
are
responsible
for
reflecting
its
policies
and
practice
in
ain a
governance
represents
the engineering
methods
are responsible
for reflecting
policies
and
represents
the engineering
methods
that are that
responsible
for reflecting
its policiesitsand
practice
measurable
way.
Therefore,
a
fit-for-purpose
plan
for
using
technical
tools
to
support
data
practice
in a measurable
way. Therefore,
a fit-for-purpose
for using
technical
tools
support
measurable
way. Therefore,
a fit-for-purpose
plan plan
for using
technical
tools
to to
support
data
polices,
within
the
context
ofof roles,
responsibilities,
and
accountabilities,
must
be
datagovernance
governance
polices,
within
the
context
roles,
responsibilities,
and
accountabilities,
must
be be
governance
polices,
within
the
context
of
roles,
responsibilities,
and
accountabilities,
must
established
[4,66].
The
simplest
forms
technology
reported
fortraditional
traditional
datadata
governance
could
established
[4,66].
The
simplest
forms
ofof
technology
reported
for
data
governance
could
established
[4,66].
The
simplest
forms
of technology
reported
for
traditional
governance
could
include
hardware,
software
and
monitoring
tools,
as
depicted
in
Figure
8.
hardware,
software
and monitoring
as depicted
in Figure
includeinclude
hardware,
software
and monitoring
tools,tools,
as depicted
in Figure
8. 8.
Technology
Technology
Hardware
Hardware
Software
Software
Monitoring
ToolTool
Monitoring
Figure 8. The
technology
elements
of traditional
data governance.
The
technology
elements
of traditional
governance.
FigureFigure
8. The8.technology
elements
of traditional
data data
governance.
5.2.5.2.
Cloud
Data
Governance
Cloud
Data
Governance
5.2. Cloud
Data
Governance
TheThe
impediment
to the the
wider adoption
of the the
cloud
computing
model
has been
linked
primarily
impediment
adoption
cloud
computing
model
been
linked
primarily
The impediment
to the to
widerwider
adoption
of theofcloud
computing
model
has has
been
linked
primarily
to aspects
related
to the
datadata
governance
environment
[42,53,60].
While
security
seems
to be
the
most
to
aspects
related
to
the
governance
environment
[42,53,60].
While
security
seems
to
be
most
to aspects related to the data governance environment [42,53,60]. While security seems to be thethe
most
cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the cloud are
Sustainability 2017, 9, 0095 10.3390/su10010095
12 of 26
cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the
cloud
12 of 26
are related to governance and legal issues. Data governance is considered to be one of the most
important aspects of cloud governance [25]. Data governance programmes, built for on-premises IT
related
to governance
and be
legal
issues. Data
governance
is considered
to be one
of the most which
important
infrastructure,
cannot
deployed
for cloud
infrastructure
and service
provisioning,
would
aspects
of
cloud
governance
[25].
Data
governance
programmes,
built
for
on-premises
IT
infrastructure,
require completely new requirements, design and implementation [53,93]. Undoubtedly, the area of
cannot
be data
deployed
for cloud
infrastructure
and of
service
provisioning,
which
would
requireit completely
cloud
governance
is becoming
a topic
the coming
decades
[60,73],
although
is still undernewresearched
requirements,
and implementation
[53,93].
the[7,9].
area ofAs
cloud
data governance
by design
both academia
and industry,
dueUndoubtedly,
to its novelty
discussed
above, data
is becoming
a
topic
of
the
coming
decades
[60,73],
although
it
is
still
under-researched
by
both
academia
governance is still underdeveloped and under-practised, even for traditional IT infrastructures, let
andalone
industry,
duecomputing
to its novelty
[7,9]. As discussed
governance
underdeveloped
and
cloud
environments
[4,94]. above,
This isdata
evidenced
by is
thestill
results
of the systematic
under-practised,
even
for
traditional
IT
infrastructures,
let
alone
cloud
computing
environments
[4,94].
literature review discussed above, where only 11 records discussing data governance for cloud
This
is evidenced
the results
of the systematic
literature
discussed
above,and
where
onlythe
computing
wereby
reported.
Governance
in the cloud
needs toreview
understand,
moderate
regulate
11 records
discussing
datadifferent
governance
foractors
cloudorcomputing
were
reported.
Governance
in the cloud
relationships
between
cloud
stakeholders
in terms
of roles
and responsibilities
[24].
needs
to
understand,
moderate
and
regulate
the
relationships
between
different
cloud
actors
or
Data governance is meant to classify and assign responsibilities, communication, labelling and
stakeholders
in terms
roles
and
responsibilities
Datagovernance
governancefor
is meant
to classify
andAlmost
assign all
policies [57].
Thereofare
few
studies
reporting [24].
on data
the cloud
services.
responsibilities,
labelling
andcomputing
policies [57].
Thereon
areaccountability
few studies reporting
on data
existing workcommunication,
on data governance
for cloud
focuses
and interoperability
governance
for the cloud services.
all existing
on data
governance
for cloud
computingand
[57,60]. Accountability
could Almost
be addressed
at work
different
levels,
technological,
regulatory
focuses
on accountability
organisational
[95]. and interoperability [57,60]. Accountability could be addressed at different
levels, technological,
regulatory
and organisational
[95].
There is a strong
consensus
that cloud computing
will lead to change in the strategy of
There is a data
strong
consensus in
that
cloud computing
lead
to change
in theisstrategy
of traditional
traditional
governance
organisations
[96]. will
Cloud
data
governance
the main
focus area in
data
governance
in organisations
Cloud data
governance
the main the
focus
area in classifications
this research, of
this
research, where
the aim is [96].
to construct
a taxonomy
that is
represents
different
where
aim isTo
to construct
a taxonomy
that
represents
the different
this domain.
thisthe
domain.
recall, to the
best of the
authors’
knowledge,
this isclassifications
the first such of
attempt
reported,
To recall,
to the
best
of the
authors’ knowledge,
this is the literature
first such attempt
the
following
the
most
comprehensive
and up-to-date
review. reported,
Figure 9following
is a high-level
most
comprehensive
up-to-date
literature
review.
9 is a high-level
cloud data
taxonomy
of cloudand
data
governance,
compiled
fromFigure
the analysis
of relevanttaxonomy
literature,ofidentified
from
governance,
compiled
from the
analysis
relevant literature,
from the
systematicofliterature
the systematic
literature
review.
Theofsubsequent
sectionsidentified
contain further
description
every subreview.
class.The subsequent sections contain further description of every sub-class.
Sustainability 2018, 10, 95
Data Governance Structure
Policy and Process
Cloud Data Governance
Cloud Deployments Model
Service Delivery Model
Cloud Actors
Organisational
Technological
Service Level Agreement
Monitor Matrix
Legal Context
Figure
A Cloud
Data
Governance
Taxonomy.
Figure
9. A9.Cloud
Data
Governance
Taxonomy.
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
13 of 26
13 of 26
5.2.1.
Data
Governance
Structure
5.2.1.
