ArticlePDF Available

Data Governance Taxonomy: Cloud versus Non-Cloud

January 2018
Sustainability 10(1):2-26

January 2018
10(1):2-26

DOI:10.3390/su10010095

License
CC BY 4.0

Authors:

Majid Al-Ruithe

Ministry of Interior,Saudi Arabia,GDP

Elhadj Benkhelifa

Staffordshire University

Khawar Hameed

Birmingham City University

Forward-thinking organisations believe that the only way to solve the data problem is the implementation of effective data governance. Attempts to govern data have failed before, as they were driven by information technology, and affected by rigid processes and fragmented activities carried out on a system-by-system basis. Until very recently, governance has been mostly informal, with very ambiguous and generic regulations, in siloes around specific enterprise repositories, lacking structure and the wider support of the organisation. Despite its highly recognised importance, the area of data governance is still underdeveloped and under-researched. Consequently, there is a need to advance research in data governance in order to deepen practice. Currently, in the area of data governance, research consists mostly of descriptive literature reviews. The analysis of literature further emphasises the need to build a standardised strategy for data governance. This task can be a very complex one and needs to be accomplished in stages. Therefore, as a first and necessary stage, a taxonomy approach to define the different attributes of data governance is expected to make a valuable contribution to knowledge, helping researchers and decision makers to understand the most important factors that need to be considered when implementing a data governance strategy for cloud computing services. In addition to the proposed taxonomy, the paper clarifies the concepts of data governance in contracts with other governance domains.

The hierarchy for the difference between management and governance.

…

A Cloud Data Governance Taxonomy.

…

Technical context of cloud data governance.

…

Figures - uploaded by Majid Al-Ruithe

Content may be subject to copyright.

Content uploaded by Majid Al-Ruithe

Content may be subject to copyright.

sustainability

Article

Data Governance Taxonomy:

Cloud versus Non-Cloud

Majid Al-Ruithe *, Elhadj Benkhelifa * and Khawar Hameed

Cloud Computing and Applications Research Lab, School of Computing and Digital Technologies,

Staffordshire University, Stoke-on-Trent ST4 2DE, UK; khawar.hameed@staffs.ac.uk

*Correspondence: majid.al-ruithe@research.staffs.ac.uk (M.A.-R.); e.benkhelifa@staffs.ac.uk (E.B.);

Tel.: +966-598-343-504 (M.A.-R.); +44-791-640-6720 (E.B.)

Received: 12 October 2017; Accepted: 14 December 2017; Published: 2 January 2018

Abstract:

Forward-thinking organisations believe that the only way to solve the data problem is the

implementation of effective data governance. Attempts to govern data have failed before, as they were

driven by information technology, and affected by rigid processes and fragmented activities carried

out on a system-by-system basis. Until very recently, governance has been mostly informal, with very

ambiguous and generic regulations, in siloes around speciﬁc enterprise repositories, lacking structure

and the wider support of the organisation. Despite its highly recognised importance, the area of

data governance is still underdeveloped and under-researched. Consequently, there is a need to

advance research in data governance in order to deepen practice. Currently, in the area of data

governance, research consists mostly of descriptive literature reviews. The analysis of literature

further emphasises the need to build a standardised strategy for data governance. This task can

be a very complex one and needs to be accomplished in stages. Therefore, as a ﬁrst and necessary

stage, a taxonomy approach to deﬁne the different attributes of data governance is expected to make

a valuable contribution to knowledge, helping researchers and decision makers to understand the

most important factors that need to be considered when implementing a data governance strategy

for cloud computing services. In addition to the proposed taxonomy, the paper clariﬁes the concepts

of data governance in contracts with other governance domains.

Keywords:

data governance; cloud computing; cloud data governance; taxonomy; systematic

review; holistic

1. Introduction

We are accustomed to the concepts of information technology (IT) governance [1] and corporate

governance [

]. The term “governance”, in general, refers to the way an organisation ensures that

strategies are set, monitored, and achieved [

]. As IT has become the backbone of every organisation,

by deﬁnition, IT governance becomes an integral part of any business strategy, and falls under

corporate governance. Historically, data emerged out of disparate legacy transactional systems.

