Sustainability 10 00095 PDF

sustainability
Article
Data Governance Taxonomy:
Cloud versus Non-Cloud
Majid Al-Ruithe *, Elhadj Benkhelifa * and Khawar Hameed
Cloud Computing and Applications Research Lab, School of Computing and Digital Technologies,
Staffordshire University, Stoke-on-Trent ST4 2DE, UK; khawar.hameed@staffs.ac.uk
* Correspondence: majid.al-ruithe@research.staffs.ac.uk (M.A.-R.); e.benkhelifa@staffs.ac.uk (E.B.);
Tel.: +966-598-343-504 (M.A.-R.); +44-791-640-6720 (E.B.)
Received: 12 October 2017; Accepted: 14 December 2017; Published: 2 January 2018
Abstract: Forward-thinking organisations believe that the only way to solve the data problem is the
implementation of effective data governance. Attempts to govern data have failed before, as they were
driven by information technology, and affected by rigid processes and fragmented activities carried
out on a system-by-system basis. Until very recently, governance has been mostly informal, with very
ambiguous and generic regulations, in siloes around specific enterprise repositories, lacking structure
and the wider support of the organisation. Despite its highly recognised importance, the area of
data governance is still underdeveloped and under-researched. Consequently, there is a need to
advance research in data governance in order to deepen practice. Currently, in the area of data
governance, research consists mostly of descriptive literature reviews. The analysis of literature
further emphasises the need to build a standardised strategy for data governance. This task can
be a very complex one and needs to be accomplished in stages. Therefore, as a first and necessary
stage, a taxonomy approach to define the different attributes of data governance is expected to make
a valuable contribution to knowledge, helping researchers and decision makers to understand the
most important factors that need to be considered when implementing a data governance strategy
for cloud computing services. In addition to the proposed taxonomy, the paper clarifies the concepts
of data governance in contracts with other governance domains.
Keywords: data governance; cloud computing; cloud data governance; taxonomy; systematic
review; holistic
1. Introduction
We are accustomed to the concepts of information technology (IT) governance [1] and corporate
governance [2]. The term “governance”, in general, refers to the way an organisation ensures that
strategies are set, monitored, and achieved [3]. As IT has become the backbone of every organisation,
by definition, IT governance becomes an integral part of any business strategy, and falls under
corporate governance. Historically, data emerged out of disparate legacy transactional systems.
Then, data was seen as a by-product of running the business, and had little value beyond the
transaction and the application that processed it, hence data was not treated as a valuable shared
asset. This continued until the early 1990s, when the value of data started to take another trend
beyond transactions. Business decisions and processes increasingly started to be driven by data
and data analysis. Further investment in data management was the approach taken to tackle the
increasing volume, velocity, and variety of data, such as complex data repositories, data warehouses,
Enterprise Resource Planning (ERP), and Customer Relationship Management (CRMs) [4]. Data links
became very complex and shared amongst multiple systems, and the need to provide a single point
of reference in order to simplify daily functions became crucial, which gave birth to master data
management [5].
Sustainability 2018, 10, 95; doi:10.3390/su10010095 www.mdpi.com/journal/sustainability

Sustainability 2018, 10, 95 2 of 26
Data complexity and volume continue to explode; businesses have grown more sophisticated in
their use of data, which drives new demands that require different ways to combine, manipulate, store,
and present information. Forward-thinking companies recognised that data management solutions
alone are becoming very expensive and are unable to cope with business realities, and the data problem
must be solved in a different way [6]. During this time, the notion of data governance started to take
a different direction, a more important one. Attempts to govern data failed before, as they were driven
by IT, and affected by rigid processes and fragmented activities carried out on a system-by-system
basis. Until very recently, governance has been mostly informal, in siloes around specific enterprise
repositories, lacking structure and the wider support of the organisation. Despite its recognised high
importance, data governance is still an under-researched area and less practised in industry [7,8].
Researchers differ in their definitions of data governance. The governance concept can be understood
in different contexts, for instance, corporate governance, information governance, IT governance,
and data governance; Wende [9] and Chao [10] argue that data governance and IT governance need to
follow corporate governance principles.
To achieve successful data governance, organisations need a strategy framework that can be
easily implemented in accordance with the needs and resources of information [11,12]. A good data
governance framework can also help organisations to create a clear mission, achieve clarity, increase
confidence in using organisational data, establish accountabilities, maintain scope and focus, and define
measurable successes [11,13]. To facilitate data governance, Seiner [14] argues that organisations
must design a data governance model of role responsibilities to identify people who have a level of
accountability to define, produce, and use data in the organisation. Along similar lines, some authors
in the literature argues that organisations should obtain responsibility for data from the information
technology (IT) department, with the participation and commitment of IT staff, business management,
and senior-level executive sponsorship in the organization [15]. Experts in this field show that where
organisations do not implement data governance, the chaos is not as obvious, but the indicators are
glaring, including dirty, redundant, and inconsistent data; inability to integrate; poor performance;
terrible availability; little accountability; users who are increasingly dissatisfied with IT performance;
and a general feeling that things are out of control [16]. The first efforts to create a framework for data
governance were published in 2007 [9,17].
The emergence of cloud computing is a recent development in technology. The National
Institute of Standards and Technology (NIST) [18] defined cloud computing as “a model for enabling
ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction”. The cloud computing model enhances
availability, and is composed of five essential characteristics, four deployment models, and three service
models [19]. The essential characteristics of cloud computing include on-demand self-service, broad
network access, resource pooling, rapid elasticity, and measured service [20]. The cloud deployment
models are the private, public, hybrid, and community models [21]. In addition, cloud computing
includes three service delivery models, which are: Software as a Service (SaaS), Platform as a Service
(PaaS), and Infrastructure as a Service (IaaS) [22]. Cloud computing offers potential benefits to public
and private organisations by making IT services available as a commodity [23,24]. The generally
claimed benefits of cloud computing include: cost efficiency, unlimited storage, backup and recovery,
automatic software integration, easy access to information, quick deployment, easier scale of services,
and delivery of new services [25]. Furthermore, other benefits include: optimised server utilisation,
dynamic scalability, and minimised life cycle development of new applications. However, cloud
computing is still not widely adopted due to many factors, mostly concerning the moving of business
data to be handled by a third party [6], where, in addition to the cloud consumer and provider,
there are other actors: the cloud auditor, cloud broker, and cloud carrier [26]. Therefore, loss of control
of data, security and privacy of data, data quality and assurance, data stewardship, etc. can all be
cited as real concerns of adopting the cloud computing business model [27]. Data lock-in is another
potential risk, where cloud customers can face difficulties in extracting their data from the cloud [28].
Cloud consumers can also suffer from operational and regulatory challenges, as organisations transfer
their data to third parties for storage and processing [29]. In addition, it may be difficult for the
consumers to check the data handling practices of the cloud provider or any of the other involved
actors [23,30,31]. The cloud computing model is expected to be a highly disruptive technology, and the
adoption of its services will, therefore, require even more rigorous data governance strategies and
programmes, which may be more complex, but are necessary.
The general consensus among authors is that data governance refers to the entirety of decision
rights and responsibilities concerning the management of data assets in organisations. This definition
does not, however, provide equal prominence for data governance within the cloud computing
technology context. Therefore, this deficit calls for in-depth understanding of data governance
and cloud computing. This trend contributes to changes in the data governance strategy in the
organisation, such as the organisation’s structure and regulations, people, technology, processes, roles,
and responsibilities. This is one of the great challenges facing organisations today when they move
their data to cloud computing environments, particularly regarding how cloud technology affects data
governance. The authors’ general observation reveals that the area of data governance in general is
under-researched and not widely practised by organisations, let alone when it is concerned with cloud
computing, where research is in its infancy and far from reaching maturity.
This forms the main motivation behind this paper, which attempts to provide the readers with
a holistic view of data governance for both cloud and non-cloud computing, using a taxonomy
approach. The contribution of this paper is unprecedented, with this taxonomy expected to be very
valuable in developing coherent frameworks and programmes of Data Governance for both cloud and
non-cloud computing. One main question has been considering to formulate the results in this study
which is following: what is the main factor that require to develop the data governance for non-cloud
and cloud computing?
The remainder of the article is structured in seven sections. The next section discusses what
data governance is, and why it is important, followed by a section reviewing the literature on data
governance. A subsequent section presents the relationship between data governance and other
governance domains. Following this, the data governance taxonomy section presents a holistic
taxonomy for data governance for cloud and non-cloud. The final Section presents the conclusions,
limitations of research and future work.
2. What Is Data Governance and Why Is It Important?

It is important, before developing a holistic taxonomy, to define the context of data governance.
Often, researchers and practitioners confuse data governance and data management. The definition of
data management provided by the Data Management Association (DAMA) is: “data management is the
development, execution and supervision of plans, policies, programs and practices that control, protect, deliver
and enhance the value of data and information assets” [12]. Data management in general focuses on the
defining of the data element, how it is stored, structured, and moved. Although there is no official
standard definition of data governance, to provide clarity, we refer to the most cited definitions offered
by some important organisations and specialists.
According to the Data Governance Institute (DGI), data governance is “a system of decision
rights and accountabilities for information-related processes, executed according to agreed-upon
models which describe who can take what actions with what information, and when, under what
circumstances, using what methods” [32]. The IT Encyclopedia defines data governance as: “the overall
management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound
data governance program includes a governing body or council, a defined set of procedures, and a plan to
execute those procedures” [7]. DAMA, on the other hand, defines data governance as: “the exercise of
authority, control and shared decision-making (planning, monitoring and enforcement) over the management of
data assets” [33]. According to DAMA, data governance is, therefore, high-level planning and control
over data management [33]. Wende [9] have also argued that data governance is different from data
management, that data governance complements data management, but does not replace it. Ladley [34]
defined data governance as “a system of decision rights and accountabilities for information-related
processes, executed according to agreed-upon models which describe who can take what actions with
what information, and when, under what circumstances, using what methods”. Weber [7] suggested
that data governance “specifies the framework for decision rights and accountabilities to encourage
desirable behaviour in the use of data. To promote desirable behaviour, data governance develops
and implements corporate-wide data policies, guidelines, and standards that are consistent with the
organization’s mission, strategy, values, norms, and culture.” More recently, “Non-Invasive”, a book
by Seiner in 2014, defines data governance as “the formal execution and enforcement of authority over
the management of data and data related assets” [14].
Some other researchers or practitioners seem also to confuse IT governance and data governance.
IT governance is a much more mature area, with the first publications on the topic released about
four decades ago [35], while data governance is still under-researched. Organisations with mature
IT governance practices tend to have a stronger alignment between IT and business [36], and the
author argues that organisations should gain the responsibility for data from the IT department.
Besides IT governance, data governance also has a significant role in aligning the organisation’s
business. Data governance can be used to solve an assortment of business issues related to data
and information [16]. Otto [37] argued that a data governance model helps organisations to
structure and document the accountabilities for their data quality. Some authors have explicitly
demonstrated that data governance is different from IT governance in principle and practice [9,24].
In principle, data governance is designed for the governance of data assets, while IT governance makes
decisions about IT investments, the IT application portfolio, and the IT projects portfolio. In practice,
IT governance is designed primarily around an organisation’s hardware and applications, not its data.
Al Rifai M. et al. [30] argues that enterprise-wide data strategy and governance are important for
organisations, and are required to achieve competitive advantage. In addition, all existing sources
have hitherto only addressed data governance. The fact that organisations need to take many aspects
into consideration when implementing data governance has been neglected so far [9,16,38]. Moreover,
some researchers show that organisations which do not implement effective data governance can
quickly lose any competitive advantage [14,39]. Seiner [14] illustrated that working without a proper
data governance programme is analogous to an organisation allowing each department and each
employee to develop, for instance, their own financial chart of accounts. Data governance in any
organisation requires the involvement and commitment of all staff, with full sponsorship by the
management and senior-level executive sponsorship [40].
Recently, many organisations have become aware of the increasing importance of governing
their data to ensure the confidentiality, integrity, quality, and availability of customer data [41,42].
Currently, there is no single approach for the implementation of a data governance programme for
all organisations [3]. Good data governance can help organisations to create a clear mission, achieve
clarity, increase confidence in using organisational data, establish accountabilities, maintain scope
and focus, and define measurable successes [33,43]. Moreover, many authors have suggested that
developing effective data governance will lead to many benefits for organisations. These benefits are:
enabling more effective decision-making, reducing operational friction, and protecting the needs of data
stakeholders as central to a governance programme [44,45]. In addition, other benefits include: training
of management and staff to adopt common approaches to data issues, build standard, repeatable
processes, reducing costs and increasing effectiveness through coordination of efforts, and ensuring
the transparency of processes [16,17,37].
3. Review of the Literature on Data Governance