Data
Governance
Structure
Designing
a data
governance
structure
thatrequisite
requisiteroles
rolesand
Designing
a data
governance
structureisisan
animportant
importantfactor
factor in
in ensuring that
andresponsibilities
responsibilitiesare
are
addressed
throughout
enterprise
at right
the right
organisational
[13].
addressed
throughout
thethe
enterprise
at the
organisational
levelslevels
[13]. Several
Several
common
governance
roles
havebeen
beenidentified
identified in existing
thethe
following:
common
datadata
governance
roles
have
existingstudies,
studies,including
including
following:
executive
sponsorship,
data
management
committee,
compliance
committee,
data
stewardship
team,
executive
sponsorship,
data
management
committee,
compliance
committee,
data
stewardship
team,
cloud
manager,
cloud
provider
member,
IT
member
and
legal
member
[9,97].
These
roles
must
cloud manager, cloud provider member, IT member and legal member [9,97]. These roles must
collaborate
to formulate
datadata
governance
bodies.
Figure
10 shows
an example
of aoftypical
cloud
data
collaborate
to formulate
governance
bodies.
Figure
10 shows
an example
a typical
cloud
data
governance
structure.
governance
structure.
Executive Sponsorship
Data Governance Structure
Data Management Committee
Compliance Committee
Data Stewardship Team
Cloud Manager
Cloud Provider Member
IT member
Legal Member
Figure
10. Cloud
governance
structure.
Figure
10. Cloud
datadata
governance
structure.
5.2.2.
Data
Governance
Function
5.2.2.
Data
Governance
Function
refers
to master
activities
forgovernance,
data governance,
including
functions
which
data governance
ThisThis
refers
to master
activities
for data
including
functions
which data
governance
teams
teams
must
take
into
account
when
implementing
data
governance
programmes
[98].
Establishing
must take into account when implementing data governance programmes [98]. Establishing consistent
consistent
policies,
and operating
processes
to ensure
the accuracy,
availability,
policies,
standards,
andstandards,
operating processes
to ensure
the accuracy,
availability,
and security
of dataand
security
of data
should
be part of the
data governance
strategy,the
as organisation’s
well as defining
theassets
organisation’s
should
be part
of the
data governance
strategy,
as well as defining
data
[3,37].
data
assets
[3,37].
Therefore,
the
data
governance
team
must
define
all
data
governance
policies
Therefore, the data governance team must define all data governance policies that address cloudthat
address concerns.
cloud consumers’
The
data governance
can support
consumers’
The data concerns.
governance
functions
can supportfunctions
organisations
to make organisations
cloud service to
make cloud
decisions, such
as the geographic
distribution
of data
processed,
and in
decisions,
such service
as the geographic
distribution
of data stored,
processed,
andstored,
in transit;
regulatory
transit;
regulatory
requirements;
data
management
requirements;
and
audit
policies
[99].
Effective
requirements; data management requirements; and audit policies [99]. Effective data governance
data governance
in cloudtransparency
computing and
requires
transparency
andleads
accountability,
which
leads to
in cloud
computing requires
accountability,
which
to appropriate
decisions
appropriate
decisions
that
foster
trust
and
assurance
for
cloud
consumers
[100].
The
outcomes
from
that foster trust and assurance for cloud consumers [100]. The outcomes from data governance
data
governance
function
activities
include
standard,
procedure,
compliance,
transformation,
function activities include standard, procedure, compliance, transformation, integration, management,
integration,
management,
auditability,
principles the
and
processes.
This is
auditability,
transparency,
policies,
principlestransparency,
and processes.policies,
This is considered
master
dimension
considered
the
master
dimension
for
data
governance,
but
it
must
comply
with
other
dimensions
for data governance, but it must comply with other dimensions to develop effective data governance. to
develop
effective
data data
governance.
Figure
11 shows
the
cloud data
governance
function and its
Figure
11 shows
the cloud
governance
function
and its
concerns
for cloud
computing.
concerns for cloud computing.
Data Governance
Function
Data Governance
Function
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
Sustainability 2017, 9, 0095 10.3390/su10010095
14 of 26
14 of 26
14 of 26
Process
Process
Standard
Standard
Principle
Principle
Procedure
Procedure
Data Governance
Data Concerns
Governance
Concerns
Compliance
Compliance
Transformation
Transformation
Integration
Integration
Management
Management
Auditability
Auditability
Transparency
Transparency
Figure 11. Cloud data governance function and its concerns for cloud computing.
Figure
Cloud
data
governance
function
and
concerns
cloud
computing.
Figure
11.11.
Cloud
data
governance
function
and
its its
concerns
forfor
cloud
computing.
Cloud Deployment Models
Cloud Deployment Models
5.2.3. Cloud Deployment Model
5.2.3.
Cloud
Deployment
Model
5.2.3.
Cloud
Deployment
Model
This is an important factor to consider in data governance. There are primarily four cloud
This
an
important
factor
to
consider
data
governance.
There
primarily
four
cloud
This
is is
an
important
factor
to in
consider
in in
data
governance.
There
areare
primarily
four
cloud
deployment
models,
which
differ
their provisions;
these are the
public,
private, hybrid
and
deployment
models,
which
differ
their
provisions;
these
the public,
private, hybrid
and
deployment
models,
which
differ
in in
their
provisions;
these
areare
the
and
community
cloud
deployment
models.
To address
data governance,
thepublic,
level ofprivate,
risk andhybrid
complexity
community
cloud
deployment
models.
To
address
data
governance,
the
level
of
risk
and
complexity
community
clouddeployment
deployment models.
addressinto
dataconsideration
governance, the[18].
levelAccording
of risk and complexity
of
of
each cloud
must beTo taken
to [110] the
of
each
cloud
deployment
must
be
taken
into
consideration
[18].
According
to
[110]
the
each cloud deployment
be takenvaries
into consideration
According
[110] deployment.
the implementation
implementation
of data must
governance
greatly, based[18].
on the
adoptedtocloud
Figure
ofvaries
data governance
varies
greatly, based
on the
adopted cloud
deployment.
Figure
of implementation
data
governance
greatly,
based
on the
cloud
deployment.
Figure
12ashows
12
shows
cloud deployment
model
types
to adopted
be considered
when implementing
cloudcloud
data
12
shows
cloud
deployment
model
types
to
be
considered
when
implementing
a
cloud
data
deploymentprogramme.
model types to be considered when implementing a cloud data governance programme.
governance
governance programme.
Private Cloud
Private Cloud
Public Cloud
Public Cloud
Hybrid Cloud
Hybrid Cloud
Community Cloud
Community Cloud
Figure 12. Cloud deployment model types for cloud data governance.
Figure
12.12.
Cloud
deployment
model
types
forfor
cloud
data
governance.
Figure
Cloud
deployment
model
types
cloud
data
governance.
5.2.4. Cloud Service Delivery Model
5.2.4. Cloud Service Delivery Model
Cloud services can be categorised into three delivery models: Software as a Service (SaaS),
Cloud services can be categorised into three delivery models: Software as a Service (SaaS),
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the
Sustainability 2018, 10, 95
15 of 26
5.2.4. Cloud Service Delivery Model
ServiceDelivery
DeliveryModel
Model
Service
Cloud 2017,
services
be categorised into three delivery models: Software as a Service (SaaS),
Sustainability
9, 0095can
10.3390/su10010095
15 of 26
Sustainability 2017, 9, 0095 10.3390/su10010095
15 of 26
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model,
the
cloud
consumer
a differing
of control
over data
their[61]
dataand
[61]each
andmodel
each model
will
cloud
consumer
willwill
havehave
a differing
levellevel
of control
over their
will require
cloud consumer will have a differing level of control over their data [61] and each model will require
require
a different
approach
data governance
and management.