Then, data was seen as a by-product of running the business, and had little value beyond the

transaction and the application that processed it, hence data was not treated as a valuable shared

asset. This continued until the early 1990s, when the value of data started to take another trend

beyond transactions. Business decisions and processes increasingly started to be driven by data

and data analysis.

Further investment

in data management was the approach taken to tackle the

increasing volume, velocity, and variety of data, such as complex data repositories, data warehouses,

Enterprise Resource Planning (ERP), and Customer Relationship Management (CRMs) [

]. Data links

became very complex and shared amongst multiple systems, and the need to provide a single point

Sustainability 2018,10, 95; doi:10.3390/su10010095 www.mdpi.com/journal/sustainability

Sustainability 2018,10, 95 2 of 26

of reference in order to simplify daily functions became crucial, which gave birth to master data

management [5].

Data complexity and volume continue to explode; businesses have grown more sophisticated in

their use of data, which drives new demands that require different ways to combine, manipulate, store,

and present information. Forward-thinking companies recognised that data management solutions

alone are becoming very expensive and are unable to cope with business realities, and the data problem

must be solved in a different way [

]. During this time, the notion of data governance started to take

a different direction, a more important one. Attempts to govern data failed before, as they were driven

by IT, and affected by rigid processes and fragmented activities carried out on a system-by-system

basis. Until very recently, governance has been mostly informal, in siloes around speciﬁc enterprise

repositories, lacking structure and the wider support of the organisation. Despite its recognised high

importance, data governance is still an under-researched area and less practised in industry [

Researchers differ in their deﬁnitions of data governance. The governance concept can be understood

in different contexts, for instance, corporate governance, information governance, IT governance,

and data governance; Wende [

] and Chao [

] argue that data governance and IT governance need to

follow corporate governance principles.

To achieve successful data governance, organisations need a strategy framework that can be

easily implemented in accordance with the needs and resources of information [

]. A good data

governance framework can also help organisations to create a clear mission, achieve clarity, increase

conﬁdence in using organisational data, establish accountabilities, maintain scope and focus, and deﬁne

measurable successes [

]. To facilitate data governance, Seiner [

] argues that organisations

must design a data governance model of role responsibilities to identify people who have a level of

accountability to deﬁne, produce, and use data in the organisation. Along similar lines, some authors

in the literature argues that organisations should obtain responsibility for data from the information

technology (IT) department, with the participation and commitment of IT staff, business management,

and senior-level executive sponsorship in the organization [

]. Experts in this ﬁeld show that where

organisations do not implement data governance, the chaos is not as obvious, but the indicators are

glaring, including dirty, redundant, and inconsistent data; inability to integrate; poor performance;

terrible availability; little accountability; users who are increasingly dissatisﬁed with IT performance;

and a general feeling that things are out of control [

]. The ﬁrst efforts to create a framework for data

governance were published in 2007 [9,17].

The emergence of cloud computing is a recent development in technology. The National

Institute of Standards and Technology (NIST) [

] deﬁned cloud computing as “a model for enabling

ubiquitous, convenient, on-demand network access to a shared pool of conﬁgurable computing resources

(e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released

with minimal management effort or service provider interaction”. The cloud computing model enhances

availability, and is composed of ﬁve essential characteristics, four deployment models, and three service

models [

]. The essential characteristics of cloud computing include on-demand self-service, broad

network access, resource pooling, rapid elasticity, and measured service [

]. The cloud deployment

models are the private, public, hybrid, and community models [

]. In addition, cloud computing

includes three service delivery models, which are: Software as a Service (SaaS), Platform as a Service

(PaaS), and Infrastructure as a Service (IaaS) [

]. Cloud computing offers potential beneﬁts to public

and private organisations by making IT services available as a commodity [

]. The generally

claimed beneﬁts of cloud computing include: cost efﬁciency, unlimited storage, backup and recovery,

automatic software integration, easy access to information, quick deployment, easier scale of services,

and delivery of new services [

]. Furthermore, other beneﬁts include: optimised server utilisation,

dynamic scalability, and minimised life cycle development of new applications. However, cloud

computing is still not widely adopted due to many factors, mostly concerning the moving of business

data to be handled by a third party [

], where, in addition to the cloud consumer and provider,

there are other actors: the cloud auditor, cloud broker, and cloud carrier [

]. Therefore, loss of control

Sustainability 2018,10, 95 3 of 26

of data, security and privacy of data, data quality and assurance, data stewardship, etc. can all be

cited as real concerns of adopting the cloud computing business model [

]. Data lock-in is another

potential risk, where cloud customers can face difﬁculties in extracting their data from the cloud [28].