An up-to-date literature review has been undertaken to help us and the readers understand
the research landscape in data governance. This review will be instrumental in developing the
aforementioned taxonomy. The review followed the systematic literature review protocol, defined
by [46], with customised search strings, a study selection process, and inclusion and exclusion criteria.
The search was conducted in the following libraries and databases: Google Scholar, Staffordshire
e-resources Libraries, Saudi Digital Library, and the British Library (Ethos). The term “data governance”
was used in this search, but we also tried a combination of keywords in order to test for synonyms
used in the literature and to cover all relevant publications. The following search strings were also
used, “data governance organization”, “governance data”, “data governance in cloud computing”,
“data governance for cloud computing”, and “cloud data governance”. All these search strings were
combined by using the Boolean “OR” operator as follows: ((data governance) OR (data governance
organization) OR (governance data) OR (data governance in cloud computing) OR (data governance
for cloud computing) OR (cloud data governance)).
The search covered the period between 2000 and 2017. The study selection process was based
on four stages, and only 52 records on data governance, which meet the criteria and fall within the
scope of the study, were attained for the final review. Table 1 provides a summary of these 52 papers,
categorised by academic- and practice-oriented contributions for cloud and non-cloud computing.
Table 1. Categorisation of the resultant records on data governance.
Nature of Contribution Format References

Non-cloud:
Papers in journals and conference
[6,7,9,11–14,30,33,34,37,44,47–59].
Academic proceedings, books, working reports
Cloud Computing:
and theses
[60–62].
Non-cloud:
Publications by industry associations, [38,39,63–65], [50,52,66–111].
Practice-oriented
software vendors and analysts Cloud Computing:
[41,42,53,70–72].
Out of the retained 52 records, only five records were reported in academic literature on data
governance for cloud services. All reported research agrees that only a few organisations have
addressed data governance, and only partially. Additionally, all reported academic literature stated
that data governance is one of the key components for any enterprise cloud; they also described
some issues related to moving data to the cloud outside the organisation’s premises, such as security,
data migration and interoperability. Felici et al. [60] focused more on one aspect of data governance,
accountability, where they proposed an accountability model for data stewardship in the cloud,
which explains data governance in terms of accountability attributes and cloud-mediated interactions
between actors. This model consists of accountability attributes, accountability practices and
accountability mechanisms. Tountopoulos [73] focused on addressing interoperability requirements
relating to the protection of personal and confidential data for cloud data governance. They also
categorised the accountability taxonomy, composed of seven main roles, which are: cloud subject,
cloud customer, cloud provider, cloud carrier, cloud broker, cloud auditor, and cloud supervisory
authority. Figure 1 shows the numbers of published research on data governance in the last 10 years,
following a systematic review.
Cloud data governance has also been overlooked by industry. Cloud Security Alliance,
Trustworthy Computing Group, and Microsoft Corporation are regarded as the recognised leaders
in this area. The Cloud Security Alliance cloud data governance working group currently focuses
on the data protection aspect, with an aim to propose a data governance framework to ensure the
availability, integrity, privacy, and overall security of data in different cloud models; this is far from
being realised [74]. Trustworthy Computing Group and Microsoft Corporation describe the basic
elements of a data governance initiative for privacy, confidentiality, and compliance, and provide
guides to help organisations embark on this path [41]. According to a MeriTalk report in 2014,
Sustainability 2017, 9, 0095 10.3390/su10010095 6 of 26

practices
only 44%inofthe ITcloud. This report
professionals also federal
in the suggestsgovernment
that about 56% of agencies
believe are currently
their agencies haveinmature
the process
data
of implementing
governance data stewardship
the cloud. or
This data governance
report also programmes
suggests that about [75].
practices in the cloud. This report also suggests that about 56% of agencies are currently in the processin
practices in 56% of agencies are currently
Evaluating
theofprocess thedata
existing
of implementing
implementing work
data on
stewardship data governance
stewardship
or data or datafor
governance traditionalprogrammes
governance
programmes IT and cloud[75].
[75]. computing reveals
that itEvaluating
isEvaluating
still verythelimited,
the lacking
existing
existing work
workonstandards
ondata and unified
data governance
governance for definitions,
traditionalIT
traditional hence
IT acloud
taxonomy
andcloud
and approach
computing
computing to
reveals
reveals
classify
that
that isdifferent
it it is
still aspects
stillvery
very limited, and
limited, attributes
lacking
lacking of data
standards
standards governance
and
and will be a highly
unified definitions,
definitions, henceavaluable
hence ataxonomy contribution
taxonomy approach
approach toat
to
this stage.
classify
classify differentaspects
different aspectsand
andattributes
attributes of
of data
data governance
governance willwill be
beaahighly
highlyvaluable
valuablecontribution
contributionatat
this
this stage.
stage.
7
7
6
6
5
5
4
4
3
3
2
2
1
1
0
0
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
N0n-Cloud Academic Non-Cloud Practice Oriented
N0n-Cloud Academic Non-Cloud Practice Oriented
Cloud Computing Academic Cloud Computing Practice Oriented
Cloud Computing Academic Cloud Computing Practice Oriented
Figure
Figure 1.1.1.
Figure Number
Numberof
Number ofpublished
of publishedresearch
published researchon
research on data
data governance
data in
governancein
governance the
inthe last
thelast 10
last10 years.
10years.
years.
4.
4. Data
4. Governance
Data
Data and
Governance
Governance andOther
and OtherGovernance
Other GovernanceDomains
Governance Domains
Domains
With
Withthe
With thetheemergence
emergenceof
emergence ofofnew
new governance
new governance domains—to
governance domains—to name
domains—to name
name but but the
but the
themostmost relevant
mostrelevant ones,
relevantones,ones,
Corporate
Corporate Governance,
Governance, ITIT Governance,
Governance, Information
Information Governance,
Governance, and,
and, more
more
Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing recently,
recently, Cloud
Cloud
Computing
Computing
Governance—itGovernance—it
Governance—it isiseasy
is easy to confuse easytotoconfuse
them, confuse them,
them,
something wesomething
something have
we have
have observed observed
observed
in the literature,ininthe
theliterature,
whereliterature,
authors
where
where
have authors
authorshave
interchanged haveinterchanged
governancethese
interchanged
these these governance
governance
domains as if theydomains
domains if they
as if
are the same they are
thing. are
It is the
the samething.
same
important, thing. ItItisis
therefore,
important,
important, therefore, to differentiate between these domains, more important
to differentiate between these domains, and more important to define how they are linked to they
therefore, to differentiate between these domains, and more important to
todefine
define how
how they
each
are linked
to to each other,particularly
particularlywith
are linked
other, each
particularly other,
with respect to datawith respectto
respect
governance. to data
data governance.
governance. Figure
Figure Figureview
2 is a simplified 22isisaasimplified
ofsimplified view
viewofof
the interrelations
thethe interrelations
interrelations betweenthese
between thesedomains.
domains.
between these domains.
Figure 2. The interrelations between governance domains.