Therefore,
thegovernance
data governance
a different
approach
to datatogovernance
and management.
Therefore,
the data
teams
a different approach to data governance and management. Therefore, the data governance teams
teams
consider
allcharacteristics
the characteristics
of service
the service
delivery
model
define
appropriate
policies
must must
consider
all the
of the
delivery
model
andand
define
appropriate
policies
to
must consider all the characteristics of the service delivery model and define appropriate policies to
to
enforcecontrol
controlroles
rolesand
andresponsibilities.
responsibilities.Figure
Figure13
13shows
shows the
the cloud service delivery
enforce
delivery model
model to
tobe
be
enforce control roles and responsibilities. Figure 13 shows the cloud service delivery model to be
considered
consideredwhen
whenimplementing
implementingcloud
clouddata
datagovernance.
governance.
considered when implementing cloud data governance.
Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Software as a Service (SaaS)
Figure13.
13.Cloud
Cloudservice
servicedelivery
deliverymodel
modelfor
forcloud
clouddata
datagovernance.
governance.
Figure
Figure 13. Cloud service delivery model for cloud data governance.
5.2.5.Cloud
Cloud Actors
5.2.5.
5.2.5. CloudActors
Actors
Theactors
actors arealso
also a criticalfactor
factor in definingcloud
cloud datagovernance.
governance. “Cloudactors”
actors” refersto
to
The
The actorsare
are alsoa acritical
critical factorinindefining
defining clouddata
data governance.“Cloud
“Cloud actors”refers
refers to
individuals
or
organisations
that
participate
in
processes
or
transactions,
and/or
perform
tasks
in
the
individuals
in processes
processes or
ortransactions,
transactions,and/or
and/or
perform
tasks
individualsor
ororganisations
organisations that
that participate
participate in
perform
tasks
in in
the
cloud
computing
environment.
NIST’s
cloud
computing
reference
architecture
distinguishes five
five
the
cloud
computing
environment.
NIST’s
cloud
computing
reference
architecture
distinguishes
cloud computing environment. NIST’s cloud computing reference architecture distinguishes five
majoractors:
actors: thecloud
cloud
consumer,
cloud
provider,
the cloud
auditor,
the cloud
carrier
the
major
consumer,
thethe
cloud
provider,
the cloud
auditor,
the cloud
and theand
cloud
major actors:the
the cloud
consumer,
the
cloud
provider,
the cloud
auditor,
the carrier
cloud carrier
and
the
cloud [18].
broker
[18].
Eachactor
cloud
actor
hasroles
special
roles
and responsibilities
incloud
any one
cloud provision,
broker
Each
cloud
has
special
and
responsibilities
in
any
one
provision,
so
a
data
cloud broker [18]. Each cloud actor has special roles and responsibilities in any one cloud provision,
so a data governance
programme
mustdefine
clearly
define
roles
and responsibilities
for allactors
cloud actors
governance
programme
must clearly
the
rolesthe
and
responsibilities
for all cloud
so a data governance
programme
must clearly
define
the
roles
and responsibilities
for all cloud [102].
actors
[102].
Figure
14
shows
the
cloud
actors
in
cloud
data
governance.
Figure
14
shows
the
cloud
actors
in
cloud
data
governance.
[102]. Figure 14 shows the cloud actors in cloud data governance.
CloudActors
Actors
Cloud
Cloud Consumer
Cloud Consumer
Cloud Provider
Cloud Provider
Cloud Auditor
Cloud Auditor
Cloud Carrier
Cloud Carrier
Cloud Broker
Cloud Broker
Figure 14. Cloud actors in cloud data governance.
Figure14.
14.Cloud
Cloudactors
actorsinincloud
clouddata
datagovernance.
governance.
Figure
5.2.6. Service Level Agreement (SLA)
5.2.6. Service Level Agreement (SLA)
One key issue for the cloud consumer is the provision of governance for data which they no
One key issue for the cloud consumer is the provision of governance for data which they no
longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an
longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an
agreement that serves as the foundation of expectation for services between the cloud consumer and
agreement that serves as the foundation of expectation for services between the cloud consumer and
the provider [100]. The agreement states what services will be provided, how they will be provided,
the provider [100]. The agreement states what services will be provided, how they will be provided,
Sustainability 2018, 10, 95
16 of 26
5.2.6. Service Level Agreement (SLA)
Service Level Agreement (SLA)
One key issue for the cloud consumer is the provision of governance for data which they no
longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an
agreement that serves as the foundation of expectation for services between the cloud consumer and
the provider
[100].
agreement
states what services will be provided, how they will be provided,
Sustainability
2017,The
9, 0095
10.3390/su10010095
16 of 26
and what happens if expectations are not met; therefore, an SLA is pivotal in data governance. Thus,
the cloud
consumer
and provider
negotiate
all aspects
of data
governance
before
developingthe
the cloud
consumer
and provider
mustmust
negotiate
all aspects
of data
governance
before
developing
the
SLA.
As
a
result,
these
agreements
are
in
place
to
protect
both
parties.
Before
evaluating
cloud
SLA. As a result, these agreements are in place to protect both parties. Before evaluating anyany
cloud
SLA,
SLA, cloud consumers must first develop a strong business case for the cloud services, with data
cloud consumers must first develop a strong business case for the cloud services, with data governance
governance level policies and requirements and a strategy for their cloud computing environment.
level policies and requirements and a strategy for their cloud computing environment. The SLA should
The SLA should contain a set of guidelines and policies to assist client organisations in defining
contain
a set of guidelines
assist
client
organisations
governance
data
governance
plans forand
datapolicies
which to
they
may
choose
to move toin
a defining
cloud provider
[104]. plans
Thesefor
must
whichcomply
they may
choose
move
to a cloud
provider [104].
must comply
legal and
regulatory
with
legal to
and
regulatory
requirements.
All ofThese
these policies
can bewith
negotiable
between
the
requirements.
All
of
these
policies
can
be
negotiable
between
the
cloud
consumer
and
cloud
provider,
cloud consumer and cloud provider, to identify the target level of data governance before
to identify
the target
of data
before
contract.
SLA forfunctions;
cloud data
establishing
the level
contract.
Thegovernance
SLA for cloud
dataestablishing
governance the
includes
data The
governance
governance
includes data
governanceroles
functions;
data governance
requirements,
roles metrics
and responsibilities;
data governance
requirements,
and responsibilities;
and
data governance
and tools.
Figure
15 showsmetrics
the SLAand
elements
for cloud
governance.
and data
governance
tools. Figure
15 data
shows
the SLA elements for cloud data governance.
Data Governance Functions
Data Governance Requirements
Roles and Responsibilities
Data Governance Metrics and
Tools
Figure
15. Service
Level
Agreement
(SLA)
elements
governance.
Figure
15. Service
Level
Agreement
(SLA)
elementsfor
forcloud
cloud data
data governance.