Cloud consumers

can also suffer from operational and regulatory challenges, as organisations transfer

their data to third parties for storage and processing [

]. In addition, it may be difﬁcult for the

consumers to check the data handling practices of the cloud provider or any of the other involved

actors [

]. The cloud computing model is expected to be a highly disruptive technology, and the

adoption of its services will, therefore, require even more rigorous data governance strategies and

programmes, which may be more complex, but are necessary.

The general consensus among authors is that data governance refers to the entirety of decision

rights and responsibilities concerning the management of data assets in organisations. This deﬁnition

does not, however, provide equal prominence for data governance within the cloud computing

technology context. Therefore, this deﬁcit calls for in-depth understanding of data governance

and cloud computing. This trend contributes to changes in the data governance strategy in the

organisation, such as the organisation’s structure and regulations, people, technology, processes, roles,

and responsibilities. This is one of the great challenges facing organisations today when they move

their data to cloud computing environments, particularly regarding how cloud technology affects data

governance. The authors’ general observation reveals that the area of data governance in general is

under-researched and not widely practised by organisations, let alone when it is concerned with cloud

computing, where research is in its infancy and far from reaching maturity.

This forms the main motivation behind this paper, which attempts to provide the readers with

a holistic view of data governance for both cloud and non-cloud computing, using a taxonomy

approach. The contribution of this paper is unprecedented, with this taxonomy expected to be very

valuable in developing coherent frameworks and programmes of Data Governance for both cloud and

non-cloud computing. One main question has been considering to formulate the results in this study

which is following: what is the main factor that require to develop the data governance for non-cloud

and cloud computing?

The remainder of the article is structured in seven sections. The next section discusses what

data governance is, and why it is important, followed by a section reviewing the literature on data

governance. A subsequent section presents the relationship between data governance and other

governance domains. Following this, the data governance taxonomy section presents a holistic

taxonomy for data governance for cloud and non-cloud. The ﬁnal Section presents the conclusions,

limitations of research and future work.

2. What Is Data Governance and Why Is It Important?

It is important, before developing a holistic taxonomy, to deﬁne the context of data governance.

Often, researchers and practitioners confuse data governance and data management. The deﬁnition of

data management provided by the Data Management Association (DAMA) is: “data management is the

development, execution and supervision of plans, policies, programs and practices that control, protect, deliver

and enhance the value of data and information assets”[

]. Data management in general focuses on the

deﬁning of the data element, how it is stored, structured, and moved. Although there is no ofﬁcial

standard deﬁnition of data governance, to provide clarity, we refer to the most cited deﬁnitions offered

by some important organisations and specialists.

According to the Data Governance Institute (DGI), data governance is “a system of decision

rights and accountabilities for information-related processes, executed according to agreed-upon

models which describe who can take what actions with what information, and when, under what

circumstances, using what methods” [

]. The IT Encyclopedia deﬁnes data governance as: “the overall

management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound

data governance program includes a governing body or council, a deﬁned set of procedures, and a plan to

execute those procedures”[

]. DAMA, on the other hand, deﬁnes data governance as: “the exercise of

Sustainability 2018,10, 95 4 of 26

authority, control and shared decision-making (planning, monitoring and enforcement) over the management of

data assets”[

]. According to DAMA, data governance is, therefore, high-level planning and control

over data management [

]. Wende [

] have also argued that data governance is different from data

management, that data governance complements data management, but does not replace it. Ladley [

]

deﬁned data governance as “a system of decision rights and accountabilities for information-related

processes, executed according to agreed-upon models which describe who can take what actions with

what information, and when, under what circumstances, using what methods”. Weber [

] suggested

that data governance “speciﬁes the framework for decision rights and accountabilities to encourage

desirable behaviour in the use of data. To promote desirable behaviour, data governance develops

and implements corporate-wide data policies, guidelines, and standards that are consistent with the

organization’s mission, strategy, values, norms, and culture.” More recently, “Non-Invasive”, a book

by Seiner in 2014, deﬁnes data governance as “the formal execution and enforcement of authority over

the management of data and data related assets” [14].