Figure
Figure2.2.The
Theinterrelations
interrelationsbetween
betweengovernance
governance domains.
domains.
Corporate governance has become important, as effective governance ensures that the business
Corporate governance
environment has becomeandimportant, as effective
can governance ensures for
that the business
Corporate is fair and transparent,
governance that companies
has become important, as effective be held accountable
governance ensures thattheir
the actions
business
environment
[76]. In is fair
contrast, and
weaktransparent,
corporate and that
governancecompanies
leads to can be
waste, held accountable
mismanagement for their
and actions
corruption.
environment is fair and transparent, and that companies can be held accountable for their actions [76].
[76]. In contrast,
According to theweak corporateforgovernance
Organization leads to waste,
Economic Cooperation and mismanagement and corruption.
Development (OECD), corporate
According to the Organization for Economic Cooperation and Development (OECD), corporate
In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to
the Organization for Economic Cooperation and Development (OECD), corporate governance is “a set
of relationships between a company’s management, its board, its shareholders, and other stakeholders, corporate
governance also provides the structure through which the objectives of the company are set, and the means of
attaining the objectives and monitoring performance are determined” [77].
In recent years, IT has been the backbone of every business [78]. As a result, the concept of
IT governance has become more important for organisations. IT governance, similarly to corporate
governance, is the process of establishing authority, responsibilities, and communication, along with
policies, standards, control mechanisms and measurements to enable the fulfilment of defined roles
and responsibilities [79]. Thus, corporate governance can provide a starting point in the definition
of IT governance [7]. According to Herbst et al. (2013), IT governance is defined as “procedures and
policies established in order to assure that the IT system of an organization sustains its goals and strategies” [80].
It is pertinent, however, to note that there is a difference between IT governance and IT functions;
this difference is not just about the centralisation or decentralisation of IT structures, but also that it is
not the sole responsibility of the CIO [81].
The term “information governance” was introduced by Donaldson and Walker (2004) as
a framework to support the work of the National Health Society in the USA. Unfortunately, many
organisations have not yet established a clear distinction between information governance and IT
governance [82]. Information governance can be viewed as a subset of corporate governance, with the
main objectives being to improve the effectiveness and speed of decisions and processes, to reduce the
costs and risks to the business or organisation, and to make maximum use of information in terms of
value creation [83]. Gartner defines information governance as “the specification of decision rights and an
accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and
deletion of information” [84]. The information governance approach focuses on controlling information
that is generated by IT and office systems, or their output, but does focus on detailed IT or data capture
and quality processes.
Cloud governance is a new term in the IT field; however, it has not been given a clear definition
yet [85]. Microsoft defines cloud governance as “defining policies around managing the factors: availability,
security, privacy, location of cloud services and compliance and tracking for enforcing the policies at run time
when the applications are running” [86]. The core of cloud governance revolves around the relationships
between provider and consumer, across different business models [87]. The business model should
define the way in which an offer is made and how it is consumed. To function at all cloud levels (IaaS,
PaaS and SaaS), the business model should be devoid of the type of resources involved.
The literature reported different views on what drives what within these governance domains; in
our research, we argue that data governance should be the key driver for all other governance domains,
sitting at the heart of everything. The most debated relationship among these governance domains
has been that of information governance and data governance, where numerous schools of thought,
including the Data Governance Institute, have consistently used information and data governance
interchangeably, connoting the understanding that the two terms mean the same thing. A very
recent paper, published only in 2016, as part of the proceedings of the 28th Annual Conference of the
Southern African Institute of Management Scientists, presented a systematic analysis to prove that data
governance is indeed a prerequisite for information governance, and hence the argument was extended
to state that data governance must become an ingrained part of both corporate governance and IT
governance [88]. Figure 3 provides an illustration of the advocated hierarchy of these governance
domains, showing also the difference between management and governance.
Figure 3. The
Figure hierarchy
3. The for the
hierarchy for difference between
the difference management
between and and
management governance.
governance.
5. Data Governance
5. Data Taxonomy
Governance Taxonomy
To construct
To construct a holistic
a holistictaxonomy,
taxonomy, we wemust determine
must determine the the
key keydimensions
dimensions of data governance.
of data governance.
ThisThis
adopted
adopted dimension-based
dimension-basedapproach allowsfor
approach allows forthethe categories
categories in taxonomy
in the the taxonomy to be broken
to be broken down into
downdiscrete areas. A dimension-based approach allows more flexibility in placing content into variousinto
into discrete areas. A dimension-based approach allows more flexibility in placing content nodes,
various nodes, represented
represented by the dimension by thetodimension
which theytobelong.
which In they
thebelong.
contextIn ofthe
datacontext of datathis
governance, governance,
approach will
thisallow
approach
userswill allow users
to manage to manage content
data governance data governance
more efficiently.content more efficiently.
Successfully achieving Successfully
this could be
achieving this could be a potentially complex process, and consequently
a potentially complex process, and consequently requires more investigative effort and the involvement requires more investigative
effort
of and the involvement
different stakeholders. of Therefore,
different stakeholders.
the taxonomy Therefore,
for data the taxonomy
governance fordeveloped
was data governance following
wasexploratory
developed and following exploratory and qualitative research, where the
qualitative research, where the method employed was merrily based on a combination method employed was
merrily based on a combination of analysing the relevant knowledge
of analysing the relevant knowledge in the public domain, resulting from the above described in the public domain, resulting
from the aboveliterature
systematic described systematic
review (Section literature review (Section
3) and following 3) andtheory
the analytic following[89]. the analytic theory
[89]. The analytic theory has been useful in understanding the data governance aspects of traditional IT
Thecloud
and analytic theory has
technology. Seinbeen
M. etuseful in understanding
al. [89] the data
state that “the analytic governance
theory is used toaspects
describeof ortraditional
classify specific
IT and cloud technology. Sein M. et al. [89] state that “the analytic theory is
dimensions or characteristics of individuals, groups, situations, or events by summarizing the commonalities used to describe or classify
specific
found in discrete observations. Frameworks, classification schema and taxonomies are numerous the
dimensions or characteristics of individuals, groups, situations, or events by summarizing in IS”.
commonalities
The analytic found in discrete
theory has been observations.
chosen as Frameworks,
a concept forclassification
this study toschema identifyanddata
taxonomies
governance are numerous
dimensions
in IS”.
for The analytic
the cloud theory has
services. To usebeen chosentheory
analytic as a concept
in making for this
data study to identify
governance data governance
dimensions, we follow
dimensions
three steps. Firstly, understanding the state of the art of data governance fordimensions,
for the cloud services. To use analytic theory in making data governance traditional IT weand
follow
the three
cloud.steps. Firstly,
Secondly, understanding
identifying specificthedimensions
state of the or artcharacteristics
of data governance of dataforgovernance
traditional IT andandcloud
the computing.
cloud. Secondly, identifying specific dimensions or characteristics of data
Finally, developing the key data governance dimensions for cloud computing, based on the governance and cloud
computing.
definitions Finally,
of data developing
governance theandkeyfactors
data governance
presented indimensions
the literature forreview,
cloud computing, based on the
which will construct
the definitions of data governance and factors presented in the literature
desired taxonomy. The adopted approach is considered expedient in expounding a sound theoretical review, which will construct
the foundation
desired taxonomy.
for the study.The Thisadopted approach
approach is usedistoconsidered
contextualise expedient
the research,in expounding
for which authors a sound chose
theoretical foundation
the contents that were forrelevant
the study. Thisstudy
for the approach
and how is used
thesetowerecontextualise
employed the research,
in order for awhich
to reach scientific
authors chose the
conclusion. Suchcontents that were
an approach relevant foressential,
is considered the studyfollowing
and howathese set ofwere employed
processes in order in
or procedures
to reach a scientific conclusion. Such an approach is considered
undergoing a systematic review, which can be verified or validated scientifically. essential, following a set of processes
or procedures
To theinbest undergoing a systematic
of the authors’ review,and
knowledge, which can be verified
following or validated research
the aforementioned scientifically.
approach,
To the best of the authors’ knowledge, and following the
there is no published research that defines the key dimensions of data governance for cloud aforementioned research approach,
there is no published
computing. research
In contrast, that defines
for traditional the key dimensions
IT (non-cloud), there is someof data governance
reported research,for albeit
cloud not
computing.
much. As illustrated above, data governance for non-cloud and cloud, although showingnot
In contrast, for traditional IT (non-cloud), there is some reported research, albeit some
much. As illustrated
similarities at a higherabove, data
level, governance
differs for non-cloud
significantly in details,and cloud, although
in addition to some new showing
factors some
related
similarities at a higher
only to cloud level, differs
technology. Figuresignificantly
4 shows theintwo details,
maininclasses
addition to some
of data new factors
governance, related as
considered
only to cloud technology. Figure 4 shows the two main classes of data governance, considered as sub-

sub-taxonomies: datagovernance
taxonomies: data governance forfor non-cloud
non-cloud computing,
computing, referred
referred to herein
to herein as traditional
as traditional datadata
taxonomies:
governance, anddata
datagovernance
governance for
fornon-cloud
cloud computing,
computing, referred
referred to to herein
herein as as
cloudtraditional
data data
governance.
governance, and data governance for cloud computing, referred to herein as cloud data governance.
governance, and data governance for cloud computing, referred to herein as cloud data governance.
Governance
Traditional Data Governance

Governance
Traditional Data Governance

Data
Cloud Data Governance

Data
Figure 4. Two main blocks of the data governance taxonomy.

5.1. Traditional Data Governance
5.1. Traditional Data Governance
5.1. Traditional
As shownData Governance
in the systematic literature review above, the literature on traditional data governance
isAs shown
still
As shown
ininthe
considered systematic
theinsufficient.
literature
Some authors
systematic literature
review
review
above, the
expressed
above, thetheirliterature
subjective
literature
on views
traditional
on traditional on datadata
aspects governance
of data
governance
is still considered
governance; thisinsufficient.
subjectivity isSome
driven authors
by the expressed
fact that theretheir
is nosubjective
single
is still considered insufficient. Some authors expressed their subjective views on aspects of data views
approach on
to aspects
implementingof data
governance;
standard this
data subjectivity
governance is
for driven
all types by
of the fact that
organisations there
[4]. Thisis no
meanssingle
each
governance; this subjectivity is driven by the fact that there is no single approach to implementingapproach to
organisation’s implementing
approach
standard
to datadata
standard governance
governance
data couldfor
governance beall
for alltypes
types of
different. organisations
It is,
of therefore, very
organisations [4].difficult
[4]. Thismeans
This means each
to capture
each organisation’s
all the different
organisation’s approach
views;
approach
toinstead,
to datadata after further
governance
governance could
couldanalysis
be of the relevant
bedifferent.
different. literature,
It is, therefore,
therefore, we
very
very could identify
difficult
difficult toto common
capture
capture allall aspects
thethe ofviews;
different
different data
views;
governance
instead, after which
further most authors
analysis of seem
the to agree
relevant upon. Therefore,
literature, we traditional
could identify
instead, after further analysis of the relevant literature, we could identify common aspects of datadata governance
common could
aspects bedata
of
classified
governance
governance into
which three
whichmost main
mostauthorscategories:
authors seemseemto people
toagree and
agreeupon. organisational
upon. Therefore,
Therefore, bodies, policy,
traditional
traditional datadataand technology,
could as
governance
governance could
be
shown in the simplified taxonomy below (Figure 5). This is followed by extended descriptions and
be classified
classifiedintointothree
threemain
main categories:
categories: people
peopleandand organisational
organisational bodies, policy,
bodies, and technology,
policy, as
and technology,
classification
shown of each aspect.
in the simplified taxonomy below (Figure 5). This is followed by extended descriptions and
as shown in the simplified taxonomy below (Figure 5). This is followed by extended descriptions and
classification
classification ofof eachaspect.
each aspect.
Governance
People and Organizational Bodies

Governance

Data Data
Policy and Process

Traditional
Policy and Process

Traditional
Technology
Technology
Figure 5. Traditional data governance taxonomy.
Figure 5. Traditional data

Figure5. datagovernance
governancetaxonomy.
taxonomy.
5.1.1. People
5.1.1. and
People Organisational
and Bodies
Organisational Bodies
DataDatagovernance
governance will influence
will influence thethe
mix of of
mix data stakeholders
data stakeholders involved
involved in in
data-related decisions
data-related decisions
and actions in an organisation, as well as the amount of effort required of each stakeholder.
and actions in an organisation, as well as the amount of effort required of each stakeholder. Therefore, Therefore,
in in
traditional
traditional data
datagovernance,
governance, thethe
people
people andandorganisational
organisational bodies
bodies play
playimportant
important parts when
parts when
organisations
organisations implement
implement data
datagovernance
governance forfor
their business
their business [90].
[90].The
Theelement
elementof ofpeople
people andand
organisational bodies in data governance
organisational bodies in data governance can be defined as any individual or group that
be defined as any individual or group that could affect could
affect
or be or affected
be affected by the
by the datadata under
under discussion.
discussion. People
People in traditional
in traditional governance
governance havehave
manymanytasks,
tasks, including
including authority,
authority, datastewardship,
data stewardship,business
business rules, collaboration,
collaboration,accountability
accountabilityand andculture
culture
attitude
attitude [91].
[91].The
Thepeople
peopleand andorganisational
organisationalbodies bodieselement,
element,ininthethe context
contextof of
traditional data
traditional data
governance,
governance, could
couldinclude
includethethe
following:
following: data
datagovernance
governance office, data
office, governance
data governance council, executive
council, executive
sponsorship,
sponsorship, chief information
chief informationofficer (CIO),
officer data data
(CIO), management
management committee, compliance
committee, committee
compliance and
committee
data
and stewards; each has
data stewards; specific
each roles and
has specific responsibilities
roles within their
and responsibilities organisations.
within Figure 6 below
their organisations. Figure 6
summarises the most important
below summarises aspects of aspects
the most important this class
ofof traditional
this data governance,
class of traditional as agreed by
data governance, as most
agreed
reported literature.
by most reported literature.
Data Governance Office
Data Governance Council