5.2.7. Organisational
Context
5.2.7. Organisational
Context
Data governance is a major mechanism for establishing control over an organisation’s data assets
Data governance
is a major mechanism for establishing control over an organisation’s data assets
and enhancing their business value [105]. It is also a critical element of implementing a sustainable
and enhancing their business value [105]. It is also a critical element of implementing a sustainable data
data management capability, which addresses enterprise information needs and reporting
management capability, which addresses enterprise information needs and reporting requirements.
requirements. Organisational factors are important for data governance to be successful [8]. Data
Organisational
are
important
for data
to be
Data governance
governancefactors
requires
change
management
in governance
the organisation,
in successful
addition to [8].
the participation
and
requires
change
management
in
the
organisation,
in
addition
to
the
participation
commitment
commitment of IT staff, business management and senior-level executive and
sponsorship
in
of IT organisations
staff, business
senior-level
executive
sponsorship
organisations
[37].
[37].management
Moreover, topand
management
support
is considered
to be the in
critical
success factor
Moreover,
top management
support [61].
is considered
to be the critical
success
in implementing
in implementing
data governance
Staff in organisations
need to learn
datafactor
governance
functions,
demanding top
management
support to enhance
thelearn
organisation’s
staff skillset.
The organisational
data governance
[61].
Staff in organisations
need to
data governance
functions,
demanding
context meanssupport
definingto
allenhance
internal factors
that organisations
consider
they managecontext
risks
top management
the organisation’s
staffmust
skillset.
Thewhen
organisational
[14].
There
are
three
perspectives
for
organisational
context:
the
strategic,
tactical
and
operational
means defining all internal factors that organisations must consider when they manage risks [14].
Data governance
cloud computing
servicesthe
should
complytactical
with these
perspectives.
There perspectives.
are three perspectives
for for
organisational
context:
strategic,
and
operational
The organisational context for cloud data governance includes organisation charts, organisation
perspectives. Data governance for cloud computing services should comply with these perspectives.
vision and mission, organisation strategy, the business model, decision-making processes, training
The organisational context for cloud data governance includes organisation charts, organisation vision
plan, communication plan and change management plan. Figure 16 shows the organisational context
and mission, organisation strategy, the business model, decision-making processes, training plan,
elements of cloud data governance.
communication plan and change management plan. Figure 16 shows the organisational context
elements of cloud data governance.
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
17 of 26
17 of 26
Organization Charts
Organization Vision and Mission
Organisational
Organization Strategy
Business Model
Decision-Making Processes
Training Plan
Communication Plan
Change Management Plan
Figure
16. Organisational
context
of cloud
governance.
Figure
16. Organisational
context
of cloud
datadata
governance.
5.2.8. Technical Context
5.2.8. Technical Context
Technology is also a key element for data governance success [8]. The technical context
Technology is also a key element for data governance success [8]. The technical context represents
represents the issues related to data which will affect the decision of cloud computing adoption and
the issues related to data which will affect the decision of cloud computing adoption and data
data governance implementation for cloud computing services [106]. Therefore, a lack of technology
governance implementation for cloud computing services [106]. Therefore, a lack of technology
is considered to be a barrier to successful data governance. Technical factors encapsulate data
is considered to be a barrier to successful data governance. Technical factors encapsulate data
management issues that affect organisations’ strategies, such as security, privacy, quality and
management
issues
that affect
organisations’
strategies,
such implementing
as security, privacy,
quality andtointegrity.
integrity.
Therefore,
it is incumbent
upon
organisations
data governance
assess all
Therefore,
it
is
incumbent
upon
organisations
implementing
data
governance
to
assess
allimplement
technological
technological characteristics available in their organisation, in order to effectively
data
characteristics
available
in
their
organisation,
in
order
to
effectively
implement
data
governance.
governance. The technical issues that could have an impact on the implementation of data
The technical
issues
have
an impact
on the reliability,
implementation
ofprivacy,
data governance
for cloud
governance
for that
cloudcould
services
include
availability,
security,
quality, compatibility,
services
include
availability,
reliability,
security,
privacy,
quality,
compatibility,
ownership,
auditing,
ownership, auditing, integrity, data lock-in and performance [106,107]. Figure 17 displays
the
integrity,
data lock-in
and performance
[106,107].
17 displays the technological context elements
technological
context
elements of cloud
dataFigure
governance.
of cloud data governance.
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
18 of 26
18 of 26
Availability
Reliability
Security
Quality
Technical
Privacy
Compatibility
Ownership
Auditing
Integrity
Data Lock-In
Performance
Figure
17. Technical
context
cloud
data governance.
Figure 17.
Technical
context of
cloud of
data
governance.
5.2.9.Context
Legal Context
5.2.9. Legal
The
legalin
aspect
in this context
determines
the external
and internal
laws
and regulations
The legal
aspect
this context
determines
the external
and internal
laws and
regulations
related related
to
the
data
which
might
affect
an
organisation’s
intent
to
adopt
cloud
technology
[106],
to the data which might affect an organisation’s intent to adopt cloud technology [106], whichwhich
can can in
the implementation
of an adequate
data governance
programme
forcomputing
cloud computing
in turn turn
affectaffect
the implementation
of an adequate
data governance
programme
for cloud
services.
Therefore,
the
data
governance
teams
must
understand
what
is
implied
about
services. Therefore, the data governance teams must understand what is implied about data
in data
all in all
relevant
contracts
before
implementing
a
data
governance
strategy.
Failure
to
comply
with
relevant contracts before implementing a data governance strategy. Failure to comply with the lawthe law
when dealing
with confidential
data trust,
erodeswhich
trust, can
which
can seriously
theofview
of the top
when dealing
with confidential
data erodes
seriously
damagedamage
the view
the top
management
of
an
organisation
regarding
the
trustworthiness
of
the
cloud
provider
services
management of an organisation regarding the trustworthiness of the cloud provider services [108]. [108].
The
legal context
fordata
cloud
data governance
Data Protection
Act
1998, change
of control
The legal
context
for cloud
governance
includesincludes
the Datathe
Protection
Act 1998,
change
of control
act
and
cloud
regulations.
Figure
18
shows
the
legal
context
of
cloud
data
governance.
act and cloud regulations. Figure 18 shows the legal context of cloud data governance.
Sustainability 2018, 10, 95
19 of 26
Sustainability 2017, 9, 0095 10.3390/su10010095
19 of 26
Sustainability 2017, 9, 0095 10.3390/su10010095
19 of 26
Data Protection Act
LegalLegal
Data Protection Act
Change of Control Act
Change of Control Act
Cloud Regulations
Cloud Regulations
Figure
18. Legal
context
of cloud
governance.
Figure
18. Legal
context
of cloud
datadata
governance.
Figure 18. Legal context of cloud data governance.
5.2.10. Monitor Matrix
5.2.10. Monitor Matrix
The
monitor
matrix in data governance is the exercise of authority, control and shared decision5.2.10.