Some other researchers or practitioners seem also to confuse IT governance and data governance.

IT governance is a much more mature area, with the ﬁrst publications on the topic released about

four decades ago [

], while data governance is still under-researched. Organisations with mature

IT governance practices tend to have a stronger alignment between IT and business [

], and the

author argues that organisations should gain the responsibility for data from the IT department.

Besides IT governance, data governance also has a signiﬁcant role in aligning the organisation’s

business. Data governance can be used to solve an assortment of business issues related to data

and information [

]. Otto [

] argued that a data governance model helps organisations to

structure and document the accountabilities for their data quality. Some authors have explicitly

demonstrated that data governance is different from IT governance in principle and practice [

In principle,

data governance is designed for the governance of data assets, while IT governance makes

decisions about IT investments, the IT application portfolio, and the IT projects portfolio. In practice,

IT governance is designed primarily around an organisation’s hardware and applications, not its data.

Al Rifai M. et al. [

] argues that enterprise-wide data strategy and governance are important for

organisations, and are required to achieve competitive advantage. In addition, all existing sources

have hitherto only addressed data governance. The fact that organisations need to take many aspects

into consideration when implementing data governance has been neglected so far [

]. Moreover,

some researchers

show that organisations which do not implement effective data governance can

quickly lose any competitive advantage [

]. Seiner [

] illustrated that working without a proper

data governance programme is analogous to an organisation allowing each department and each

employee to develop, for instance, their own ﬁnancial chart of accounts. Data governance in any

organisation requires the involvement and commitment of all staff, with full sponsorship by the

management and senior-level executive sponsorship [40].

Recently, many organisations have become aware of the increasing importance of governing

their data to ensure the conﬁdentiality, integrity, quality, and availability of customer data [

Currently, there is no single approach for the implementation of a data governance programme for

all organisations [

]. Good data governance can help organisations to create a clear mission, achieve

clarity, increase conﬁdence in using organisational data, establish accountabilities, maintain scope

and focus, and deﬁne measurable successes [

]. Moreover, many authors have suggested that

developing effective data governance will lead to many beneﬁts for organisations. These beneﬁts are:

enabling more effective decision-making, reducing operational friction, and protecting the needs of data

stakeholders as central to a governance programme [

]. In addition, other beneﬁts include: training

of management and staff to adopt common approaches to data issues, build standard, repeatable

processes, reducing costs and increasing effectiveness through coordination of efforts, and ensuring

the transparency of processes [16,17,37].

Sustainability 2018,10, 95 5 of 26

3. Review of the Literature on Data Governance

An up-to-date literature review has been undertaken to help us and the readers understand

the research landscape in data governance. This review will be instrumental in developing the

aforementioned taxonomy. The review followed the systematic literature review protocol, deﬁned

by [

], with customised search strings, a study selection process, and inclusion and exclusion criteria.

The search was conducted in the following libraries and databases: Google Scholar, Staffordshire

e-resources Libraries, Saudi Digital Library, and the British Library (Ethos). The term “data governance”

was used in this search, but we also tried a combination of keywords in order to test for synonyms

used in the literature and to cover all relevant publications. The following search strings were also

used, “data governance organization”, “governance data”, “data governance in cloud computing”,

“data governance for cloud computing”, and “cloud data governance”. All these search strings were

combined by using the Boolean “OR” operator as follows: ((data governance) OR (data governance

organization) OR (governance data) OR (data governance in cloud computing) OR (data governance

for cloud computing) OR (cloud data governance)).