Executive Sponsorship
Chief Information Officer
Data Management Committee
Compliance Committee
Data Stewards
Figure
Figure 6. People
6. People andand organisational
organisational bodies
bodies taxonomy
taxonomy in traditional
in traditional data
data governance.
governance.
5.1.2.
5.1.2. Policy
Policy andand Process
Process
Data
Data governance
governance policy
policy is is a set
a set of of measurable
measurable acts
acts andand rules
rules forfor a set
a set of of data
data management
management
functions in order to ensure the benefit of a business process [92]. Regarding data
functions in order to ensure the benefit of a business process [92]. Regarding data governance processes, governance
processes,
they describethey describeused
the methods the methods
to governused
data;tothese
govern data; these
processes processes
should should bedocumented
be standardised, standardised,
documented and repeatable. According to IBM Institute [69], data governance
and repeatable. According to IBM Institute [69], data governance policies and processes should policies and processes
be
should be crafted to support regulatory and compliance requirements for
crafted to support regulatory and compliance requirements for data management functions. The policydata management
andfunctions. The policy
process aspects and process
in traditional dataaspects in traditional
governance data governance
could include could include
principles, policies, principles,
standards and
policies, standards and process,
process, as displayed in Figure 7. as displayed in Figure 7.
Sustainability
Sustainability 2017,
2018, 9, 0095
10,2017,
Sustainability 95 10.3390/su10010095
9, 0095 10.3390/su10010095 11
11of1126
of 26
of 26
Principles
Principles
Policy and Process

Policy and Process
Policies
Policies
Standards
Standards
Process
Process
Figure 7. Policy
Figure and
7. Policy process
and elements
process inintraditional
elements traditionaldata governance.
datadata
governance.
Figure 7. Policy and process elements in traditional governance.
5.1.3. Technology
5.1.3. Technology
5.1.3. Technology
Technology
Technology is an
Technology integral
is an factor
is integral factor
an integral forfor
factor data
data
for governance;
governance;
data ititisisthrough
governance; itthrough technology
is through technology
technology thatthat
we wecancan
can ensure
ensure
ensure
automation
automation andand enforce
enforce and
and control
control data
data governance
governance policies.
policies. However,
However, the
automation and enforce and control data governance policies. However, the role of technology comes role
theof technology
role of comes
technology
after
comes an approved
after
after ananapproved datadata
approved governance
data
governance policy
governance and
policy process.
policy
and Technology
and process.
process. Technology in the
Technology context
in the of data
in the
context governance
context
of data of data
governance
represents
governance the engineering
represents
represents methods
the engineering
the engineering methods that are
methods responsible
that are that for reflecting
are responsible
responsible its policies
for reflecting
for reflecting and practice
its policiesitsand
policies in
practice ain a
and
measurable
practicemeasurable way.
in a measurable Therefore, a fit-for-purpose
way. Therefore,
way. Therefore, plan
a fit-for-purpose
a fit-for-purpose for
plan plan using technical
for using
for using tools
technical
technical to support
tools
tools to to data
support
support data
datagovernance
governance
governance polices,
polices, within
polices, within the
within the context
the context
contextofof roles,
roles,
of responsibilities,
responsibilities,
roles, responsibilities, and
and andaccountabilities,
accountabilities,
accountabilities,must
mustmustbe
be be
established
established
established[4,66].
[4,66]. TheThe
[4,66]. Thesimplest
simplest forms
forms
simplest ofof
forms technology
technology reported
reported
of technology reported fortraditional
for traditional
for traditional datadata
data governance
governance
governance could
could
could
include
includeincludehardware,
hardware,
hardware, software
software and
software monitoring
and monitoring
and monitoring tools, as
tools,tools, depicted
as depicted
as depicted in Figure
in Figure
in Figure 8.
8. 8.
Hardware
Hardware
Technology
Technology
Software
Software
Monitoring ToolTool
Monitoring
Figure 8. The technology elements of traditional data governance.

FigureFigure
8. The8.technology
The technology elements
elements of traditional
of traditional data data governance.
governance.
5.2.5.2.
Cloud Data
Cloud Governance
Data Governance
5.2. Cloud Data Governance
TheThe
impediment
impediment to the the
wider adoption of the the
cloud computing model has been linked primarily
The impediment to the to
widerwider adoption
adoption of theofcloudcloud computing
computing modelmodel
has has
beenbeen linked
linked primarily
primarily
to aspects related to the datadata
governance environment [42,53,60]. While security seems to be the most
to aspects related to the data governance environment [42,53,60]. While security seems to be thethe
to aspects related to the governance environment [42,53,60]. While security seems to be most
most
cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the cloud are
cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the
Sustainability 2018, 10, 95
cloud
12 of 26
are related to governance and legal issues. Data governance is considered to be one of the most
important aspects of cloud governance [25]. Data governance programmes, built for on-premises IT
related to governance
infrastructure, and be
cannot legal issues. Data
deployed governance
for cloud is considered
infrastructure to be one
and service of the most which
provisioning, importantwould
aspects of cloud governance [25]. Data governance programmes, built
require completely new requirements, design and implementation [53,93]. Undoubtedly, the area offor on-premises IT infrastructure,
cannot
cloud be data
deployed for cloud
governance infrastructure
is becoming and of
a topic service provisioning,
the coming decades which would
[60,73], requireit completely
although is still under-
newresearched
requirements, by design and implementation
both academia and industry, [53,93].
dueUndoubtedly,
to its novelty the[7,9].
area ofAscloud data governance
discussed above, data
is becoming a topic of the coming decades [60,73], although it is still under-researched
governance is still underdeveloped and under-practised, even for traditional IT infrastructures, let by both academia
andalone
industry,
cloud duecomputing
to its novelty [7,9]. As discussed
environments [4,94]. above,
This isdata governance
evidenced by isthestill underdeveloped
results and
of the systematic
under-practised, even for traditional IT infrastructures, let alone cloud
literature review discussed above, where only 11 records discussing data governance for cloud computing environments [4,94].
This is evidenced
computing wereby the results
reported. of the systematic
Governance in the cloud literature
needs toreview discussed
understand, above,and
moderate where onlythe
regulate
11 records discussing
relationships between datadifferent
governance cloud foractors
cloudorcomputing
stakeholders were reported.
in terms Governance
of roles in the cloud
and responsibilities [24].
needs to understand, moderate and regulate the relationships between
Data governance is meant to classify and assign responsibilities, communication, labelling and different cloud actors or
stakeholders
policies [57]. in terms
Thereofare roles
fewand responsibilities
studies reporting [24]. Datagovernance
on data governancefor is meant
the cloudto classify andAlmost
services. assign all
responsibilities,
existing workcommunication,
on data governance labelling
for cloudandcomputing
policies [57]. Thereon
focuses areaccountability
few studies reporting on data
and interoperability
governance for the cloud services.
[57,60]. Accountability could Almost all existing
be addressed at work
different on data governance
levels, for cloud
technological, computingand
regulatory
focuses on accountability
organisational [95]. and interoperability [57,60]. Accountability could be addressed at different
levels, technological,
There is a strong regulatory and organisational
consensus [95].
that cloud computing will lead to change in the strategy of
There is a data
traditional strong consensus in
governance that cloud computing
organisations [96]. will
Cloud lead to change
data in theisstrategy
governance of traditional
the main focus area in
data governance
this in organisations
research, where the aim is [96]. Cloud data
to construct governance
a taxonomy that is the main the
represents focus area in classifications
different this research, of
where
thisthe aim isTo
domain. to construct
recall, to thea taxonomy
best of the that represents
authors’ the different
knowledge, this isclassifications
the first such of this domain.
attempt reported,
To recall,
following to the best
the of the
most authors’ knowledge,
comprehensive this is the literature
and up-to-date first such attempt
review. reported,
Figure 9following the
is a high-level
most comprehensive
taxonomy of cloudand data up-to-date
governance, literature
compiled review.
fromFigure 9 is a high-level
the analysis of relevanttaxonomy
literature,ofidentified
cloud data from
governance,
the systematic compiled from the
literature analysis
review. Theofsubsequent
relevant literature,
sectionsidentified from the
contain further systematicofliterature
description every sub-
review.
class.The subsequent sections contain further description of every sub-class.
Data Governance Structure
Policy and Process
Cloud Deployments Model
Service Delivery Model

Cloud Actors
Organisational
Technological
Service Level Agreement
Monitor Matrix
Legal Context
Figure
Figure 9. A9.Cloud
A Cloud Data
Data Governance
Governance Taxonomy.
Taxonomy.
5.2.1. Data
5.2.1. Governance
Data Structure
Governance Structure
Designing
Designing a data governance
a data governance structure
structureisisananimportant
importantfactor
factor in thatrequisite
in ensuring that requisiteroles
rolesand
andresponsibilities
responsibilitiesare
are addressed
addressed throughout
throughout thethe enterprise
enterprise at right
at the the right organisational
organisational levelslevels [13].
[13]. Several
Several common
common datadata governance
governance roles
roles havebeen
have beenidentified
identified in existing
existingstudies,
studies,including
including thethe
following:
following:
executive sponsorship,
executive sponsorship,data management
data management committee,
committee, compliance
compliance committee,
committee, data stewardship
data stewardship team,
team,
cloud manager, cloud provider member, IT member and legal member [9,97].
cloud manager, cloud provider member, IT member and legal member [9,97]. These roles must These roles must
collaborate to formulate
collaborate datadata
to formulate governance
governancebodies.
bodies.Figure 10 shows
Figure 10 shows an example
an exampleof aoftypical cloud
a typical data
cloud data
governance
governancestructure.
structure.
Data Governance Structure
Data Stewardship Team
Cloud Manager
Cloud Provider Member
IT member
Legal Member
Figure
Figure 10. Cloud
10. Cloud datadata governance
governance structure.
structure.
5.2.2.
5.2.2. DataData Governance
Governance Function
Function
ThisThis refers
refers to master
to master activities
activities forgovernance,
for data data governance,
includingincluding functions
functions which datawhich data governance
governance teams
teams must take into account when implementing data governance programmes
must take into account when implementing data governance programmes [98]. Establishing consistent [98]. Establishing
consistent
policies, policies,
standards, andstandards, and operating
operating processes processes
to ensure to ensure
the accuracy, the accuracy,
availability, availability,
and security of dataand
security
should be partof data
of theshould be part of the
data governance data governance
strategy, strategy,the
as well as defining as organisation’s
well as defining theassets
data organisation’s
[3,37].
Therefore, the data governance team must define all data governance policies that address cloudthat
data assets [3,37]. Therefore, the data governance team must define all data governance policies
address concerns.
consumers’ cloud consumers’
The data concerns.
governance The data governance
functions can supportfunctions can support
organisations to make organisations
cloud service to
make cloud
decisions, such service decisions, such
as the geographic as the geographic
distribution distribution
of data stored, of data
processed, andstored, processed,
in transit; and in
regulatory
transit; regulatory requirements; data management requirements; and
requirements; data management requirements; and audit policies [99]. Effective data governance audit policies [99]. Effective
data governance
in cloud in cloudtransparency
computing requires computing and requires transparency
accountability, whichandleads
accountability,
to appropriate which leads to
decisions
appropriate decisions that foster trust and assurance for cloud consumers
that foster trust and assurance for cloud consumers [100]. The outcomes from data governance [100]. The outcomes from
data governance function activities include standard, procedure, compliance,
function activities include standard, procedure, compliance, transformation, integration, management, transformation,
integration,
auditability, management,
transparency, auditability,
policies, principlestransparency,
and processes.policies, principles the
This is considered and processes.
master This is
dimension
for data governance, but it must comply with other dimensions to develop effective data governance. to
considered the master dimension for data governance, but it must comply with other dimensions
develop
Figure effective
11 shows data data
the cloud governance.
governance Figure 11 shows
function and its the cloud data
concerns governance
for cloud computing.function and its
concerns for cloud computing.
Process
Process
Data Governance
Data Governance
Standard
Function
Standard
Function
Principle
Principle
Procedure
Procedure
Compliance
Compliance
Transformation
Data Governance Transformation
Governance
Data Concerns
Concerns Integration
Integration
Management
Management
Auditability
Auditability
Transparency
Transparency
Figure 11. Cloud data governance function and its concerns for cloud computing.
Figure
Figure 11.11. Cloud
Cloud data
data governance
governance function
function and
and its its concerns
concerns forfor cloud
cloud computing.
computing.
5.2.3. Cloud Deployment Model
5.2.3.
5.2.3. Cloud
Cloud Deployment
Deployment Model
Model
This is an important factor to consider in data governance. There are primarily four cloud
This
This is is
an an important
important factor
factor to
to in consider
consider in in
datadata governance.
governance. There
There areare primarily
primarily four
four cloud
cloud
deployment models, which differ their provisions; these are the public, private, hybrid and
deployment
deployment models,
models, which
which differ
differ in in their
their provisions;
provisions; these
these areare the public,
the private, hybrid and
community cloud deployment models. To address data governance, thepublic,
level ofprivate,
risk andhybrid and
complexity
community
community cloud deployment
clouddeployment
deployment models.models. To address data governance, the level of risk and complexity
of each cloud must beTo takenaddressinto
dataconsideration
governance, the[18].
levelAccording
of risk and complexity
to [110] the of
of each cloud
each cloud deployment deployment must be taken into consideration [18]. According to [110] the
implementation of data must be takenvaries
governance into consideration
greatly, based[18]. According
on the adoptedtocloud
[110] deployment.
the implementation
Figure
of implementation
12 data
shows governance ofvaries
data governance
cloud deployment greatly, based
model
varies
on the
types
greatly, based
to adopted
on the
cloud
be considered
adopted cloud
deployment. Figure
when implementing
deployment.
12ashows Figure
cloudcloud
data
12 shows cloud
deploymentprogramme. deployment model types to be considered when implementing
model types to be considered when implementing a cloud data governance programme. a cloud data
governance
governance programme.
Private Cloud
Private Cloud
Cloud Deployment Models
Cloud Deployment Models
Public Cloud
Public Cloud
Hybrid Cloud
Hybrid Cloud
Community Cloud
Community Cloud
Figure 12. Cloud deployment model types for cloud data governance.
Figure Cloud
12.12.
Figure deployment
Cloud model
deployment types
model forfor
types cloud data
cloud governance.
data governance.
5.2.4. Cloud Service Delivery Model

