Data Governance Taxonomy: Cloud versus Non-Cloud

: Forward-thinking organisations believe that the only way to solve the data problem is the implementation of effective data governance. Attempts to govern data have failed before, as they were driven by information technology, and affected by rigid processes and fragmented activities carried out on a system-by-system basis. Until very recently, governance has been mostly informal, with very ambiguous and generic regulations, in siloes around speciﬁc enterprise repositories, lacking structure and the wider support of the organisation. Despite its highly recognised importance, the area of data governance is still underdeveloped and under-researched. Consequently, there is a need to advance research in data governance in order to deepen practice. Currently, in the area of data governance, research consists mostly of descriptive literature reviews. The analysis of literature further emphasises the need to build a standardised strategy for data governance. This task can be a very complex one and needs to be accomplished in stages. Therefore, as a ﬁrst and necessary stage, a taxonomy approach to deﬁne the different attributes of data governance is expected to make a valuable contribution to knowledge, helping researchers and decision makers to understand the most important factors that need to be considered when implementing a data governance strategy for cloud computing services. In addition to the proposed taxonomy, the paper clariﬁes the concepts of data governance in contracts with other governance domains.


Introduction
We are accustomed to the concepts of information technology (IT) governance [1] and corporate governance [2]. The term "governance", in general, refers to the way an organisation ensures that strategies are set, monitored, and achieved [3]. As IT has become the backbone of every organisation, by definition, IT governance becomes an integral part of any business strategy, and falls under corporate governance. Historically, data emerged out of disparate legacy transactional systems. Then, data was seen as a by-product of running the business, and had little value beyond the transaction and the application that processed it, hence data was not treated as a valuable shared asset. This continued until the early 1990s, when the value of data started to take another trend beyond transactions. Business decisions and processes increasingly started to be driven by data and data analysis. Further investment in data management was the approach taken to tackle the increasing volume, velocity, and variety of data, such as complex data repositories, data warehouses, Enterprise Resource Planning (ERP), and Customer Relationship Management (CRMs) [4]. Data links became very complex and shared amongst multiple systems, and the need to provide a single point of reference in order to simplify daily functions became crucial, which gave birth to master data management [5]. aforementioned taxonomy. The review followed the systematic literature review protocol, defined by [46], with customised search strings, a study selection process, and inclusion and exclusion criteria. The search was conducted in the following libraries and databases: Google Scholar, Staffordshire e-resources Libraries, Saudi Digital Library, and the British Library (Ethos). The term "data governance" was used in this search, but we also tried a combination of keywords in order to test for synonyms used in the literature and to cover all relevant publications. The following search strings were also used, "data governance organization", "governance data", "data governance in cloud computing", "data governance for cloud computing", and "cloud data governance". All these search strings were combined by using the Boolean "OR" operator as follows: ((data governance) OR (data governance organization) OR (governance data) OR (data governance in cloud computing) OR (data governance for cloud computing) OR (cloud data governance)).
The search covered the period between 2000 and 2017. The study selection process was based on four stages, and only 52 records on data governance, which meet the criteria and fall within the scope of the study, were attained for the final review. Table 1 provides a summary of these 52 papers, categorised by academic-and practice-oriented contributions for cloud and non-cloud computing. Table 1. Categorisation of the resultant records on data governance.
Out of the retained 52 records, only five records were reported in academic literature on data governance for cloud services. All reported research agrees that only a few organisations have addressed data governance, and only partially. Additionally, all reported academic literature stated that data governance is one of the key components for any enterprise cloud; they also described some issues related to moving data to the cloud outside the organisation's premises, such as security, data migration and interoperability. Felici et al. [60] focused more on one aspect of data governance, accountability, where they proposed an accountability model for data stewardship in the cloud, which explains data governance in terms of accountability attributes and cloud-mediated interactions between actors. This model consists of accountability attributes, accountability practices and accountability mechanisms. Tountopoulos [73] focused on addressing interoperability requirements relating to the protection of personal and confidential data for cloud data governance. They also categorised the accountability taxonomy, composed of seven main roles, which are: cloud subject, cloud customer, cloud provider, cloud carrier, cloud broker, cloud auditor, and cloud supervisory authority. Figure 1 shows the numbers of published research on data governance in the last 10 years, following a systematic review.
Cloud data governance has also been overlooked by industry. Cloud Security Alliance, Trustworthy Computing Group, and Microsoft Corporation are regarded as the recognised leaders in this area. The Cloud Security Alliance cloud data governance working group currently focuses on the data protection aspect, with an aim to propose a data governance framework to ensure the availability, integrity, privacy, and overall security of data in different cloud models; this is far from being realised [74]. Trustworthy Computing Group and Microsoft Corporation describe the basic elements of a data governance initiative for privacy, confidentiality, and compliance, and provide guides to help organisations embark on this path [41]. According to a MeriTalk report in 2014, Sustainability 2018, 10, 95 6 of 26 only 44% of IT professionals in the federal government believe their agencies have mature data governance practices in the cloud. This report also suggests that about 56% of agencies are currently in the process of implementing data stewardship or data governance programmes [75].
Evaluating the existing work on data governance for traditional IT and cloud computing reveals that it is still very limited, lacking standards and unified definitions, hence a taxonomy approach to classify different aspects and attributes of data governance will be a highly valuable contribution at this stage. practices in the cloud. This report also suggests that about 56% of agencies are currently in the process of implementing data stewardship or data governance programmes [75]. Evaluating the existing work on data governance for traditional IT and cloud computing reveals that it is still very limited, lacking standards and unified definitions, hence a taxonomy approach to classify different aspects and attributes of data governance will be a highly valuable contribution at this stage.