The search covered the period between 2000 and 2017. The study selection process was based

on four stages, and only 52 records on data governance, which meet the criteria and fall within the

scope of the study, were attained for the ﬁnal review. Table 1provides a summary of these 52 papers,

categorised by academic- and practice-oriented contributions for cloud and non-cloud computing.

Table 1. Categorisation of the resultant records on data governance.

Nature of Contribution Format References

Academic

Papers in journals and conference

proceedings, books, working reports

and theses

Non-cloud:

[6,7,9,11–14,30,33,34,37,44,47–59].

Cloud Computing:

[60–62].

Practice-oriented Publications by industry associations,

software vendors and analysts

Non-cloud:

[38,39,63–65], [50,52,66–111].

Cloud Computing:

[41,42,53,70–72].

Out of the retained 52 records, only ﬁve records were reported in academic literature on data

governance for cloud services. All reported research agrees that only a few organisations have

addressed data governance, and only partially. Additionally, all reported academic literature stated

that data governance is one of the key components for any enterprise cloud; they also described

some issues related to moving data to the cloud outside the organisation’s premises, such as security,

data migration and interoperability. Felici et al. [

] focused more on one aspect of data governance,

accountability, where they proposed an accountability model for data stewardship in the cloud,

which explains data governance in terms of accountability attributes and cloud-mediated interactions

between actors. This model consists of accountability attributes, accountability practices and

accountability mechanisms. Tountopoulos [

] focused on addressing interoperability requirements

relating to the protection of personal and conﬁdential data for cloud data governance. They also

categorised the accountability taxonomy, composed of seven main roles, which are: cloud subject,

cloud customer, cloud provider, cloud carrier, cloud broker, cloud auditor, and cloud supervisory

authority.

Figure 1shows

the numbers of published research on data governance in the last 10 years,

following a systematic review.

Cloud data governance has also been overlooked by industry. Cloud Security Alliance,

Trustworthy Computing Group, and Microsoft Corporation are regarded as the recognised leaders

in this area. The Cloud Security Alliance cloud data governance working group currently focuses

on the data protection aspect, with an aim to propose a data governance framework to ensure the

availability, integrity, privacy, and overall security of data in different cloud models; this is far from

Sustainability 2018,10, 95 6 of 26

being realised [

]. Trustworthy Computing Group and Microsoft Corporation describe the basic

elements of a data governance initiative for privacy, conﬁdentiality, and compliance, and provide

guides to help organisations embark on this path [

]. According to a MeriTalk report in 2014,

only 44% of

IT professionals in the federal government believe their agencies have mature data

governance practices in the cloud. This report also suggests that about 56% of agencies are currently in

the process of implementing data stewardship or data governance programmes [75].

Evaluating the existing work on data governance for traditional IT and cloud computing reveals

that it is still very limited, lacking standards and uniﬁed deﬁnitions, hence a taxonomy approach to

classify different aspects and attributes of data governance will be a highly valuable contribution at

this stage.

Sustainability 2017, 9, 0095 10.3390/su10010095 6 of 26

practices in the cloud. This report also suggests that about 56% of agencies are currently in the process

of implementing data stewardship or data governance programmes [75].

Evaluating the existing work on data governance for traditional IT and cloud computing reveals

that it is still very limited, lacking standards and unified definitions, hence a taxonomy approach to

classify different aspects and attributes of data governance will be a highly valuable contribution at

this stage.

Figure 1. Number of published research on data governance in the last 10 years.

4. Data Governance and Other Governance Domains

With the emergence of new governance domains—to name but the most relevant ones,

Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud

Computing Governance—it is easy to confuse them, something we have observed in the literature,

where authors have interchanged these governance domains as if they are the same thing. It is

important, therefore, to differentiate between these domains, and more important to define how they

are linked to each other, particularly with respect to data governance. Figure 2 is a simplified view of

the interrelations between these domains.

Figure 2. The interrelations between governance domains.

Corporate governance has become important, as effective governance ensures that the business

environment is fair and transparent, and that companies can be held accountable for their actions

[76]. In contrast, weak corporate governance leads to waste, mismanagement and corruption.