Cloud services can be categorised into three delivery models: Software as a Service (SaaS),
Cloud services can be categorised into three delivery models: Software as a Service (SaaS),
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the

Cloud 2017,
Sustainability services
9, 0095can be categorised into three delivery models: Software as a Service (SaaS),
10.3390/su10010095 15 of 26
Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model,
the cloud
cloud consumer
consumer willwill
havehave a differing
a differing levellevel of control
of control over data
over their their[61]
dataand
[61]each
andmodel
each model will
will require
cloud consumer will have a differing level of control over their data [61] and each model will require
require a different
a different approach approach
to datatogovernance
data governance and management.
and management. Therefore,
Therefore, thegovernance
the data data governance
teams
a different approach to data governance and management. Therefore, the data governance teams
teams
must must
considerconsider
all theallcharacteristics
the characteristics of service
of the the service delivery
delivery model
model andand define
define appropriate
appropriate policies
policies to
must consider all the characteristics of the service delivery model and define appropriate policies to
to enforcecontrol
enforce controlroles
rolesand
andresponsibilities.
responsibilities.Figure
Figure1313shows
shows the
the cloud service delivery
delivery model
model to tobe
be
enforce control roles and responsibilities. Figure 13 shows the cloud service delivery model to be
considered
consideredwhen whenimplementing
implementingcloud clouddata
datagovernance.
governance.
considered when implementing cloud data governance. Model
Infrastructure as a Service (IaaS)

DeliveryModel
Infrastructure as a Service (IaaS)

ServiceDelivery
Platform as a Service (PaaS)

Platform as a Service (PaaS)
Service
Software as a Service (SaaS)

Software as a Service (SaaS)
Figure13.
Figure 13.Cloud
Cloudservice
servicedelivery
deliverymodel
modelfor
forcloud
clouddata
datagovernance.
governance.
Figure 13. Cloud service delivery model for cloud data governance.
5.2.5.Cloud
5.2.5. Cloud Actors
5.2.5. CloudActors
Actors
Theactors
The actors arealso
also a criticalfactor
factor in definingcloudcloud datagovernance.
governance. “Cloudactors”actors” refersto to
The actorsareare alsoa acritical
critical factorinindefining
defining clouddatadata governance.“Cloud
“Cloud actors”refers refers to
individuals
individuals or organisations that participate in processes or transactions, and/or perform tasks in the
individualsorororganisations
organisations thatthat participate
participate in in processes
processes orortransactions,
transactions,and/or
and/or perform
perform tasks
tasks in in
the
cloud
the computing
cloud computing environment.
environment. NIST’s
NIST’s cloud
cloud computing
computing reference
reference architecture
architecture distinguishes five
distinguishes five
cloud computing environment. NIST’s cloud computing reference architecture distinguishes five
majoractors:
major actors: thecloud
cloud consumer, thethe cloud provider, the cloud auditor, the cloud carrier
and theand the
major actors:thethe cloud consumer,
consumer, cloud
the provider,
cloud the cloud
provider, auditor,
the cloud the cloud
auditor, the carrier
cloud carrier cloud
and the
cloud [18].
broker broker [18].
Each Eachactor
cloud cloudhasactor hasroles
special special
and roles and responsibilities
responsibilities in any incloud
one any one cloud provision,
provision, so a data
cloud broker [18]. Each cloud actor has special roles and responsibilities in any one cloud provision,
so a data governance
governance programme programme
must clearlymustdefine
clearly define
the rolesthe roles
and and responsibilities
responsibilities for allactors
for all cloud cloud actors
so a data governance programme must clearly define the roles and responsibilities for all cloud [102].
actors
[102].
Figure Figure
14 14
shows shows
the the
cloud cloud
actors actors
in cloudin cloud
data data governance.
governance.
[102]. Figure 14 shows the cloud actors in cloud data governance.
Cloud Consumer
Cloud Consumer
Cloud Provider
Cloud Provider
Actors
CloudActors
Cloud Auditor
Cloud Auditor
Cloud
Cloud Carrier
Cloud Carrier
Cloud Broker
Cloud Broker
Figure 14. Cloud actors in cloud data governance.

Figure14.
Figure 14.Cloud
Cloudactors
actorsinincloud
clouddata
datagovernance.
governance.
5.2.6. Service Level Agreement (SLA)

One key issue for the cloud consumer is the provision of governance for data which they no
longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an
agreement that serves as the foundation of expectation for services between the cloud consumer and
the provider [100]. The agreement states what services will be provided, how they will be provided,
the provider [100]. The agreement states what services will be provided, how they will be provided,

the provider [100].
Sustainability 2017,The agreement
9, 0095 states what services will be provided, how they will be provided,
10.3390/su10010095 16 of 26
and what happens if expectations are not met; therefore, an SLA is pivotal in data governance. Thus,
the cloud
the cloud consumer consumer and provider
and provider mustmust negotiate
negotiate all aspects
all aspects of data
of data governance
governance before
before developingthe
developing
SLA. As a result, these agreements are in place to protect both parties. Before evaluating anyany
the SLA. As a result, these agreements are in place to protect both parties. Before evaluating cloudcloud
SLA,
SLA, cloud consumers must first develop a strong business case for the cloud services, with data
cloud consumers must first develop a strong business case for the cloud services, with data governance
governance level policies and requirements and a strategy for their cloud computing environment.
level policies and requirements and a strategy for their cloud computing environment. The SLA should
The SLA should contain a set of guidelines and policies to assist client organisations in defining
contain a set of guidelines
governance plans foranddatapolicies
which to assist
they may client organisations
choose to move toin a defining governance
cloud provider [104]. plans
Thesefor data
must
whichcomply
they may withchoose
legal to
and move to a cloud
regulatory provider [104].
requirements. All ofThese must comply
these policies can bewith legal and
negotiable regulatory
between the
requirements. All of these policies can be negotiable between the cloud consumer
cloud consumer and cloud provider, to identify the target level of data governance before and cloud provider,
to identify the target
establishing the level of data
contract. Thegovernance
SLA for cloud before
dataestablishing
governance the contract.
includes data The SLA forfunctions;
governance cloud data
governance includes data
data governance governanceroles
requirements, functions; data governance
and responsibilities; requirements,
and roles metrics
data governance and responsibilities;
and tools.
Figure
and data 15 showsmetrics
governance the SLAandelements for cloud
tools. Figure 15 data
showsgovernance.
the SLA elements for cloud data governance.
Service Level Agreement (SLA)
Data Governance Functions
Data Governance Requirements
Roles and Responsibilities
Data Governance Metrics and

Tools
Figure 15. Service

Figure Level
15. Service Agreement
Level (SLA)
Agreement elements
(SLA) elementsfor
forcloud
cloud data governance.
data governance.
5.2.7. Organisational
5.2.7. Organisational Context
Context
Data governance is a major mechanism for establishing control over an organisation’s data assets
Data governance is a major mechanism for establishing control over an organisation’s data assets
and enhancing their business value [105]. It is also a critical element of implementing a sustainable
and enhancing their business value [105]. It is also a critical element of implementing a sustainable data
data management capability, which addresses enterprise information needs and reporting
management capability, which addresses enterprise information needs and reporting requirements.
requirements. Organisational factors are important for data governance to be successful [8]. Data
Organisational
governancefactors
requiresare important
change for data
management in governance to be
the organisation, in successful
addition to [8]. Data governance
the participation and
requires
commitment of IT staff, business management and senior-level executive and
change management in the organisation, in addition to the participation commitment
sponsorship in
of IT organisations
staff, business
[37].management
Moreover, topand senior-level
management executive
support sponsorship
is considered to be the in organisations
critical [37].
success factor
Moreover, top management
in implementing support [61].
data governance is considered to be the critical
Staff in organisations success
need to learn datafactor in implementing
governance functions,
data governance
demanding top[61]. Staff in organisations
management need to
support to enhance thelearn data governance
organisation’s functions,
staff skillset. demanding
The organisational
context meanssupport
top management definingtoallenhance
internal factors that organisations
the organisation’s staffmust consider
skillset. Thewhen they managecontext
organisational risks
[14]. There are three perspectives for organisational context: the strategic, tactical
means defining all internal factors that organisations must consider when they manage risks [14]. and operational
There perspectives. Data governance
are three perspectives for for cloud computing
organisational servicesthe
context: should complytactical
strategic, with these andperspectives.
operational
The organisational context for cloud data governance includes organisation charts, organisation
perspectives. Data governance for cloud computing services should comply with these perspectives.
vision and mission, organisation strategy, the business model, decision-making processes, training
The organisational context for cloud data governance includes organisation charts, organisation vision
plan, communication plan and change management plan. Figure 16 shows the organisational context
and mission, organisation strategy, the business model, decision-making processes, training plan,
elements of cloud data governance.
communication plan and change management plan. Figure 16 shows the organisational context
elements of cloud data governance.
Organization Charts
Organization Vision and Mission
Organization Strategy
Organisational
Business Model
Decision-Making Processes
Training Plan
Communication Plan
Change Management Plan
Figure
Figure 16. Organisational
16. Organisational context
context of cloud
of cloud datadata governance.
governance.
5.2.8. Technical Context