Monitor
Matrix
The monitor
matrix in data governance is the exercise of authority, control and shared
making over the management of data assets [41]. Measuring and monitoring supports ongoing data
decision-making
overmatrix
the management
of dataisassets
[41]. Measuring
monitoring
supports
The monitor
in data governance
the exercise
of authority,and
control
and shared
decisiongovernance efforts to ensure that all incoming and existing data meets business rules [109]. By adding
ongoing
data
governance
efforts
to
ensure
that
all
incoming
and
existing
data
meets
business
making over the management of data assets [41]. Measuring and monitoring supports ongoing data
a monitoring component to the data governance programme, data quality efforts are enhanced,
rules
[109]. By efforts
addingtoa ensure
monitoring
to the
data governance
programme,
data quality
governance
that allcomponent
incoming and
existing
data meets business
rules [109].
By adding
which in turn renders data much more reliable [109]. Moreover, continuous monitoring ensures
efforts
are enhanced,
which intoturn
data muchprogramme,
more reliable
[109].
Moreover,
a monitoring
component
the renders
data governance
data
quality
efforts continuous
are enhanced,
compliance with SLAs and the set requirements defined in the data governance strategy [42]. The
monitoring
compliance
and
the set[109].
requirements
defined
in the data
governance
which inensures
turn renders
data with
muchSLAs
more
reliable
Moreover,
continuous
monitoring
ensures
data governance monitor matrix for cloud computing services includes the cloud control matrix, KPIs
strategy
[42]. The
data
governance
matrix fordefined
cloud computing
includes
the cloud
compliance
with
SLAs
and the monitor
set requirements
in the dataservices
governance
strategy
[42]. The
and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.
control
KPIs monitor
and a monitoring
19 shows
the elements
of the
monitor
forKPIs
datamatrix,
governance
matrix for tool.
cloudFigure
computing
services
includes the
cloud
controlmatrix
matrix,
cloud
data
governance.
and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.
Cloud Control Matrix
Monitor
Matrix
Monitor
Matrix
Cloud Control Matrix
KPIs
KPIs
Monitoring Tool
Monitoring Tool
Figure 19. Monitor matrix elements for cloud data governance.
Figure 19. Monitor matrix elements for cloud data governance.
Figure 19.
elements
cloud
data governance.
Figure 20 highlights
theMonitor
overallmatrix
taxonomies
offor
data
governance
for cloud and non-cloud.
Figure 20 highlights the overall taxonomies of data governance for cloud and non-cloud.
Figure 20 highlights the overall taxonomies of data governance for cloud and non-cloud.
Sustainability 2018, 10, 95
Sustainability 2017, 9, 0095 10.3390/su10010095
People and
Organisational
Bodies
Traditional
Data
Governance
Policy and
Process
Technology
DATA GOVERNANCE
Data
Governance
Structure
Data
Governance
Function
Cloud
Deployments
Model
Service Delivery
Model
Cloud Actors
Cloud Data
Governance
Service Level
Agreement
20 of 26
20 of 26
Data Governance Office
Data Governance Council
Executive Sponsorship
CIO
Data Management Committee
Compliance Committee
Data Stewards Committee
Principles
Policies
Standards
Hardware
Software
Monitoring Tool
Executive Sponsorship
Data Management Committee
Compliance Committee
Data Stewardship Committee
Cloud Manager
Cloud Provider Member
IT Member
Legal Member
Process
Standard
Principle
Procedure
Public
Private
Hybrid
Community
IaaS
SaaS
PaaS
Cloud Consumer
Cloud Provider
Cloud Auditor
Cloud Carrier
Cloud Broker
Organisation Charts
Organisation Vision and Mission
Organisational
Technical
Organisation Strategy
Business Model
Decision-Making Processes
Communication Plan
Training Plan
Change Management Plan
Availability
Reliability
Security
Privacy
Quality
Ownership
Auditing
Integrity
Data Protection Act
Legal
Change of Control Act
Cloud Regulations
Cloud Control Matrix
Monitor Matrix
KPIs
Monitoring Tool
20. The
overall taxonomies
of data governance
for cloud
and non-cloud.
Figure 20. Figure
The overall
taxonomies
of data governance
for cloud and
non-cloud.
Sustainability 2018, 10, 95
21 of 26
6. Conclusions
Data management solutions alone are becoming very expensive and are unable to cope with
the reality of everlasting data complexity. Businesses have grown more sophisticated in their use of
data, which drives new demands, requiring different ways to handle this data. Forward-thinking
organisations believe that the only way to solve the data problem will be the implementation of
effective data governance. With the absence of sufficient literature on data governance in general,
and specifically for the cloud paradigm, this paper presents a useful contribution to the relevant
research communities. In this paper, we proposed taxonomies for data governance, for both non-cloud
and cloud computing networks. A holistic taxonomy that combines all different taxonomies is depicted
in Figure 20. These taxonomies are supported by the results of a systematic literature review (SLR),
which offers a structured, methodical, and rigorous approach to the understanding of the state of the
art of research in data governance. The objective of the study is to provide a credible intellectual guide
for upcoming researchers in data governance, to help them identify areas in data governance research
where they can make the most impact.
However, this study presents a taxonomy of data governance development requirements for
non-cloud and the cloud environments; thus, it does not cover a taxonomy of operational data
governance risks that attempts to identify and organize the sources of operational data governance
risk. Moreover, this paper is the first of its type, to the best of the authors’ knowledge, to cover cloud
data governance taxonomy; this presents another limitation, which is related to the lack of relevant
literature in this subject domain. The literature shows that most of the existing studies focus on
a survey of data governance for non-cloud environments, whilst only three sources in the literature
focused on accountability of data governance in cloud computing environments.
Due to the lack of research in this subject area, future work will focus of validation of the proposed
taxonomies with specialists from both academia and practitioners. Further research can investigate
the application of the proposed taxonomies, especially for cloud data governance, in real world case
scenarios. The presented research in this paper shows the lack of research in cloud data governance,
which creates an urge for the need to develop a holistic framework for cloud data governance strategy,
which highlights the main pillars, processes and attributes to design more specific data governance
program. The proposed taxonomies are expected to play an instrumental role in developing such
a framework.
Author Contributions: All authors have contributed in this paper by research, scoping writing, and/or reviewing
of assigned sections.
Conflicts of Interest: The authors declare no conflict of interest.
References
1.
2.
3.
4.
5.
6.
7.
Nfuka, E.; Rusu, L. Critical Success Factors for Effective IT Governance in the Public Sector Organizations in
a Developing Country: The Case of Tanzania. In Proceedings of the ECIS 2010, 18th European Conference
on Information Systems, Pretoria, South Africa, 7–9 June 2010.
Salami, O.L.; Johl, S.K.; Ibrahim, M.Y. Holistic Approach to Corporate Governance: A Conceptual Framework.
Glob. Bus. Manag. Res 2014, 6, 251.
Weber, K.; Otto, B.; Osterle, H. One Size Does Not Fit All—A Contingency Approach to Data Governance.
ACM J. Data Inf. Qual. 2009, 1, 4. [CrossRef]
Begg, C.; Caira, T. Exploring the SME Quandary: Data Governance in Practise in the Small to Medium-Sized
Enterprise Sector. Electron. J. Inf. Syst. Eval. 2012, 15, 3–13.
Buffenoir, E.; Bourdon, I. Managing extended organizations and data governance. Adv. Intell. Syst. Comput.