According to the Organization for Economic Cooperation and Development (OECD), corporate

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017

N0n-Cloud Academic Non-Cloud Practice Oriented

Cloud Computing Academic Cloud Computing Practice Oriented

Figure 1. Number of published research on data governance in the last 10 years.

4. Data Governance and Other Governance Domains

With the emergence of new governance domains—to name but the most relevant ones,

Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing

Governance—it is easy to confuse them, something we have observed in the literature, where authors

have interchanged these governance domains as if they are the same thing. It is important, therefore,

to differentiate between these domains, and more important to deﬁne how they are linked to each

other, particularly with respect to data governance. Figure 2is a simpliﬁed view of the interrelations

between these domains.

Sustainability 2017, 9, 0095 10.3390/su10010095 6 of 26

practices in the cloud. This report also suggests that about 56% of agencies are currently in the process

of implementing data stewardship or data governance programmes [75].

Evaluating the existing work on data governance for traditional IT and cloud computing reveals

that it is still very limited, lacking standards and unified definitions, hence a taxonomy approach to

classify different aspects and attributes of data governance will be a highly valuable contribution at

this stage.

Figure 1. Number of published research on data governance in the last 10 years.

4. Data Governance and Other Governance Domains

With the emergence of new governance domains—to name but the most relevant ones,

Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud

Computing Governance—it is easy to confuse them, something we have observed in the literature,

where authors have interchanged these governance domains as if they are the same thing. It is

important, therefore, to differentiate between these domains, and more important to define how they

are linked to each other, particularly with respect to data governance. Figure 2 is a simplified view of

the interrelations between these domains.

Figure 2. The interrelations between governance domains.

Corporate governance has become important, as effective governance ensures that the business

environment is fair and transparent, and that companies can be held accountable for their actions

[76]. In contrast, weak corporate governance leads to waste, mismanagement and corruption.

According to the Organization for Economic Cooperation and Development (OECD), corporate

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017

N0n-Cloud Academic Non-Cloud Practice Oriented

Cloud Computing Academic Cloud Computing Practice Oriented

Figure 2. The interrelations between governance domains.

Sustainability 2018,10, 95 7 of 26

Corporate governance has become important, as effective governance ensures that the business

environment is fair and transparent, and that companies can be held accountable for their actions [

In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to

the Organization for Economic Cooperation and Development (OECD), corporate governance is “a set

of relationships between a company’s management, its board, its shareholders, and other stakeholders, corporate

governance also provides the structure through which the objectives of the company are set, and the means of

attaining the objectives and monitoring performance are determined”[77].

In recent years, IT has been the backbone of every business [

]. As a result, the concept of

IT governance has become more important for organisations. IT governance, similarly to corporate

governance, is the process of establishing authority, responsibilities, and communication, along with

policies, standards, control mechanisms and measurements to enable the fulﬁlment of deﬁned roles

and responsibilities [

]. Thus, corporate governance can provide a starting point in the deﬁnition

of IT governance [

]. According to Herbst et al. (2013), IT governance is deﬁned as “procedures and

policies established in order to assure that the IT system of an organization sustains its goals and strategies”[

It is pertinent, however, to note that there is a difference between IT governance and IT functions;

this difference is not just about the centralisation or decentralisation of IT structures, but also that it is

not the sole responsibility of the CIO [81].

The term “information governance” was introduced by Donaldson and Walker (2004) as

a framework to support the work of the National Health Society in the USA. Unfortunately, many

organisations have not yet established a clear distinction between information governance and IT

governance [

]. Information governance can be viewed as a subset of corporate governance, with the

main objectives being to improve the effectiveness and speed of decisions and processes, to reduce the

costs and risks to the business or organisation, and to make maximum use of information in terms of

value creation [

]. Gartner deﬁnes information governance as “the speciﬁcation of decision rights and an

accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and

deletion of information”[

]. The information governance approach focuses on controlling information

that is generated by IT and ofﬁce systems, or their output, but does focus on detailed IT or data capture

and quality processes.