5.2.8. Technical Context
Technology is also a key element for data governance success [8]. The technical context
Technology is also a key element for data governance success [8]. The technical context represents
represents the issues related to data which will affect the decision of cloud computing adoption and
the issues related to data which will affect the decision of cloud computing adoption and data
data governance implementation for cloud computing services [106]. Therefore, a lack of technology
governance implementation for cloud computing services [106]. Therefore, a lack of technology
is considered to be a barrier to successful data governance. Technical factors encapsulate data
is considered to be a barrier to successful data governance. Technical factors encapsulate data
management issues that affect organisations’ strategies, such as security, privacy, quality and
management
integrity.issues that affect
Therefore, organisations’
it is incumbent uponstrategies, such implementing
organisations as security, privacy, quality andtointegrity.
data governance assess all
Therefore, it is incumbent upon organisations implementing data governance to
technological characteristics available in their organisation, in order to effectively assess allimplement
technological
data
characteristics available in their organisation, in order to effectively implement
governance. The technical issues that could have an impact on the implementation of data data governance.
The technical
governance issues
for that
cloudcould have
services an impact
include on the reliability,
availability, implementation ofprivacy,
security, data governance for cloud
quality, compatibility,
services include availability, reliability, security, privacy, quality, compatibility, ownership,
ownership, auditing, integrity, data lock-in and performance [106,107]. Figure 17 displays auditing,
the
integrity, data lock-in
technological and performance
context [106,107].
elements of cloud dataFigure 17 displays the technological context elements
governance.
of cloud data governance.
Availability
Reliability
Security
Quality
Privacy
Technical
Compatibility
Ownership
Auditing
Integrity
Data Lock-In
Performance
Figure
Figure 17. 17. Technical
Technical context
context of cloud of cloud
governance.
5.2.9.Context
5.2.9. Legal Legal Context
The legalThe legalin

aspect aspect in this context
this context determines
determines the external
the external and internal
and internal laws and laws and regulations
regulations related related
to the data which might affect an organisation’s intent to adopt cloud technology [106], whichwhich
to the data which might affect an organisation’s intent to adopt cloud technology [106], can can in
in turn turn
affectaffect the implementation
the implementation of an adequate
of an adequate data governance
data governance programme
programme for cloud forcomputing
cloud computing
services. Therefore, the data governance teams must understand what
services. Therefore, the data governance teams must understand what is implied about data is implied aboutin data
all in all
relevant contracts before implementing a data governance strategy. Failure to comply with the lawthe law
relevant contracts before implementing a data governance strategy. Failure to comply with
when dealing
when dealing with confidential
with confidential data trust,
data erodes erodeswhich
trust, can
which can seriously
seriously damagedamage
the view theofview of the top
the top
management of an organisation regarding the trustworthiness of the cloud provider services [108]. [108].
management of an organisation regarding the trustworthiness of the cloud provider services
The
The legal legal context
context for cloudfordata
cloud data governance
governance includesincludes
the Datathe Data Protection
Protection Act 1998, Act 1998, change
change of control
of control
act and cloud regulations. Figure 18 shows the legal context of cloud
act and cloud regulations. Figure 18 shows the legal context of cloud data governance. data governance.
Data Protection Act

LegalLegal Data Protection Act
Change of Control Act

Change of Control Act
Cloud Regulations
Cloud Regulations
Figure
Figure 18. Legal
18. Legal context
context of cloud
of cloud datadata governance.
governance.
Figure 18. Legal context of cloud data governance.
5.2.10. Monitor Matrix
5.2.10. Monitor Matrix
The
5.2.10. monitor
Monitor matrix in data governance is the exercise of authority, control and shared decision-
Matrix
The monitor matrix in data governance is the exercise of authority, control and shared
making over the management of data assets [41]. Measuring and monitoring supports ongoing data
decision-making overmatrix
The monitor the management of dataisassets
in data governance [41]. Measuring
the exercise of authority,and monitoring
control and sharedsupports
decision-
governance efforts to ensure that all incoming and existing data meets business rules [109]. By adding
ongoing data governance efforts to ensure that all incoming and existing data meets
making over the management of data assets [41]. Measuring and monitoring supports ongoing data business
a monitoring component to the data governance programme, data quality efforts are enhanced,
rules [109]. By efforts
governance addingtoa ensure
monitoring
that allcomponent
incoming andto the data governance
existing programme,
data meets business data quality
rules [109]. By adding
which in turn renders data much more reliable [109]. Moreover, continuous monitoring ensures
efforts are enhanced,
a monitoring which intoturn
component the renders data muchprogramme,
data governance more reliable [109].
data Moreover,
quality efforts continuous
are enhanced,
compliance with SLAs and the set requirements defined in the data governance strategy [42]. The
monitoring
which inensures compliance
turn renders data with
muchSLAsmoreand the set[109].
reliable requirements
Moreover, defined in the data
continuous governance
monitoring ensures
data governance monitor matrix for cloud computing services includes the cloud control matrix, KPIs
strategy [42]. The
compliance data
with governance
SLAs and the monitor matrix fordefined
set requirements cloud computing
in the dataservices
governanceincludes the cloud
strategy [42]. The
and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.
control
datamatrix, KPIs monitor
governance and a monitoring
matrix for tool.
cloudFigure 19 shows
computing the elements
services of the
includes the monitor
cloud controlmatrix forKPIs
matrix,
cloud data governance.
and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.
Cloud Control Matrix

Matrix
Matrix
KPIs
Monitor
KPIs
Monitor
Monitoring Tool
Monitoring Tool
Figure 19. Monitor matrix elements for cloud data governance.
Figure 19. Monitor matrix elements for cloud data governance.

Figure 20 highlights theMonitor
Figure 19. overallmatrix elements
taxonomies offor cloud
governance for cloud and non-cloud.
Figure 20 highlights the overall taxonomies of data governance for cloud and non-cloud.
Figure 20 highlights the overall taxonomies of data governance for cloud and non-cloud.
Data Governance Office

Data Governance Council
People and Executive Sponsorship
Organisational CIO
Bodies Data Management Committee
Data Stewards Committee
Traditional Principles
Data Policy and
Policies
Governance Process
Standards
Hardware
Technology Software
Monitoring Tool
Data Data Stewardship Committee
Governance
Structure Cloud Manager
Cloud Provider Member
DATA GOVERNANCE
IT Member
Legal Member
Process
Data Standard
Governance
Function Principle
Procedure
Public
Cloud Private
Deployments
Model Hybrid
Community
IaaS
Service Delivery
SaaS
Model
PaaS
Cloud Consumer
Cloud Provider
Cloud Actors Cloud Auditor
Cloud Carrier
Service Level Cloud Broker
Cloud Data Agreement Organisation Charts
Governance Organisation Vision and Mission
Organisation Strategy
Business Model
Organisational
Decision-Making Processes
Communication Plan
Training Plan
Change Management Plan
Availability
Reliability
Security
Privacy
Technical
Quality
Ownership
Auditing
Integrity
Data Protection Act
Legal Change of Control Act
Cloud Regulations
Monitor Matrix KPIs
Monitoring Tool
Figure 20. Figure 20. The