Data Governance and Other Governance Domains
With the emergence of new governance domains-to name but the most relevant ones, Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing Governance-it is easy to confuse them, something we have observed in the literature, where authors have interchanged these governance domains as if they are the same thing. It is important, therefore, to differentiate between these domains, and more important to define how they are linked to each other, particularly with respect to data governance. Figure 2 is a simplified view of the interrelations between these domains. Corporate governance has become important, as effective governance ensures that the business environment is fair and transparent, and that companies can be held accountable for their actions [76]. In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to the Organization for Economic Cooperation and Development (OECD), corporate

Data Governance and Other Governance Domains
With the emergence of new governance domains-to name but the most relevant ones, Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing Governance-it is easy to confuse them, something we have observed in the literature, where authors have interchanged these governance domains as if they are the same thing. It is important, therefore, to differentiate between these domains, and more important to define how they are linked to each other, particularly with respect to data governance. Figure 2 is a simplified view of the interrelations between these domains. practices in the cloud. This report also suggests that about 56% of agencies are currently in the process of implementing data stewardship or data governance programmes [75]. Evaluating the existing work on data governance for traditional IT and cloud computing reveals that it is still very limited, lacking standards and unified definitions, hence a taxonomy approach to classify different aspects and attributes of data governance will be a highly valuable contribution at this stage.

Data Governance and Other Governance Domains
With the emergence of new governance domains-to name but the most relevant ones, Corporate Governance, IT Governance, Information Governance, and, more recently, Cloud Computing Governance-it is easy to confuse them, something we have observed in the literature, where authors have interchanged these governance domains as if they are the same thing. It is important, therefore, to differentiate between these domains, and more important to define how they are linked to each other, particularly with respect to data governance. Figure 2 is a simplified view of the interrelations between these domains. Corporate governance has become important, as effective governance ensures that the business environment is fair and transparent, and that companies can be held accountable for their actions [76]. In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to the Organization for Economic Cooperation and Development (OECD), corporate Corporate governance has become important, as effective governance ensures that the business environment is fair and transparent, and that companies can be held accountable for their actions [76]. In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to the Organization for Economic Cooperation and Development (OECD), corporate governance is "a set of relationships between a company's management, its board, its shareholders, and other stakeholders, corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining the objectives and monitoring performance are determined" [77].
In recent years, IT has been the backbone of every business [78]. As a result, the concept of IT governance has become more important for organisations. IT governance, similarly to corporate governance, is the process of establishing authority, responsibilities, and communication, along with policies, standards, control mechanisms and measurements to enable the fulfilment of defined roles and responsibilities [79]. Thus, corporate governance can provide a starting point in the definition of IT governance [7]. According to Herbst et al. (2013), IT governance is defined as "procedures and policies established in order to assure that the IT system of an organization sustains its goals and strategies" [80]. It is pertinent, however, to note that there is a difference between IT governance and IT functions; this difference is not just about the centralisation or decentralisation of IT structures, but also that it is not the sole responsibility of the CIO [81].
The term "information governance" was introduced by Donaldson and Walker (2004) as a framework to support the work of the National Health Society in the USA. Unfortunately, many organisations have not yet established a clear distinction between information governance and IT governance [82]. Information governance can be viewed as a subset of corporate governance, with the main objectives being to improve the effectiveness and speed of decisions and processes, to reduce the costs and risks to the business or organisation, and to make maximum use of information in terms of value creation [83]. Gartner defines information governance as "the specification of decision rights and an accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and deletion of information" [84]. The information governance approach focuses on controlling information that is generated by IT and office systems, or their output, but does focus on detailed IT or data capture and quality processes.
Cloud governance is a new term in the IT field; however, it has not been given a clear definition yet [85]. Microsoft defines cloud governance as "defining policies around managing the factors: availability, security, privacy, location of cloud services and compliance and tracking for enforcing the policies at run time when the applications are running" [86]. The core of cloud governance revolves around the relationships between provider and consumer, across different business models [87]. The business model should define the way in which an offer is made and how it is consumed. To function at all cloud levels (IaaS, PaaS and SaaS), the business model should be devoid of the type of resources involved.
The literature reported different views on what drives what within these governance domains; in our research, we argue that data governance should be the key driver for all other governance domains, sitting at the heart of everything. The most debated relationship among these governance domains has been that of information governance and data governance, where numerous schools of thought, including the Data Governance Institute, have consistently used information and data governance interchangeably, connoting the understanding that the two terms mean the same thing. A very recent paper, published only in 2016, as part of the proceedings of the 28th Annual Conference of the Southern African Institute of Management Scientists, presented a systematic analysis to prove that data governance is indeed a prerequisite for information governance, and hence the argument was extended to state that data governance must become an ingrained part of both corporate governance and IT governance [88]. Figure 3 provides an illustration of the advocated hierarchy of these governance domains, showing also the difference between management and governance. Sustainability 2017, 9, 0095 10.3390/su10010095 8 of 26