Cloud governance is a new term in the IT ﬁeld; however, it has not been given a clear deﬁnition

yet [

]. Microsoft deﬁnes cloud governance as “deﬁning policies around managing the factors: availability,

security, privacy, location of cloud services and compliance and tracking for enforcing the policies at run time

when the applications are running”[

]. The core of cloud governance revolves around the relationships

between provider and consumer, across different business models [

]. The business model should

deﬁne the way in which an offer is made and how it is consumed. To function at all cloud levels (IaaS,

PaaS and SaaS), the business model should be devoid of the type of resources involved.

The literature reported different views on what drives what within these governance domains; in

our research, we argue that data governance should be the key driver for all other governance domains,

sitting at the heart of everything. The most debated relationship among these governance domains

has been that of information governance and data governance, where numerous schools of thought,

including the Data Governance Institute, have consistently used information and data governance

interchangeably, connoting the understanding that the two terms mean the same thing. A very

recent paper, published only in 2016, as part of the proceedings of the 28th Annual Conference of the

Southern African Institute of Management Scientists, presented a systematic analysis to prove that data

governance is indeed a prerequisite for information governance, and hence the argument was extended

to state that data governance must become an ingrained part of both corporate governance and IT

governance [

]. Figure 3provides an illustration of the advocated hierarchy of these governance

domains, showing also the difference between management and governance.

Sustainability 2018,10, 95 8 of 26

Sustainability 2017, 9, 0095 10.3390/su10010095 8 of 26

Figure 3. The hierarchy for the difference between management and governance.

5. Data Governance Taxonomy

To construct a holistic taxonomy, we must determine the key dimensions of data governance.

This adopted dimension-based approach allows for the categories in the taxonomy to be broken

down into discrete areas. A dimension-based approach allows more flexibility in placing content into

various nodes, represented by the dimension to which they belong. In the context of data governance,

this approach will allow users to manage data governance content more efficiently. Successfully

achieving this could be a potentially complex process, and consequently requires more investigative

effort and the involvement of different stakeholders. Therefore, the taxonomy for data governance

was developed following exploratory and qualitative research, where the method employed was

merrily based on a combination of analysing the relevant knowledge in the public domain, resulting

from the above described systematic literature review (Section 3) and following the analytic theory

[89].

The analytic theory has been useful in understanding the data governance aspects of traditional

IT and cloud technology. Sein M. et al. [89] state that “the analytic theory is used to describe or classify

specific dimensions or characteristics of individuals, groups, situations, or events by summarizing the

commonalities found in discrete observations. Frameworks, classification schema and taxonomies are numerous

in IS”. The analytic theory has been chosen as a concept for this study to identify data governance

dimensions for the cloud services. To use analytic theory in making data governance dimensions, we

follow three steps. Firstly, understanding the state of the art of data governance for traditional IT and

the cloud. Secondly, identifying specific dimensions or characteristics of data governance and cloud

computing. Finally, developing the key data governance dimensions for cloud computing, based on

the definitions of data governance and factors presented in the literature review, which will construct

the desired taxonomy. The adopted approach is considered expedient in expounding a sound

theoretical foundation for the study. This approach is used to contextualise the research, for which

authors chose the contents that were relevant for the study and how these were employed in order

to reach a scientific conclusion. Such an approach is considered essential, following a set of processes

or procedures in undergoing a systematic review, which can be verified or validated scientifically.

To the best of the authors’ knowledge, and following the aforementioned research approach,

there is no published research that defines the key dimensions of data governance for cloud

computing. In contrast, for traditional IT (non-cloud), there is some reported research, albeit not

much. As illustrated above, data governance for non-cloud and cloud, although showing some

similarities at a higher level, differs significantly in details, in addition to some new factors related

only to cloud technology. Figure 4 shows the two main classes of data governance, considered as sub-

Figure 3. The hierarchy for the difference between management and governance.

5. Data Governance Taxonomy

To construct a holistic taxonomy, w e m u s t d e t e r m i n e t h e key dimensions of data gover n a n c e .