The overall overall taxonomies
taxonomies of data governance
of data governance for cloud
for cloud and and non-cloud.
non-cloud.
6. Conclusions
Data management solutions alone are becoming very expensive and are unable to cope with
the reality of everlasting data complexity. Businesses have grown more sophisticated in their use of
data, which drives new demands, requiring different ways to handle this data. Forward-thinking
organisations believe that the only way to solve the data problem will be the implementation of
effective data governance. With the absence of sufficient literature on data governance in general,
and specifically for the cloud paradigm, this paper presents a useful contribution to the relevant
research communities. In this paper, we proposed taxonomies for data governance, for both non-cloud
and cloud computing networks. A holistic taxonomy that combines all different taxonomies is depicted
in Figure 20. These taxonomies are supported by the results of a systematic literature review (SLR),
which offers a structured, methodical, and rigorous approach to the understanding of the state of the
art of research in data governance. The objective of the study is to provide a credible intellectual guide
for upcoming researchers in data governance, to help them identify areas in data governance research
where they can make the most impact.
However, this study presents a taxonomy of data governance development requirements for
non-cloud and the cloud environments; thus, it does not cover a taxonomy of operational data
governance risks that attempts to identify and organize the sources of operational data governance
risk. Moreover, this paper is the first of its type, to the best of the authors’ knowledge, to cover cloud
data governance taxonomy; this presents another limitation, which is related to the lack of relevant
literature in this subject domain. The literature shows that most of the existing studies focus on
a survey of data governance for non-cloud environments, whilst only three sources in the literature
focused on accountability of data governance in cloud computing environments.
Due to the lack of research in this subject area, future work will focus of validation of the proposed
taxonomies with specialists from both academia and practitioners. Further research can investigate
the application of the proposed taxonomies, especially for cloud data governance, in real world case
scenarios. The presented research in this paper shows the lack of research in cloud data governance,
which creates an urge for the need to develop a holistic framework for cloud data governance strategy,
which highlights the main pillars, processes and attributes to design more specific data governance
program. The proposed taxonomies are expected to play an instrumental role in developing such
a framework.
Author Contributions: All authors have contributed in this paper by research, scoping writing, and/or reviewing
of assigned sections.
Conflicts of Interest: The authors declare no conflict of interest.
References
1. Nfuka, E.; Rusu, L. Critical Success Factors for Effective IT Governance in the Public Sector Organizations in
a Developing Country: The Case of Tanzania. In Proceedings of the ECIS 2010, 18th European Conference
on Information Systems, Pretoria, South Africa, 7–9 June 2010.
2. Salami, O.L.; Johl, S.K.; Ibrahim, M.Y. Holistic Approach to Corporate Governance: A Conceptual Framework.
Glob. Bus. Manag. Res 2014, 6, 251.
3. Weber, K.; Otto, B.; Osterle, H. One Size Does Not Fit All—A Contingency Approach to Data Governance.
ACM J. Data Inf. Qual. 2009, 1, 4. [CrossRef]
4. Begg, C.; Caira, T. Exploring the SME Quandary: Data Governance in Practise in the Small to Medium-Sized
Enterprise Sector. Electron. J. Inf. Syst. Eval. 2012, 15, 3–13.
5. Buffenoir, E.; Bourdon, I. Managing extended organizations and data governance. Adv. Intell. Syst. Comput.
2013, 205, 135–145.
6. Niemi, E. Designing a Data Governance Framework. In Proceedings of the IRIS Conference, At Oslo, Norway,
18 August 2011; Volume 14.
7. Rouse, M. Data governance definition. Available online: www.whatis.techtarget.com (accessed on 9 April 2017).
8. Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. Key dimensions for cloud data governance. In Proceedings of
the FiCloud 2016, The IEEE 4th International Conference on Future Internet of Things and Cloud, Vienna,
Austria, 22–24 August 2016; pp. 379–386.
9. Wende, K. A Model for Data Governance—Organising Accountabilities for Data Quality Management. In
Proceedings of the 18th Australasian Conference on Information Systems; University of Southern Queensland:
Toowoomba, Australia, 2007; pp. 417–425.
10. Chao, L. (Ed.) Cloud Computing for Teaching and Learning: Strategies for Design and
Implementation: Strategies for Design and Implementation. IGI Global, 2012. Available online:
https://books.google.com.hk/books?hl=zh-TW&lr=&id=PKWeBQAAQBAJ&oi=fnd&pg=PR1&
dq=Cloud+computing+for+teaching+and+learning:+strategies+for+design+and+implementation:
+strategies+for+design+and+implementation.+IGI+Global&ots=K2qgWXdeuQ&sig=3MkVNY_
ATWYVjYNuthdn6EPAl3g&redir_esc=y#v=onepage&q=Cloud%20computing%20for%20teaching%
20and%20learning%3A%20strategies%20for%20design%20and%20implementation%3A%20strategies%
20for%20design%20and%20implementation.%20IGI%20Global&f=false (accessed on 1 December 2017).
11. Fu, X.; Wojak, A.; Neagu, D.; Ridley, M.; Kim, T. Data governance in predictive toxicology: A review.
J. Cheminform. 2001, 3, 24. [CrossRef] [PubMed]
12. Prasetyo, H.N.; Surendro, K. Designing a data governance model based on soft system methodology (SSM)
in organization. J. Theor. Appl. Inf. Technol. 2015, 78, 46–52.
13. Panian, Z. Some Practical Experiences in Data Governance. World Acad. Sci. Eng. Technol. 2010, 62, 939–946.
14. Seiner, R.S. Non-Invasive Data Governance, 1st ed.; Technics Publications: New York, NY, USA, 2014.
15. Russom, P. Data Governance Strategies: Helping Your Organization Comply, Transform, and Integrate; The Data
Warehousing Institute: Los Angeles, CA, USA, 2008.
16. Kamioka, T.; Luo, X.; Tapanainen, T. An Empirical Investigation of Data Governance: The Role of
Accountabilities. In Proceedings of the 20th Pacific Asia Conference on Information Systems (PACIS 2016),
Chiayi, Taiwan, 27 June–1 July 2016.
17. Poor, M. Applying Aspects of Data Governance from the Private Sector to Public Higher Education; University of
Pregon: Eugene, OR, USA, 2011; Volume 1277, p. 125.
18. Mell, P.; Grance, T. The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards
and Technology; NIST Special Publ.: Gaithersburg, MD, USA, 2011; Volume 145, p. 7.
19. Almarabeh, T.; Majdalawi, Y.K.; Mohammad, H. Cloud Computing of E-Government. Commun. Netw. 2016,
8, 1–8. [CrossRef]
20. Kshetri, N. Cloud computing in developing economies. IEEE Comput. 2012, 43, 47–55. [CrossRef]
21. Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. Current State of Cloud Computing Adoption—An Empirical
Study in Major Public Sector Organizations of Saudi Arabia (KSA). Procedia Comput. Sci. 2017, 110, 378–385.
[CrossRef]
22. Bojanova, I.; Samba, A. Analysis of cloud computing delivery architecture models. In Proceedings of the
2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications
(WAINA), Singapore, 22–25 March 2011; pp. 453–458.
23. Forell, T.; Milojicic, D.; Talwar, V. Cloud Management: Challenges and Opportunities. In Proceedings of
the 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum
(IPDPSW), Shanghai, China, 16–20 May 2011; pp. 881–889.
24. Al-Ruithe, M.; Benkhelifa, E.; Hameed, K. A conceptual framework for designing data governance for cloud
computing. Procedia Comput. Sci. 2016, 94, 160–167. [CrossRef]
25. Ko, R.K.L.; Jagadpramana, P.; Mowbray, M.; Pearson, S.; Kirchberg, M.; Liang, Q.; Lee, B.S. TrustCloud:
A framework for accountability and trust in cloud computing. In Proceedings of the 2011 IEEE World
Congress on Rvices (Services), Washington, DC, USA, 4–9 July 2011; pp. 584–588.
26. Bumpus, W. NIST Cloud Computing Standards Roadmap; NIST: Gaithersburg, MD, USA, 2010; pp. 1–3.
27. Ramachandra, G.; Iftikhar, M.; Khan, F.A. A Comprehensive Survey on Security in Cloud Computing.
Procedia Comput. Sci. 2017, 110, 465–472. [CrossRef]
28. Sirimovu, J.U.N.; Artins, O.P. A Decision Framework to Mitigate Vendor Lock-in Risks in Cloud (SaaS Category)
Migration; Bournemouth University: Poole, UK, 2017.
29. Jennings, B.; Stadler, R. Resource Management in Clouds: Survey and Research Challenges. J. Netw.
Syst. Manag. 2013, 23, 567–619. [CrossRef]
30. Rifaie, M.; Alhajj, R.; Ridley, M. Data governance strategy: A key issue in building enterprise data warehouse.
In Proceedings of the iiWAS ’09, 11th International Conference on Information Integration and Web-Based
Applications & Services, Kuala Lumpur, Malaysia, 14–16 December 2009; pp. 587–591.
31. Neela, K.L.; Kavitha, V. A Survey on Security Issues and Vulnerabilities on Cloud Computing. Int. J. Comput.
Sci. Eng. Technol. 2013, 4, 855–860.
32. Thomas, G. The DGI Data Governance Framework; Data Gov. Institute: Orlando, FL, USA, 2006; Volume 20.
33. Cheong, L.K.; Chang, V. The Need for Data Governance: A Case Study. In Proceedings of the 18th
Australasian Conference on Information System, Toowoomba, Australia, 5–7 December 2007; Volume 100,
pp. 999–1008.
34. Ladley, J. Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program; Newnes:
Boston, MA, USA, 2012.
35. Verhoef, C. Quantifying the effects of IT-governance rules. Sci. Comput. Program. 2007, 67, 247–277.
[CrossRef]
36. De Haes, W.V.G.S. Practiices in IT Governance and Business/IT alignment. Inf. Syst. Control 2008, 2, 1–6.
37. Otto, B. A Morphology of the Organisation of Data Governance. In Proceedings of the Conference 19th
European Conference on Information Systems (ECIS 2011), Helsinki, Finland, 9–11 June 2011; p. 272.
38. HIMSS Clinical & Business Intelligence Committee. A Roadmap to Effective Data Governance: How to Navigate
Five Common Obstacles; HIMSS Clinical & Business Intelligence Committee: Chicago, IL, USA, 2015.
39. Guillory, K. The 4 Reasons Data Governance Fails. Available online: http://www.noah-consulting.
com/experience/papers/4%20Reasons%20Data%20Governance%20Fails%20-%20Guillory.pdf (accessed on
1 December 2017).
40. Héroux, S.; Fortin, A. The influence of IT governance, IT competence and IT-business alignment on
innovation. In Proceedings of the 2016 Canadian Academic Accounting Association (CAAA) Annual
Conference, Centre St. John’s, NL, USA, 2–4 June 2016; pp. 1–36.
41. Salido, J.; Manager, S.P.; Group, T.C.; Corporation, M.; Cavit, D. A Guide to Data Governance for Privacy,
Confidentiality, and Compliance. Microsoft Trust. Comput. 2010, 6, 17.
42. Cloud Security Alliance. Cloud Data Governance Research Sponsorship; Cloud Security Alliance: Seattle, WA,
USA, 2012.
43. Adelman, S. Without a Data Governance Strategy. DM Rev. 2008, 18, 32.
44. Otto, B. Data governance. Bus. Inf. Syst. Eng. 2011, 3, 241–244. [CrossRef]
45. Hallikas, J. Data Governance and Automated Marketing—A Case Study of Expected Benefits of Organizing Data
Governance in an ICT Company; University of Helsinki: Helsinki, Finland, 2015; pp. 1–89.
46. Kitchenham, B.; Charters, S. Guidelines for performing Systematic Literature Reviews in Software
Engineering. Engineering 2007, 2, 1051.
47. Buffenoir, E.; Bourdon, I. Reconciling complex organizations and data management: The Panopticon
paradigm. arXiv, 2012.
48. Badrakhan, B.B. Drive toward Data Governance. Available online: http://www.ewweb.com/e-biz/drive-
toward-data-governance (accessed on 1 December 2017).
49. Weber, K.; Cheong, L.; Otto, B.; Chang, V. Organising Accountabilities for Data Quality Management-A Data
Governance Case Study. In Proceedings of the Conference DW2008: Synergies through Integration and
Information Logistics, St Gallen, Switzerland, 27 October 2008; pp. 347–359.
50. Office, D.G. The State of New Jersey Data Governance Framework Strategic Plan; New Jersey University:
Jersey City, NJ, USA, 2013.
51. Neff, A.; Schosser, M.; Zelt, S.; Uebernickel, F.; Brenner, W. Explicating performance impacts of it governance
and data governance in multi-business organisations. In Proceedings of the 24th Australasian Conference on
Information Systems (ACIS), Melbourne, Australia, 4–6 December 2013.
52. Kunzinger, F.; Corporation, H.; Haines, P.; Consulting, N.; Schneider, S.; Solutions, V. Delivering a Data
Governance Strategy that Meets Business Objectives. In Proceedings of the 14th International Conference on
Petroleum Data Integration, Data & Information Management, Houston, TX, USA, 17–19 May 2010.
53. Mary, B.; Mccarthy, P.; Hill, S. Cloud Adoption Points to IT Risk and Data Governance Challenges.
Available online: https://www.in.kpmg.com/SecureData/ACI/Files/cloudadoptiondaaprilmay2011.pdf
(accessed on 1 December 2017).
54. Soares, S. The IBM Data Governance Unified Process: Driving Business Value with IBM Software and Best Practices;
Mc Press: Chicago, IL, USA, 2010; p. 153.
55. Allen, C.; Jardins, T.R.D.; Heider, A.; Lyman, K.A.; McWilliams, L.; Rein, A.L.; Schachter, A.A.; Singh, R.;
Sorondo, B.; Topper, J.; et al. Data governance and data sharing agreements for community-wide health
information exchange: lessons from the beacon communities. EGEMS 2014, 2, 1057. [CrossRef] [PubMed]
56. Nunn, S. Driving Compliance through Data Governance. J. AHIMA 2009, 80, 50–51. [PubMed]
57. Imhanwa, S.; Greenhill, A.; Owrak, A. Designing Data Governance Structure: An Organizational Perspective.
GSTF J. Comput. 2013, 4, 1–10.
58. Bhansali, N. Data Governance: Creating Value from Information Assets; Auerbach Publications: Boca Raton, FL,
USA, 2014.
59. Sarsfield, S. Data Governance Imperative; IT Governance Publishing: Cambridgeshaire, UK, 2009.
60. Felici, M.; Koulouris, T.; Pearson, S. Accountability for Data Governance in Cloud Ecosystems. In Proceedings
of the 2013 IEEE 5th International Conference on Loud Computing Technology and Science (Cloudcom),
Bristol, UK, 2–5 December 2013; pp. 327–332.
61. Groß, S.; Schill, A. Towards user centric data governance and control in the cloud. In Proceedings of the
International Workshop on Open Problems in Network Security (iNetSec), Lucerne, Switzerland, 9 June 2011;
pp. 132–144.
62. Wendy, Y. Is data governance in cloud computing still a mirage or do we have a vision we can trust.
Softw. World 2011, 42, 15.
63. Mustimuhw Information Solutions Inc. Data Governance Framework: Framework and Associated Tools;
Mustimuhw Information Solutions Inc.: Duncan, BC, Canada, 2015.
64. Best Practices in Enterprise Data Governance. Available online: https://www.sas.com/content/dam/SAS/
en_ca/doc/other1/best-practices-enterprise-data-governance-106538.pdf (accessed on 1 December 2017).
65. Russom, P. Data Governance strateGies. Bus. Intell. J. 2008, 13, 13–15.
66. Thomas, G. How to Use the DGI Data Governance Framework to Configure Your Program. Data Gov. Inst.
Available online: www.DataGovernance.com (accessed on 23 June 2016).
67. Australian Institute of Health and Welfare. AIHW Data Governance Framework 2014 (AIHW); Australian
Institute of Health and Welfare: Canberra, Australia, 2014.
68. Loshin, D. Operationalizing Data Governance through Data Policy Management; Knowledge Integrity, Inc.:
Washington, DC, USA, 2010.
69. Adler, S. The IBM Data Governance Council Maturity Model: Building a Roadmap for Effective Data Governance;
IBM Corporation: Somers, NY, USA, 2007.
70. Salido, J. Data Governance for Privacy, Confidentiality and Compliance: A Holistic Approach. ISACA J.
2010, 6, 1–7.
71. Hunter, L. Tools for Cloud Accountability: A4Cloud Tutorial. 2015. Available online: http://www.a4cloud.
eu/node/362 (accessed on 4 November 2015).
72. Solutions, C. Data Governance in the Cloud; Cloud Industry Forum: York Road Maidenhead, UK, 2013.
73. Tountopoulos, V.; Athens Technology Center. The Problem of Cloud Data Governance. Available online:
http://www.cspforum.eu/uploads/Csp2014Presentations/Track_13/The%20problem%20of%20cloud%
20data%20governance.pdf (accessed on 4 November 2015).
74. Cloud Security Alliance, Cloud Data Governance Working Group, 2015. Available online: https://
cloudsecurityalliance.org/group/cloud-data-governance/ (accessed on 21 May 2015).
75. Alexandria, V. Despite Data Governance Efforts, Eighty-Nine Percent of Federal IT Professionals Are Apprehensive
about Migrating IT Services to the Cloud, 2014. Available online: http://www.businesswire.com/news/
home/20140909005167/en/Data-Governance-Efforts-Eighty-Nine-Percent-Federal-Professionals#.VeV27Jrovcc
(accessed on 12 July 2015).
76. Youssef, A. Exploring Cloud Computing Services and Applications. J. Emerg. Trends Comput. 2012, 3,
838–847.
77. Government, A. The National Cloud Computing Strategy. Natl. Broadband Netw. 2013, 2013, 36.
78. Preittigun, A.; Chantatub, W. A Comparison between IT Governance Research and Concepts in COBIT 5.
Int. J. Res. Manag. Technol. 2012, 2, 581–590.
79. Lee, S.U.; Zhu, L.; Jeffery, R.; Group, A.P. Data Governance for Platform Ecosystems: Critical Factors and the
State of Practice. arXiv, 2017.
80. Herbst, N.R.; Kounev, S.; Reussner, R. Elasticity in Cloud Computing: What It Is, and What It Is Not.
In Proceedings of the 10th International Conference on Autonomic Computing, San Jose, CA, USA,
26–28 June 2013; pp. 23–27.
81. Debreceny, R.S.; Gray, G.L. IT Governance and Process Maturity: A Multinational Field Study. J. Inf. Syst.
2013, 27, 157–188. [CrossRef]
82. Kooper, E.; Maes, M.R.; Lindgreen, R. Information Governance as a Holistic Approach to Managing and
Leveraging Information Prepared for IBM Corporation. Int. J. Inf. Manag. 2011, 31, 1–27.
83. Williams, P.A.H. Information governance: a model for security in medical practice. J. Digit. Forensics
Secur. Law 2007, 2, 57–74. [CrossRef]
84. Gartner, Information Governance. 2016. Available online: http://www.gartner.com (accessed on 17 May 2017).
85. Woldu, L. Cloud Governance Model and Security Solutions for Cloud Service Providers; Metropolia
Ammattikorkeakoulu: Helsinki, Finland, 2013.
86. Saidah, A.S.; Abdelbaki, N. A new cloud computing governance framework. In Proceedings of the
CLOSER 2014, International Conference Cloud Computing Services Science, Barcelona, Spain, 3–5 April 2014;
pp. 671–678.
87. Kofi, J.; Kwame, K. Who ‘owns’ the cloud? An empirical study of cloud governance in cloud computing in
ghana. In Proceedings of the 28th European Regional Conference of the International Telecommunications
Society (ITS), Passau, Germany, 30 July–2 August 2017.
88. Olaitan, O.; Herselman, M.; Wayi, N. Taxonomy of literature to justify data governance as a prerequisite for
information governance. In Proceedings of the 28th Annual Conference of the Southern African Institute of
Management Scientists (SAIMS), Pretoria, South Africa, 4–7 September 2016.
89. Sein, M.K.; Henfridsson, O.; Rossi, M. Research essay action design research. MIS Q. 2011, 30, 611–642.
90. Jansen, W.; Grance, T. Guidelines on Security and Privacy in Public Cloud Computing. Available online:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf (accessed on 1 December 2017).
91. Grant, O.I. Oklahoma Interoperability Grant Project Oklahoma Interoperability Grant Data Roadmap;
US Department of Health and Human Services: Washington, DC, USA, 2013.
92. Bell, R. Institutional Data Governance Policy; Vanderbilt University and Medical Centre: Nashville, Tennessee,
2014; pp. 1–12.
93. Farrell, R. Securing the Cloud—Governance, Risk, and Compliance Issues Reign Supreme. Inf. Secur. J.
Glob. Perspect. 2010, 19, 310–319. [CrossRef]
94. Wende, K. Data Governance Defining Accountabilities for Data Quality Management. In Proceedings
of the Italian Workshop on Information Systems (SIWIS 2007, Side Event of ECIS 2007), Carisolo, Italy,
9–14 February 2007.
95. Theoharidou, M.; Papanikolaou, N.; Pearson, S.; Gritzalis, D. Privacy risk, security, accountability in the
cloud. In Proceedings of the 2013 IEEE 5th International Conference on Cloud Computing Technology and
Science (CloudCom), Bristol, UK, 2–5 December 2013; pp. 177–184.
96. Trivedi, H. Cloud Adoption Model for Governments and Large Enterprises. Master’s Thesis, Massachusetts
Institute of Technology, Cambridge, MA, USA, 2013.
97. Weber, R.; Iruka, I. Best Practices in Data Governance and Management for Early Care and Education: Supporting
Effective Quality Rating and Improvement Systems; U.S. Department of Health and Human Services: Washington,
DC, USA, 2014.
98. Power, D.; Street, W. Sponsored by All the Ingredients for Success: Data Governance, Data Quality and
Master Data Management. Hub Solut. Des. 2013, 2043, 1–20.
99. Cloud Standards Customer Council (CSCC). Security for Cloud Computing 10 Steps to Ensure Success;
Cloud Standards Customer Council: Needham, MA, USA, 2012; pp. 1–35.
100. Cloud Standards Customer Council. Practical Guide to Cloud Service Level Agreements Version 1.0;
Cloud Standards Customer Council: Needham, MA, USA, 2012; pp. 1–44.
101. Bulla, C.M.; Bhojannavar, S.S.; Danawade, V.M. Cloud Computing: Research Activities and Challenges. Int.
J. Emerg. Trends Technol. Comput. Sci. 2013, 2, 206–214.
102. Badger, L.; Grance, T.; Corner, R.P.; Voas, J. Cloud Computing Synopsis and Recommendations; NIST Publications:
Gaithersburg, MD, USA, 2011.
103. Chawngsangpuii, R.; Das, R.K. A challenge for security and service level agreement in cloud computing.
Int. J. Res. Eng. Technol. 2014, 2319–2322. [CrossRef]
104. Cochran, M.; Witman, P.D. Governance and service level agreement issues in a cloud computing environment
computing environment. J. Inf. Technol. Manag. 2011, 22, 41–55.
105. Goals, S.; Dyche, J.; Levy, E. Data Governance: Getting It Right! GFT: Stuttgart, Germany, 2015; pp. 1–3.
106. Alkhater, N.; Wills, G.; Walters, R. Factors Influencing an Organisation’s Intention to Adopt Cloud Computing
in Saudi Arabia. In Proceedings of the 2014 IEEE 6th International Conference on Loud Computing
Technology and Science (CloudCom), Singapore, 15–18 December 2014; pp. 1040–1044.
107. Khajeh-Hosseini, A.; Sommerville, I.; Sriram, I. Research Challenges for Enterprise Cloud Computing.
arXiv, 2010.
108. Confidential, W.S.; Reserved, A.R. Holistic Approach to Key Challenges Unstructured Data Governance Holistic
Approach to Key Challenges; WhiteBox: Schwyz, Switzerland, 2012.
109. Van der, L.M. Measuring Data Governance; Leiden University: Leiden, The Nederland, 2015; p. 89.
110. Cloud Standards Customer Council. Security for Cloud Computing Ten Steps to Ensure Success.
Available online: http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-
Steps-to-Ensure-Success.pdf (accessed on 14 August 2016).
111. Brett. Data Governance Best Practices and Trends within South African Companies; Glue Data: Cape Town,
South African, 2009.
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access
article distributed under the terms and conditions of the Creative Commons Attribution
(CC BY) license (http://creativecommons.org/licenses/by/4.0/).