Data Governance Taxonomy
To construct a holistic taxonomy, we must determine the key dimensions of data governance. This adopted dimension-based approach allows for the categories in the taxonomy to be broken down into discrete areas. A dimension-based approach allows more flexibility in placing content into various nodes, represented by the dimension to which they belong. In the context of data governance, this approach will allow users to manage data governance content more efficiently. Successfully achieving this could be a potentially complex process, and consequently requires more investigative effort and the involvement of different stakeholders. Therefore, the taxonomy for data governance was developed following exploratory and qualitative research, where the method employed was merrily based on a combination of analysing the relevant knowledge in the public domain, resulting from the above described systematic literature review (Section 3) and following the analytic theory [89].
The analytic theory has been useful in understanding the data governance aspects of traditional IT and cloud technology. Sein M. et al. [89] state that "the analytic theory is used to describe or classify specific dimensions or characteristics of individuals, groups, situations, or events by summarizing the commonalities found in discrete observations. Frameworks, classification schema and taxonomies are numerous in IS". The analytic theory has been chosen as a concept for this study to identify data governance dimensions for the cloud services. To use analytic theory in making data governance dimensions, we follow three steps. Firstly, understanding the state of the art of data governance for traditional IT and the cloud. Secondly, identifying specific dimensions or characteristics of data governance and cloud computing. Finally, developing the key data governance dimensions for cloud computing, based on the definitions of data governance and factors presented in the literature review, which will construct the desired taxonomy. The adopted approach is considered expedient in expounding a sound theoretical foundation for the study. This approach is used to contextualise the research, for which authors chose the contents that were relevant for the study and how these were employed in order to reach a scientific conclusion. Such an approach is considered essential, following a set of processes or procedures in undergoing a systematic review, which can be verified or validated scientifically.
To the best of the authors' knowledge, and following the aforementioned research approach, there is no published research that defines the key dimensions of data governance for cloud computing. In contrast, for traditional IT (non-cloud), there is some reported research, albeit not much. As illustrated above, data governance for non-cloud and cloud, although showing some similarities at a higher level, differs significantly in details, in addition to some new factors related only to cloud technology. Figure 4 shows the two main classes of data governance, considered as sub-

Data Governance Taxonomy
To construct a holistic taxonomy, we must determine the key dimensions of data governance. This adopted dimension-based approach allows for the categories in the taxonomy to be broken down into discrete areas. A dimension-based approach allows more flexibility in placing content into various nodes, represented by the dimension to which they belong. In the context of data governance, this approach will allow users to manage data governance content more efficiently. Successfully achieving this could be a potentially complex process, and consequently requires more investigative effort and the involvement of different stakeholders. Therefore, the taxonomy for data governance was developed following exploratory and qualitative research, where the method employed was merrily based on a combination of analysing the relevant knowledge in the public domain, resulting from the above described systematic literature review (Section 3) and following the analytic theory [89].
The analytic theory has been useful in understanding the data governance aspects of traditional IT and cloud technology. Sein M. et al. [89] state that "the analytic theory is used to describe or classify specific dimensions or characteristics of individuals, groups, situations, or events by summarizing the commonalities found in discrete observations. Frameworks, classification schema and taxonomies are numerous in IS". The analytic theory has been chosen as a concept for this study to identify data governance dimensions for the cloud services. To use analytic theory in making data governance dimensions, we follow three steps. Firstly, understanding the state of the art of data governance for traditional IT and the cloud. Secondly, identifying specific dimensions or characteristics of data governance and cloud computing. Finally, developing the key data governance dimensions for cloud computing, based on the definitions of data governance and factors presented in the literature review, which will construct the desired taxonomy. The adopted approach is considered expedient in expounding a sound theoretical foundation for the study. This approach is used to contextualise the research, for which authors chose the contents that were relevant for the study and how these were employed in order to reach a scientific conclusion. Such an approach is considered essential, following a set of processes or procedures in undergoing a systematic review, which can be verified or validated scientifically.
To the best of the authors' knowledge, and following the aforementioned research approach, there is no published research that defines the key dimensions of data governance for cloud computing. In contrast, for traditional IT (non-cloud), there is some reported research, albeit not much. As illustrated above, data governance for non-cloud and cloud, although showing some similarities at a higher level, differs significantly in details, in addition to some new factors related only to cloud technology. Figure 4 shows the two main classes of data governance, considered as sub-taxonomies: data governance for non-cloud computing, referred to herein as traditional data governance, and data governance for cloud computing, referred to herein as cloud data governance. Sustainability 2017, 9, 0095 10.3390/su10010095 9 of 26 taxonomies: data governance for non-cloud computing, referred to herein as traditional data governance, and data governance for cloud computing, referred to herein as cloud data governance.