2013, 205, 135–145.
Niemi, E. Designing a Data Governance Framework. In Proceedings of the IRIS Conference, At Oslo, Norway,
18 August 2011; Volume 14.
Rouse, M. Data governance definition. Available online: www.whatis.techtarget.com (accessed on 9 April 2017).
Sustainability 2018, 10, 95
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
22 of 26
Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. Key dimensions for cloud data governance. In Proceedings of
the FiCloud 2016, The IEEE 4th International Conference on Future Internet of Things and Cloud, Vienna,
Austria, 22–24 August 2016; pp. 379–386.
Wende, K. A Model for Data Governance—Organising Accountabilities for Data Quality Management. In
Proceedings of the 18th Australasian Conference on Information Systems; University of Southern Queensland:
Toowoomba, Australia, 2007; pp. 417–425.
Chao, L. (Ed.)
Cloud Computing for Teaching and Learning: Strategies for Design and
Implementation: Strategies for Design and Implementation. IGI Global, 2012. Available online:
https://books.google.com.hk/books?hl=zh-TW&lr=&id=PKWeBQAAQBAJ&oi=fnd&pg=PR1&
dq=Cloud+computing+for+teaching+and+learning:+strategies+for+design+and+implementation:
+strategies+for+design+and+implementation.+IGI+Global&ots=K2qgWXdeuQ&sig=3MkVNY_
ATWYVjYNuthdn6EPAl3g&redir_esc=y#v=onepage&q=Cloud%20computing%20for%20teaching%
20and%20learning%3A%20strategies%20for%20design%20and%20implementation%3A%20strategies%
20for%20design%20and%20implementation.%20IGI%20Global&f=false (accessed on 1 December 2017).
Fu, X.; Wojak, A.; Neagu, D.; Ridley, M.; Kim, T. Data governance in predictive toxicology: A review.
J. Cheminform. 2001, 3, 24. [CrossRef] [PubMed]
Prasetyo, H.N.; Surendro, K. Designing a data governance model based on soft system methodology (SSM)
in organization. J. Theor. Appl. Inf. Technol. 2015, 78, 46–52.
Panian, Z. Some Practical Experiences in Data Governance. World Acad. Sci. Eng. Technol. 2010, 62, 939–946.
Seiner, R.S. Non-Invasive Data Governance, 1st ed.; Technics Publications: New York, NY, USA, 2014.
Russom, P. Data Governance Strategies: Helping Your Organization Comply, Transform, and Integrate; The Data
Warehousing Institute: Los Angeles, CA, USA, 2008.
Kamioka, T.; Luo, X.; Tapanainen, T. An Empirical Investigation of Data Governance: The Role of
Accountabilities. In Proceedings of the 20th Pacific Asia Conference on Information Systems (PACIS 2016),
Chiayi, Taiwan, 27 June–1 July 2016.
Poor, M. Applying Aspects of Data Governance from the Private Sector to Public Higher Education; University of
Pregon: Eugene, OR, USA, 2011; Volume 1277, p. 125.
Mell, P.; Grance, T. The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards
and Technology; NIST Special Publ.: Gaithersburg, MD, USA, 2011; Volume 145, p. 7.
Almarabeh, T.; Majdalawi, Y.K.; Mohammad, H. Cloud Computing of E-Government. Commun. Netw. 2016,
8, 1–8. [CrossRef]
Kshetri, N. Cloud computing in developing economies. IEEE Comput. 2012, 43, 47–55. [CrossRef]
Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. Current State of Cloud Computing Adoption—An Empirical
Study in Major Public Sector Organizations of Saudi Arabia (KSA). Procedia Comput. Sci. 2017, 110, 378–385.
[CrossRef]
Bojanova, I.; Samba, A. Analysis of cloud computing delivery architecture models. In Proceedings of the
2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications
(WAINA), Singapore, 22–25 March 2011; pp. 453–458.
Forell, T.; Milojicic, D.; Talwar, V. Cloud Management: Challenges and Opportunities. In Proceedings of
the 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum
(IPDPSW), Shanghai, China, 16–20 May 2011; pp. 881–889.
Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. A conceptual framework for designing data governance for cloud
computing. Procedia Comput. Sci. 2016, 94, 160–167. [CrossRef]
Ko, R.K.L.; Jagadpramana, P.; Mowbray, M.; Pearson, S.; Kirchberg, M.; Liang, Q.; Lee, B.S. TrustCloud:
A framework for accountability and trust in cloud computing. In Proceedings of the 2011 IEEE World
Congress on Rvices (Services), Washington, DC, USA, 4–9 July 2011; pp. 584–588.
Bumpus, W. NIST Cloud Computing Standards Roadmap; NIST: Gaithersburg, MD, USA, 2010; pp. 1–3.
Ramachandra, G.; Iftikhar, M.; Khan, F.A. A Comprehensive Survey on Security in Cloud Computing.
Procedia Comput. Sci. 2017, 110, 465–472. [CrossRef]
Sirimovu, J.U.N.; Artins, O.P. A Decision Framework to Mitigate Vendor Lock-in Risks in Cloud (SaaS Category)
Migration; Bournemouth University: Poole, UK, 2017.
Jennings, B.; Stadler, R. Resource Management in Clouds: Survey and Research Challenges. J. Netw.
Syst. Manag. 2013, 23, 567–619. [CrossRef]
Sustainability 2018, 10, 95
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
23 of 26
Rifaie, M.; Alhajj, R.; Ridley, M. Data governance strategy: A key issue in building enterprise data warehouse.
In Proceedings of the iiWAS ’09, 11th International Conference on Information Integration and Web-Based
Applications & Services, Kuala Lumpur, Malaysia, 14–16 December 2009; pp. 587–591.
Neela, K.L.; Kavitha, V. A Survey on Security Issues and Vulnerabilities on Cloud Computing. Int. J. Comput.
Sci. Eng. Technol. 2013, 4, 855–860.
Thomas, G. The DGI Data Governance Framework; Data Gov. Institute: Orlando, FL, USA, 2006; Volume 20.
Cheong, L.K.; Chang, V. The Need for Data Governance: A Case Study. In Proceedings of the 18th
Australasian Conference on Information System, Toowoomba, Australia, 5–7 December 2007; Volume 100,
pp. 999–1008.
Ladley, J. Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program; Newnes:
Boston, MA, USA, 2012.
Verhoef, C. Quantifying the effects of IT-governance rules. Sci. Comput. Program. 2007, 67, 247–277.
[CrossRef]
De Haes, W.V.G.S. Practiices in IT Governance and Business/IT alignment. Inf. Syst. Control 2008, 2, 1–6.
Otto, B. A Morphology of the Organisation of Data Governance. In Proceedings of the Conference 19th
European Conference on Information Systems (ECIS 2011), Helsinki, Finland, 9–11 June 2011; p. 272.
HIMSS Clinical & Business Intelligence Committee. A Roadmap to Effective Data Governance: How to Navigate
Five Common Obstacles; HIMSS Clinical & Business Intelligence Committee: Chicago, IL, USA, 2015.