Sustainability 10 00095 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sustainability 10 00095 PDF

Uploaded by

Copyright:

Available Formats

sustainability

Received: 12 October 2017; Accepted: 14 December 2017; Published: 2 January 2018

Sustainability 2018, 10, 95; doi:10.3390/su10010095 www.mdpi.com/journal/sustainability

2. What Is Data Governance and Why Is It Important?

3. Review of the Literature on Data Governance

Table 1. Categorisation of the resultant records on data governance.

Nature of Contribution Format References

Sustainability 2017, 9, 0095 10.3390/su10010095 6 of 26

Figure 2. The interrelations between governance domains.

Sustainability 2017, 9, 0095 10.3390/su10010095 9 of 26

Traditional Data Governance

Traditional Data Governance

Cloud Data Governance

Cloud Data Governance

Figure 4. Two main blocks of the data governance taxonomy.

People and Organizational Bodies

People and Organizational Bodies

Policy and Process

Policy and Process

Figure 5. Traditional data governance taxonomy.

Figure 5. Traditional data

Data Governance Office

Data Governance Council

Chief Information Officer

Data Management Committee

Policy and Process

Figure 8. The technology elements of traditional data governance.

Data Governance Structure

Policy and Process

Cloud Deployments Model

Service Delivery Model

Service Level Agreement

Data Management Committee

Data Stewardship Team

Cloud Provider Member

5.2.4. Cloud Service Delivery Model

5.2.4. Cloud Service Delivery Model

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Figure 14. Cloud actors in cloud data governance.

5.2.6. Service Level Agreement (SLA)

5.2.6. Service Level Agreement (SLA)

Data Governance Functions

Data Governance Requirements

Roles and Responsibilities

Data Governance Metrics and

Figure 15. Service

Organization Vision and Mission

Change Management Plan

5.2.8. Technical Context

The legalThe legalin

Sustainability 2017, 9, 0095 10.3390/su10010095 19 of 26

Data Protection Act

Change of Control Act

Cloud Control Matrix

Figure 19. Monitor matrix elements for cloud data governance.

Figure 19. Monitor matrix elements for cloud data governance.

Data Governance Office

Figure 20. Figure 20. The

You might also like