Traditional Data Governance
As shown in the systematic literature review above, the literature on traditional data governance is still considered insufficient. Some authors expressed their subjective views on aspects of data governance; this subjectivity is driven by the fact that there is no single approach to implementing standard data governance for all types of organisations [4]. This means each organisation's approach to data governance could be different. It is, therefore, very difficult to capture all the different views; instead, after further analysis of the relevant literature, we could identify common aspects of data governance which most authors seem to agree upon. Therefore, traditional data governance could be classified into three main categories: people and organisational bodies, policy, and technology, as shown in the simplified taxonomy below ( Figure 5). This is followed by extended descriptions and classification of each aspect.

Traditional Data Governance
As shown in the systematic literature review above, the literature on traditional data governance is still considered insufficient. Some authors expressed their subjective views on aspects of data governance; this subjectivity is driven by the fact that there is no single approach to implementing standard data governance for all types of organisations [4]. This means each organisation's approach to data governance could be different. It is, therefore, very difficult to capture all the different views; instead, after further analysis of the relevant literature, we could identify common aspects of data governance which most authors seem to agree upon. Therefore, traditional data governance could be classified into three main categories: people and organisational bodies, policy, and technology, as shown in the simplified taxonomy below ( Figure 5). This is followed by extended descriptions and classification of each aspect. taxonomies: data governance for non-cloud computing, referred to herein as traditional data governance, and data governance for cloud computing, referred to herein as cloud data governance.

Traditional Data Governance
As shown in the systematic literature review above, the literature on traditional data governance is still considered insufficient. Some authors expressed their subjective views on aspects of data governance; this subjectivity is driven by the fact that there is no single approach to implementing standard data governance for all types of organisations [4]. This means each organisation's approach to data governance could be different. It is, therefore, very difficult to capture all the different views; instead, after further analysis of the relevant literature, we could identify common aspects of data governance which most authors seem to agree upon. Therefore, traditional data governance could be classified into three main categories: people and organisational bodies, policy, and technology, as shown in the simplified taxonomy below ( Figure 5). This is followed by extended descriptions and classification of each aspect.

People and Organisational Bodies
Data governance will influence the mix of data stakeholders involved in data-related decisions and actions in an organisation, as well as the amount of effort required of each stakeholder. Therefore, in traditional data governance, the people and organisational bodies play important parts when organisations implement data governance for their business [90]. The element of people and organisational bodies in data governance can be defined as any individual or group that could affect or be affected by the data under discussion. People in traditional governance have many tasks, including authority, data stewardship, business rules, collaboration, accountability and culture attitude [91]. The people and organisational bodies element, in the context of traditional data governance, could include the following: data governance office, data governance council, executive sponsorship, chief information officer (CIO), data management committee, compliance committee and data stewards; each has specific roles and responsibilities within their organisations. Figure 6 below summarises the most important aspects of this class of traditional data governance, as agreed by most reported literature.

. People and Organisational Bodies
Data governance will influence the mix of data stakeholders involved in data-related decisions and actions in an organisation, as well as the amount of effort required of each stakeholder. Therefore, in traditional data governance, the people and organisational bodies play important parts when organisations implement data governance for their business [90]. The element of people and organisational bodies in data governance can be defined as any individual or group that could affect or be affected by the data under discussion. People in traditional governance have many tasks, including authority, data stewardship, business rules, collaboration, accountability and culture attitude [91]. The people and organisational bodies element, in the context of traditional data governance, could include the following: data governance office, data governance council, executive sponsorship, chief information officer (CIO), data management committee, compliance committee and data stewards; each has specific roles and responsibilities within their organisations. Figure 6 below summarises the most important aspects of this class of traditional data governance, as agreed by most reported literature.

Policy and Process
Data governance policy is a set of measurable acts and rules for a set of data management functions in order to ensure the benefit of a business process [92]. Regarding data governance processes, they describe the methods used to govern data; these processes should be standardised, documented and repeatable. According to IBM Institute [69], data governance policies and processes should be crafted to support regulatory and compliance requirements for data management functions. The policy and process aspects in traditional data governance could include principles, policies, standards and process, as displayed in Figure 7.