Guillory, K. The 4 Reasons Data Governance Fails. Available online: http://www.noah-consulting.
com/experience/papers/4%20Reasons%20Data%20Governance%20Fails%20-%20Guillory.pdf (accessed on
1 December 2017).
Héroux, S.; Fortin, A. The influence of IT governance, IT competence and IT-business alignment on
innovation. In Proceedings of the 2016 Canadian Academic Accounting Association (CAAA) Annual
Conference, Centre St. John’s, NL, USA, 2–4 June 2016; pp. 1–36.
Salido, J.; Manager, S.P.; Group, T.C.; Corporation, M.; Cavit, D. A Guide to Data Governance for Privacy,
Confidentiality, and Compliance. Microsoft Trust. Comput. 2010, 6, 17.
Cloud Security Alliance. Cloud Data Governance Research Sponsorship; Cloud Security Alliance: Seattle, WA,
USA, 2012.
Adelman, S. Without a Data Governance Strategy. DM Rev. 2008, 18, 32.
Otto, B. Data governance. Bus. Inf. Syst. Eng. 2011, 3, 241–244. [CrossRef]
Hallikas, J. Data Governance and Automated Marketing—A Case Study of Expected Benefits of Organizing Data
Governance in an ICT Company; University of Helsinki: Helsinki, Finland, 2015; pp. 1–89.
Kitchenham, B.; Charters, S. Guidelines for performing Systematic Literature Reviews in Software
Engineering. Engineering 2007, 2, 1051.
Buffenoir, E.; Bourdon, I. Reconciling complex organizations and data management: The Panopticon
paradigm. arXiv, 2012.
Badrakhan, B.B. Drive toward Data Governance. Available online: http://www.ewweb.com/e-biz/drivetoward-data-governance (accessed on 1 December 2017).
Weber, K.; Cheong, L.; Otto, B.; Chang, V. Organising Accountabilities for Data Quality Management-A Data
Governance Case Study. In Proceedings of the Conference DW2008: Synergies through Integration and
Information Logistics, St Gallen, Switzerland, 27 October 2008; pp. 347–359.
Office, D.G. The State of New Jersey Data Governance Framework Strategic Plan; New Jersey University:
Jersey City, NJ, USA, 2013.
Neff, A.; Schosser, M.; Zelt, S.; Uebernickel, F.; Brenner, W. Explicating performance impacts of it governance
and data governance in multi-business organisations. In Proceedings of the 24th Australasian Conference on
Information Systems (ACIS), Melbourne, Australia, 4–6 December 2013.
Kunzinger, F.; Corporation, H.; Haines, P.; Consulting, N.; Schneider, S.; Solutions, V. Delivering a Data
Governance Strategy that Meets Business Objectives. In Proceedings of the 14th International Conference on
Petroleum Data Integration, Data & Information Management, Houston, TX, USA, 17–19 May 2010.
Mary, B.; Mccarthy, P.; Hill, S. Cloud Adoption Points to IT Risk and Data Governance Challenges.
Available online: https://www.in.kpmg.com/SecureData/ACI/Files/cloudadoptiondaaprilmay2011.pdf
(accessed on 1 December 2017).
Sustainability 2018, 10, 95
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
24 of 26
Soares, S. The IBM Data Governance Unified Process: Driving Business Value with IBM Software and Best Practices;
Mc Press: Chicago, IL, USA, 2010; p. 153.
Allen, C.; Jardins, T.R.D.; Heider, A.; Lyman, K.A.; McWilliams, L.; Rein, A.L.; Schachter, A.A.; Singh, R.;
Sorondo, B.; Topper, J.; et al. Data governance and data sharing agreements for community-wide health
information exchange: lessons from the beacon communities. EGEMS 2014, 2, 1057. [CrossRef] [PubMed]
Nunn, S. Driving Compliance through Data Governance. J. AHIMA 2009, 80, 50–51. [PubMed]
Imhanwa, S.; Greenhill, A.; Owrak, A. Designing Data Governance Structure: An Organizational Perspective.
GSTF J. Comput. 2013, 4, 1–10.
Bhansali, N. Data Governance: Creating Value from Information Assets; Auerbach Publications: Boca Raton, FL,
USA, 2014.
Sarsfield, S. Data Governance Imperative; IT Governance Publishing: Cambridgeshaire, UK, 2009.
Felici, M.; Koulouris, T.; Pearson, S. Accountability for Data Governance in Cloud Ecosystems. In Proceedings
of the 2013 IEEE 5th International Conference on Loud Computing Technology and Science (Cloudcom),
Bristol, UK, 2–5 December 2013; pp. 327–332.
Groß, S.; Schill, A. Towards user centric data governance and control in the cloud. In Proceedings of the
International Workshop on Open Problems in Network Security (iNetSec), Lucerne, Switzerland, 9 June 2011;
pp. 132–144.
Wendy, Y. Is data governance in cloud computing still a mirage or do we have a vision we can trust.
Softw. World 2011, 42, 15.
Mustimuhw Information Solutions Inc. Data Governance Framework: Framework and Associated Tools;
Mustimuhw Information Solutions Inc.: Duncan, BC, Canada, 2015.
Best Practices in Enterprise Data Governance. Available online: https://www.sas.com/content/dam/SAS/
en_ca/doc/other1/best-practices-enterprise-data-governance-106538.pdf (accessed on 1 December 2017).
Russom, P. Data Governance strateGies. Bus. Intell. J. 2008, 13, 13–15.
Thomas, G. How to Use the DGI Data Governance Framework to Configure Your Program. Data Gov. Inst.
Available online: www.DataGovernance.com (accessed on 23 June 2016).
Australian Institute of Health and Welfare. AIHW Data Governance Framework 2014 (AIHW); Australian
Institute of Health and Welfare: Canberra, Australia, 2014.
Loshin, D. Operationalizing Data Governance through Data Policy Management; Knowledge Integrity, Inc.:
Washington, DC, USA, 2010.
Adler, S. The IBM Data Governance Council Maturity Model: Building a Roadmap for Effective Data Governance;
IBM Corporation: Somers, NY, USA, 2007.
Salido, J. Data Governance for Privacy, Confidentiality and Compliance: A Holistic Approach. ISACA J.
2010, 6, 1–7.
Hunter, L. Tools for Cloud Accountability: A4Cloud Tutorial. 2015. Available online: http://www.a4cloud.
eu/node/362 (accessed on 4 November 2015).
Solutions, C. Data Governance in the Cloud; Cloud Industry Forum: York Road Maidenhead, UK, 2013.
Tountopoulos, V.; Athens Technology Center. The Problem of Cloud Data Governance. Available online:
http://www.cspforum.eu/uploads/Csp2014Presentations/Track_13/The%20problem%20of%20cloud%
20data%20governance.pdf (accessed on 4 November 2015).
Cloud Security Alliance, Cloud Data Governance Working Group, 2015. Available online: https://
cloudsecurityalliance.org/group/cloud-data-governance/ (accessed on 21 May 2015).
Alexandria, V. Despite Data Governance Efforts, Eighty-Nine Percent of Federal IT Professionals Are Apprehensive
about Migrating IT Services to the Cloud, 2014. Available online: http://www.businesswire.com/news/
home/20140909005167/en/Data-Governance-Efforts-Eighty-Nine-Percent-Federal-Professionals#.VeV27Jrovcc
(accessed on 12 July 2015).