This adopted dimension-based approach allows for the categories in the taxonomy to be broken down into

discrete areas. A dimension-based approach allows more flexibility in placing content into various nodes,

represented by the dimension to which they belong. In the context of data governance, this approach will

allow users to manage data governance content more efficiently. Successfully achieving this could be

a potentially complex process, and consequently requires more investigative effort and the involvement

of different stakeholders. Therefore, the taxonomy for data governance was developed following

exploratory and qualitative research, where the method employed was merrily based on a combination

of analysing the relevant knowledge in the public domain, resulting from the above described

systematic literature review (Section 3) and following the analytic theory [89].

The analytic theory has been useful in understanding the data governance aspects of traditional IT

and cloud technology. Sein M. et al. [

] state that “the analytic theory is used to describe or classify speciﬁc

dimensions or characteristics of individuals, groups, situations, or events by summarizing the commonalities

found in discrete observations. Frameworks, classiﬁcation schema and taxonomies are numerous in IS”.

The analytic theory has been chosen as a concept for this study to identify data governance dimensions

for the cloud services. To use analytic theory in making data governance dimensions, we follow

three steps. Firstly, understanding the state of the art of data governance for traditional IT and

the cloud. Secondly, identifying speciﬁc dimensions or characteristics of data governance and cloud

computing. Finally, developing the key data governance dimensions for cloud computing, based on the

deﬁnitions of data governance and factors presented in the literature review, which will construct the

desired taxonomy. The adopted approach is considered expedient in expounding a sound theoretical

foundation for the study. This approach is used to contextualise the research, for which authors chose

the contents that were relevant for the study and how these were employed in order to reach a scientiﬁc

conclusion. Such an approach is considered essential, following a set of processes or procedures in

undergoing a systematic review, which can be veriﬁed or validated scientiﬁcally.

To the best of the authors’ knowledge, and following the aforementioned research approach,

there is no published research that deﬁnes the key dimensions of data governance for cloud

computing. In contrast, for traditional IT (non-cloud), there is some reported research, albeit not

much. As illustrated above, data governance for non-cloud and cloud, although showing some

similarities at a higher level, differs signiﬁcantly in details, in addition to some new factors related

only to cloud technology. Figure 4shows the two main classes of data governance, considered as

Sustainability 2018,10, 95 9 of 26

sub-taxonomies: data governance for non-cloud computing, referred to herein as traditional data

governance, and data governance for cloud computing, referred to herein as cloud data governance.

Sustainability 2017, 9, 0095 10.3390/su10010095 9 of 26

taxonomies: data governance for non-cloud computing, referred to herein as traditional data

governance, and data governance for cloud computing, referred to herein as cloud data governance.

Figure 4. Two main blocks of the data governance taxonomy.

5.1. Traditional Data Governance

As shown in the systematic literature review above, the literature on traditional data governance

is still considered insufficient. Some authors expressed their subjective views on aspects of data

governance; this subjectivity is driven by the fact that there is no single approach to implementing

standard data governance for all types of organisations [4]. This means each organisation’s approach

to data governance could be different. It is, therefore, very difficult to capture all the different views;

instead, after further analysis of the relevant literature, we could identify common aspects of data

governance which most authors seem to agree upon. Therefore, traditional data governance could be

classified into three main categories: people and organisational bodies, policy, and technology, as

shown in the simplified taxonomy below (Figure 5). This is followed by extended descriptions and

classification of each aspect.

Figure 5. Traditional data governance taxonomy.

Data Governance

Traditional Data Governance

Cloud Data Governance

Traditional Data Governance

People and Organizational Bodies

Policy and Process

Technology

Figure 4. Two main blocks of the data governance taxonomy.

5.1. Traditional Data Governance

As shown in the systematic literature review above, the literature on traditional data governance

is still considered insufﬁcient. Some authors expressed their subjective views on aspects of data

governance; this subjectivity is driven by the fact that there is no single approach to implementing

standard data governance for all types of organisations [

]. This means each organisation’s approach

to data governance could be different. It is, therefore, very difﬁcult to capture all the different views;

instead, after further analysis of the relevant literature, we could identify common aspects of data

governance which most authors seem to agree upon. Therefore, traditional data governance could

be classiﬁed into three main categories: people and organisational bodies, policy, and technology,

as shown in the simpliﬁed taxonomy below (Figure 5). This is followed by extended descriptions and

classiﬁcation of each aspect.