Policy and Process
Data governance policy is a set of measurable acts and rules for a set of data management functions in order to ensure the benefit of a business process [92]. Regarding data governance processes, they describe the methods used to govern data; these processes should be standardised, documented and repeatable. According to IBM Institute [69], data governance policies and processes should be crafted to support regulatory and compliance requirements for data management functions. The policy and process aspects in traditional data governance could include principles, policies, standards and process, as displayed in Figure 7.

Technology
Technology is an integral factor for data governance; it is through technology that we can ensure automation and enforce and control data governance policies. However, the role of technology comes after an approved data governance policy and process. Technology in the context of data governance represents the engineering methods that are responsible for reflecting its policies and practice in a measurable way. Therefore, a fit-for-purpose plan for using technical tools to support data governance polices, within the context of roles, responsibilities, and accountabilities, must be established [4,66]. The simplest forms of technology reported for traditional data governance could include hardware, software and monitoring tools, as depicted in Figure 8.

Cloud Data Governance
The impediment to the wider adoption of the cloud computing model has been linked primarily to aspects related to the data governance environment [42, 53,60]. While security seems to be the most

Technology
Technology is an integral factor for data governance; it is through technology that we can ensure automation and enforce and control data governance policies. However, the role of technology comes after an approved data governance policy and process. Technology in the context of data governance represents the engineering methods that are responsible for reflecting its policies and practice in a measurable way. Therefore, a fit-for-purpose plan for using technical tools to support data governance polices, within the context of roles, responsibilities, and accountabilities, must be established [4,66]. The simplest forms of technology reported for traditional data governance could include hardware, software and monitoring tools, as depicted in Figure 8.

Technology
Technology is an integral factor for data governance; it is through technology that we can ensure automation and enforce and control data governance policies. However, the role of technology comes after an approved data governance policy and process. Technology in the context of data governance represents the engineering methods that are responsible for reflecting its policies and practice in a measurable way. Therefore, a fit-for-purpose plan for using technical tools to support data governance polices, within the context of roles, responsibilities, and accountabilities, must be established [4,66]. The simplest forms of technology reported for traditional data governance could include hardware, software and monitoring tools, as depicted in Figure 8.

Cloud Data Governance
The impediment to the wider adoption of the cloud computing model has been linked primarily to aspects related to the data governance environment [42, 53,60]. While security seems to be the most

Cloud Data Governance
The impediment to the wider adoption of the cloud computing model has been linked primarily to aspects related to the data governance environment [42, 53,60]. While security seems to be the most cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the cloud are related to governance and legal issues. Data governance is considered to be one of the most important aspects of cloud governance [25]. Data governance programmes, built for on-premises IT infrastructure, cannot be deployed for cloud infrastructure and service provisioning, which would require completely new requirements, design and implementation [53,93]. Undoubtedly, the area of cloud data governance is becoming a topic of the coming decades [60,73], although it is still under-researched by both academia and industry, due to its novelty [7,9]. As discussed above, data governance is still underdeveloped and under-practised, even for traditional IT infrastructures, let alone cloud computing environments [4,94]. This is evidenced by the results of the systematic literature review discussed above, where only 11 records discussing data governance for cloud computing were reported. Governance in the cloud needs to understand, moderate and regulate the relationships between different cloud actors or stakeholders in terms of roles and responsibilities [24]. Data governance is meant to classify and assign responsibilities, communication, labelling and policies [57]. There are few studies reporting on data governance for the cloud services. Almost all existing work on data governance for cloud computing focuses on accountability and interoperability [57,60]. Accountability could be addressed at different levels, technological, regulatory and organisational [95].
There is a strong consensus that cloud computing will lead to change in the strategy of traditional data governance in organisations [96]. Cloud data governance is the main focus area in this research, where the aim is to construct a taxonomy that represents the different classifications of this domain. To recall, to the best of the authors' knowledge, this is the first such attempt reported, following the most comprehensive and up-to-date literature review. Figure 9 is a high-level taxonomy of cloud data governance, compiled from the analysis of relevant literature, identified from the systematic literature review. The subsequent sections contain further description of every sub-class. cited challenge to cloud adoption, Farrell [93] shows that 41% of the security problems in the cloud are related to governance and legal issues. Data governance is considered to be one of the most important aspects of cloud governance [25]. Data governance programmes, built for on-premises IT infrastructure, cannot be deployed for cloud infrastructure and service provisioning, which would require completely new requirements, design and implementation [53,93]. Undoubtedly, the area of cloud data governance is becoming a topic of the coming decades [60,73], although it is still underresearched by both academia and industry, due to its novelty [7,9]. As discussed above, data governance is still underdeveloped and under-practised, even for traditional IT infrastructures, let alone cloud computing environments [4,94]. This is evidenced by the results of the systematic literature review discussed above, where only 11 records discussing data governance for cloud computing were reported. Governance in the cloud needs to understand, moderate and regulate the relationships between different cloud actors or stakeholders in terms of roles and responsibilities [24]. Data governance is meant to classify and assign responsibilities, communication, labelling and policies [57]. There are few studies reporting on data governance for the cloud services. Almost all existing work on data governance for cloud computing focuses on accountability and interoperability [57,60]. Accountability could be addressed at different levels, technological, regulatory and organisational [95].
There is a strong consensus that cloud computing will lead to change in the strategy of traditional data governance in organisations [96]. Cloud data governance is the main focus area in this research, where the aim is to construct a taxonomy that represents the different classifications of this domain. To recall, to the best of the authors' knowledge, this is the first such attempt reported, following the most comprehensive and up-to-date literature review. Figure 9 is a high-level taxonomy of cloud data governance, compiled from the analysis of relevant literature, identified from the systematic literature review. The subsequent sections contain further description of every subclass.