Youssef, A. Exploring Cloud Computing Services and Applications. J. Emerg. Trends Comput. 2012, 3,
838–847.
Government, A. The National Cloud Computing Strategy. Natl. Broadband Netw. 2013, 2013, 36.
Preittigun, A.; Chantatub, W. A Comparison between IT Governance Research and Concepts in COBIT 5.
Int. J. Res. Manag. Technol. 2012, 2, 581–590.
Lee, S.U.; Zhu, L.; Jeffery, R.; Group, A.P. Data Governance for Platform Ecosystems: Critical Factors and the
State of Practice. arXiv, 2017.
Sustainability 2018, 10, 95
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
25 of 26
Herbst, N.R.; Kounev, S.; Reussner, R. Elasticity in Cloud Computing: What It Is, and What It Is Not.
In Proceedings of the 10th International Conference on Autonomic Computing, San Jose, CA, USA,
26–28 June 2013; pp. 23–27.
Debreceny, R.S.; Gray, G.L. IT Governance and Process Maturity: A Multinational Field Study. J. Inf. Syst.
2013, 27, 157–188. [CrossRef]
Kooper, E.; Maes, M.R.; Lindgreen, R. Information Governance as a Holistic Approach to Managing and
Leveraging Information Prepared for IBM Corporation. Int. J. Inf. Manag. 2011, 31, 1–27.
Williams, P.A.H. Information governance: a model for security in medical practice. J. Digit. Forensics
Secur. Law 2007, 2, 57–74. [CrossRef]
Gartner, Information Governance. 2016. Available online: http://www.gartner.com (accessed on 17 May 2017).
Woldu, L. Cloud Governance Model and Security Solutions for Cloud Service Providers; Metropolia
Ammattikorkeakoulu: Helsinki, Finland, 2013.
Saidah, A.S.; Abdelbaki, N. A new cloud computing governance framework. In Proceedings of the
CLOSER 2014, International Conference Cloud Computing Services Science, Barcelona, Spain, 3–5 April 2014;
pp. 671–678.
Kofi, J.; Kwame, K. Who ‘owns’ the cloud? An empirical study of cloud governance in cloud computing in
ghana. In Proceedings of the 28th European Regional Conference of the International Telecommunications
Society (ITS), Passau, Germany, 30 July–2 August 2017.
Olaitan, O.; Herselman, M.; Wayi, N. Taxonomy of literature to justify data governance as a prerequisite for
information governance. In Proceedings of the 28th Annual Conference of the Southern African Institute of
Management Scientists (SAIMS), Pretoria, South Africa, 4–7 September 2016.
Sein, M.K.; Henfridsson, O.; Rossi, M. Research essay action design research. MIS Q. 2011, 30, 611–642.
Jansen, W.; Grance, T. Guidelines on Security and Privacy in Public Cloud Computing. Available online:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf (accessed on 1 December 2017).
Grant, O.I. Oklahoma Interoperability Grant Project Oklahoma Interoperability Grant Data Roadmap;
US Department of Health and Human Services: Washington, DC, USA, 2013.
Bell, R. Institutional Data Governance Policy; Vanderbilt University and Medical Centre: Nashville, Tennessee,
2014; pp. 1–12.
Farrell, R. Securing the Cloud—Governance, Risk, and Compliance Issues Reign Supreme. Inf. Secur. J.
Glob. Perspect. 2010, 19, 310–319. [CrossRef]
Wende, K. Data Governance Defining Accountabilities for Data Quality Management. In Proceedings
of the Italian Workshop on Information Systems (SIWIS 2007, Side Event of ECIS 2007), Carisolo, Italy,
9–14 February 2007.
Theoharidou, M.; Papanikolaou, N.; Pearson, S.; Gritzalis, D. Privacy risk, security, accountability in the
cloud. In Proceedings of the 2013 IEEE 5th International Conference on Cloud Computing Technology and
Science (CloudCom), Bristol, UK, 2–5 December 2013; pp. 177–184.
Trivedi, H. Cloud Adoption Model for Governments and Large Enterprises. Master’s Thesis, Massachusetts
Institute of Technology, Cambridge, MA, USA, 2013.
Weber, R.; Iruka, I. Best Practices in Data Governance and Management for Early Care and Education: Supporting
Effective Quality Rating and Improvement Systems; U.S. Department of Health and Human Services: Washington,
DC, USA, 2014.
Power, D.; Street, W. Sponsored by All the Ingredients for Success: Data Governance, Data Quality and
Master Data Management. Hub Solut. Des. 2013, 2043, 1–20.
Cloud Standards Customer Council (CSCC). Security for Cloud Computing 10 Steps to Ensure Success;
Cloud Standards Customer Council: Needham, MA, USA, 2012; pp. 1–35.
Cloud Standards Customer Council. Practical Guide to Cloud Service Level Agreements Version 1.0;
Cloud Standards Customer Council: Needham, MA, USA, 2012; pp. 1–44.
Bulla, C.M.; Bhojannavar, S.S.; Danawade, V.M. Cloud Computing: Research Activities and Challenges. Int.
J. Emerg. Trends Technol. Comput. Sci. 2013, 2, 206–214.
Badger, L.; Grance, T.; Corner, R.P.; Voas, J. Cloud Computing Synopsis and Recommendations; NIST Publications:
Gaithersburg, MD, USA, 2011.
Chawngsangpuii, R.; Das, R.K. A challenge for security and service level agreement in cloud computing.
Int. J. Res. Eng. Technol. 2014, 2319–2322. [CrossRef]
Sustainability 2018, 10, 95
26 of 26
104. Cochran, M.; Witman, P.D. Governance and service level agreement issues in a cloud computing environment
computing environment. J. Inf. Technol. Manag. 2011, 22, 41–55.
105. Goals, S.; Dyche, J.; Levy, E. Data Governance: Getting It Right! GFT: Stuttgart, Germany, 2015; pp. 1–3.
106. Alkhater, N.; Wills, G.; Walters, R. Factors Influencing an Organisation’s Intention to Adopt Cloud Computing
in Saudi Arabia. In Proceedings of the 2014 IEEE 6th International Conference on Loud Computing
Technology and Science (CloudCom), Singapore, 15–18 December 2014; pp. 1040–1044.
107. Khajeh-Hosseini, A.; Sommerville, I.; Sriram, I. Research Challenges for Enterprise Cloud Computing.
arXiv, 2010.
108. Confidential, W.S.; Reserved, A.R. Holistic Approach to Key Challenges Unstructured Data Governance Holistic
Approach to Key Challenges; WhiteBox: Schwyz, Switzerland, 2012.
109. Van der, L.M. Measuring Data Governance; Leiden University: Leiden, The Nederland, 2015; p. 89.
110. Cloud Standards Customer Council. Security for Cloud Computing Ten Steps to Ensure Success.
Available online: http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10Steps-to-Ensure-Success.pdf (accessed on 14 August 2016).
111. Brett. Data Governance Best Practices and Trends within South African Companies; Glue Data: Cape Town,
South African, 2009.
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access
article distributed under the terms and conditions of the Creative Commons Attribution
(CC BY) license (http://creativecommons.org/licenses/by/4.0/).