Data Governance Structure
Designing a data governance structure is an important factor in ensuring that requisite roles and responsibilities are addressed throughout the enterprise at the right organisational levels [13]. Several common data governance roles have been identified in existing studies, including the following: executive sponsorship, data management committee, compliance committee, data stewardship team, cloud manager, cloud provider member, IT member and legal member [9,97]. These roles must collaborate to formulate data governance bodies. Figure 10 shows an example of a typical cloud data governance structure.

Data Governance Structure
Designing a data governance structure is an important factor in ensuring that requisite roles and responsibilities are addressed throughout the enterprise at the right organisational levels [13]. Several common data governance roles have been identified in existing studies, including the following: executive sponsorship, data management committee, compliance committee, data stewardship team, cloud manager, cloud provider member, IT member and legal member [9,97]. These roles must collaborate to formulate data governance bodies. Figure 10 shows an example of a typical cloud data governance structure.

Data Governance Function
This refers to master activities for data governance, including functions which data governance teams must take into account when implementing data governance programmes [98]. Establishing consistent policies, standards, and operating processes to ensure the accuracy, availability, and security of data should be part of the data governance strategy, as well as defining the organisation's data assets [3,37]. Therefore, the data governance team must define all data governance policies that address cloud consumers' concerns. The data governance functions can support organisations to make cloud service decisions, such as the geographic distribution of data stored, processed, and in transit; regulatory requirements; data management requirements; and audit policies [99]. Effective data governance in cloud computing requires transparency and accountability, which leads to appropriate decisions that foster trust and assurance for cloud consumers [100]. The outcomes from data governance function activities include standard, procedure, compliance, transformation, integration, management, auditability, transparency, policies, principles and processes. This is considered the master dimension for data governance, but it must comply with other dimensions to develop effective data governance. Figure 11 shows the cloud data governance function and its concerns for cloud computing.

Data Governance Function
This refers to master activities for data governance, including functions which data governance teams must take into account when implementing data governance programmes [98]. Establishing consistent policies, standards, and operating processes to ensure the accuracy, availability, and security of data should be part of the data governance strategy, as well as defining the organisation's data assets [3,37]. Therefore, the data governance team must define all data governance policies that address cloud consumers' concerns. The data governance functions can support organisations to make cloud service decisions, such as the geographic distribution of data stored, processed, and in transit; regulatory requirements; data management requirements; and audit policies [99]. Effective data governance in cloud computing requires transparency and accountability, which leads to appropriate decisions that foster trust and assurance for cloud consumers [100]. The outcomes from data governance function activities include standard, procedure, compliance, transformation, integration, management, auditability, transparency, policies, principles and processes. This is considered the master dimension for data governance, but it must comply with other dimensions to develop effective data governance. Figure 11 shows the cloud data governance function and its concerns for cloud computing. Sustainability 2017, 9, 0095 10.3390/su10010095 14 of 26 Figure 11. Cloud data governance function and its concerns for cloud computing.

Cloud Deployment Model
This is an important factor to consider in data governance. There are primarily four cloud deployment models, which differ in their provisions; these are the public, private, hybrid and community cloud deployment models. To address data governance, the level of risk and complexity of each cloud deployment must be taken into consideration [18]. According to [110] the implementation of data governance varies greatly, based on the adopted cloud deployment. Figure  12 shows cloud deployment model types to be considered when implementing a cloud data governance programme.

Cloud Service Delivery Model
Cloud services can be categorised into three delivery models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the Community Cloud Figure 11. Cloud data governance function and its concerns for cloud computing.

Cloud Deployment Model
This is an important factor to consider in data governance. There are primarily four cloud deployment models, which differ in their provisions; these are the public, private, hybrid and community cloud deployment models. To address data governance, the level of risk and complexity of each cloud deployment must be taken into consideration [18]. According to [110] the implementation of data governance varies greatly, based on the adopted cloud deployment. Figure 12 shows cloud deployment model types to be considered when implementing a cloud data governance programme. . Cloud data governance function and its concerns for cloud computing.

Cloud Deployment Model
This is an important factor to consider in data governance. There are primarily four cloud deployment models, which differ in their provisions; these are the public, private, hybrid and community cloud deployment models. To address data governance, the level of risk and complexity of each cloud deployment must be taken into consideration [18]. According to [110] the implementation of data governance varies greatly, based on the adopted cloud deployment. Figure  12 shows cloud deployment model types to be considered when implementing a cloud data governance programme.

Cloud Service Delivery Model
Cloud services can be categorised into three delivery models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the

Cloud Service Delivery Model
Cloud services can be categorised into three delivery models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) [101]. Depending on the model, the cloud consumer will have a differing level of control over their data [61] and each model will require a different approach to data governance and management. Therefore, the data governance teams must consider all the characteristics of the service delivery model and define appropriate policies to enforce control roles and responsibilities. Figure 13 shows the cloud service delivery model to be considered when implementing cloud data governance. cloud consumer will have a differing level of control over their data [61] and each model will require a different approach to data governance and management. Therefore, the data governance teams must consider all the characteristics of the service delivery model and define appropriate policies to enforce control roles and responsibilities. Figure 13 shows the cloud service delivery model to be considered when implementing cloud data governance. Figure 13. Cloud service delivery model for cloud data governance.

Cloud Actors
The actors are also a critical factor in defining cloud data governance. "Cloud actors" refers to individuals or organisations that participate in processes or transactions, and/or perform tasks in the cloud computing environment. NIST's cloud computing reference architecture distinguishes five major actors: the cloud consumer, the cloud provider, the cloud auditor, the cloud carrier and the cloud broker [18]. Each cloud actor has special roles and responsibilities in any one cloud provision, so a data governance programme must clearly define the roles and responsibilities for all cloud actors [102]. Figure 14 shows the cloud actors in cloud data governance.

Service Level Agreement (SLA)
One key issue for the cloud consumer is the provision of governance for data which they no longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an agreement that serves as the foundation of expectation for services between the cloud consumer and the provider [100]. The agreement states what services will be provided, how they will be provided,

Cloud Actors
The actors are also a critical factor in defining cloud data governance. "Cloud actors" refers to individuals or organisations that participate in processes or transactions, and/or perform tasks in the cloud computing environment. NIST's cloud computing reference architecture distinguishes five major actors: the cloud consumer, the cloud provider, the cloud auditor, the cloud carrier and the cloud broker [18]. Each cloud actor has special roles and responsibilities in any one cloud provision, so a data governance programme must clearly define the roles and responsibilities for all cloud actors [102]. Figure 14 shows the cloud actors in cloud data governance. cloud consumer will have a differing level of control over their data [61] and each model will require a different approach to data governance and management. Therefore, the data governance teams must consider all the characteristics of the service delivery model and define appropriate policies to enforce control roles and responsibilities. Figure 13 shows the cloud service delivery model to be considered when implementing cloud data governance. Figure 13. Cloud service delivery model for cloud data governance.

Cloud Actors
The actors are also a critical factor in defining cloud data governance. "Cloud actors" refers to individuals or organisations that participate in processes or transactions, and/or perform tasks in the cloud computing environment. NIST's cloud computing reference architecture distinguishes five major actors: the cloud consumer, the cloud provider, the cloud auditor, the cloud carrier and the cloud broker [18]. Each cloud actor has special roles and responsibilities in any one cloud provision, so a data governance programme must clearly define the roles and responsibilities for all cloud actors [102]. Figure 14 shows the cloud actors in cloud data governance.

Service Level Agreement (SLA)
One key issue for the cloud consumer is the provision of governance for data which they no longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an agreement that serves as the foundation of expectation for services between the cloud consumer and the provider [100]. The agreement states what services will be provided, how they will be provided, One key issue for the cloud consumer is the provision of governance for data which they no longer directly control [103]. Contractual barriers increase between cloud actors. An SLA is an agreement that serves as the foundation of expectation for services between the cloud consumer and the provider [100]. The agreement states what services will be provided, how they will be provided, and what happens if expectations are not met; therefore, an SLA is pivotal in data governance. Thus, the cloud consumer and provider must negotiate all aspects of data governance before developing the SLA. As a result, these agreements are in place to protect both parties. Before evaluating any cloud SLA, cloud consumers must first develop a strong business case for the cloud services, with data governance level policies and requirements and a strategy for their cloud computing environment. The SLA should contain a set of guidelines and policies to assist client organisations in defining governance plans for data which they may choose to move to a cloud provider [104]. These must comply with legal and regulatory requirements. All of these policies can be negotiable between the cloud consumer and cloud provider, to identify the target level of data governance before establishing the contract. The SLA for cloud data governance includes data governance functions; data governance requirements, roles and responsibilities; and data governance metrics and tools. Figure 15 shows the SLA elements for cloud data governance. the cloud consumer and provider must negotiate all aspects of data governance before developing the SLA. As a result, these agreements are in place to protect both parties. Before evaluating any cloud SLA, cloud consumers must first develop a strong business case for the cloud services, with data governance level policies and requirements and a strategy for their cloud computing environment. The SLA should contain a set of guidelines and policies to assist client organisations in defining governance plans for data which they may choose to move to a cloud provider [104]. These must comply with legal and regulatory requirements. All of these policies can be negotiable between the cloud consumer and cloud provider, to identify the target level of data governance before establishing the contract. The SLA for cloud data governance includes data governance functions; data governance requirements, roles and responsibilities; and data governance metrics and tools. Figure 15 shows the SLA elements for cloud data governance.

Organisational Context
Data governance is a major mechanism for establishing control over an organisation's data assets and enhancing their business value [105]. It is also a critical element of implementing a sustainable data management capability, which addresses enterprise information needs and reporting requirements. Organisational factors are important for data governance to be successful [8]. Data governance requires change management in the organisation, in addition to the participation and commitment of IT staff, business management and senior-level executive sponsorship in organisations [37]. Moreover, top management support is considered to be the critical success factor in implementing data governance [61]. Staff in organisations need to learn data governance functions, demanding top management support to enhance the organisation's staff skillset. The organisational context means defining all internal factors that organisations must consider when they manage risks [14]. There are three perspectives for organisational context: the strategic, tactical and operational perspectives. Data governance for cloud computing services should comply with these perspectives. The organisational context for cloud data governance includes organisation charts, organisation vision and mission, organisation strategy, the business model, decision-making processes, training plan, communication plan and change management plan. Figure 16 shows the organisational context elements of cloud data governance.

Organisational Context
Data governance is a major mechanism for establishing control over an organisation's data assets and enhancing their business value [105]. It is also a critical element of implementing a sustainable data management capability, which addresses enterprise information needs and reporting requirements. Organisational factors are important for data governance to be successful [8]. Data governance requires change management in the organisation, in addition to the participation and commitment of IT staff, business management and senior-level executive sponsorship in organisations [37]. Moreover, top management support is considered to be the critical success factor in implementing data governance [61]. Staff in organisations need to learn data governance functions, demanding top management support to enhance the organisation's staff skillset. The organisational context means defining all internal factors that organisations must consider when they manage risks [14]. There are three perspectives for organisational context: the strategic, tactical and operational perspectives. Data governance for cloud computing services should comply with these perspectives. The organisational context for cloud data governance includes organisation charts, organisation vision and mission, organisation strategy, the business model, decision-making processes, training plan, communication plan and change management plan. Figure 16 shows the organisational context elements of cloud data governance. Sustainability 2017, 9, 0095 10.3390/su10010095 17 of 26 Figure 16. Organisational context of cloud data governance.

Technical Context
Technology is also a key element for data governance success [8]. The technical context represents the issues related to data which will affect the decision of cloud computing adoption and data governance implementation for cloud computing services [106]. Therefore, a lack of technology is considered to be a barrier to successful data governance. Technical factors encapsulate data management issues that affect organisations' strategies, such as security, privacy, quality and integrity. Therefore, it is incumbent upon organisations implementing data governance to assess all technological characteristics available in their organisation, in order to effectively implement data governance. The technical issues that could have an impact on the implementation of data governance for cloud services include availability, reliability, security, privacy, quality, compatibility, ownership, auditing, integrity, data lock-in and performance [106,107]. Figure 17 displays the technological context elements of cloud data governance.

Technical Context
Technology is also a key element for data governance success [8]. The technical context represents the issues related to data which will affect the decision of cloud computing adoption and data governance implementation for cloud computing services [106]. Therefore, a lack of technology is considered to be a barrier to successful data governance. Technical factors encapsulate data management issues that affect organisations' strategies, such as security, privacy, quality and integrity. Therefore, it is incumbent upon organisations implementing data governance to assess all technological characteristics available in their organisation, in order to effectively implement data governance. The technical issues that could have an impact on the implementation of data governance for cloud services include availability, reliability, security, privacy, quality, compatibility, ownership, auditing, integrity, data lock-in and performance [106,107]. Figure 17

Legal Context
The legal aspect in this context determines the external and internal laws and regulations related to the data which might affect an organisation's intent to adopt cloud technology [106], which can in turn affect the implementation of an adequate data governance programme for cloud computing services. Therefore, the data governance teams must understand what is implied about data in all relevant contracts before implementing a data governance strategy. Failure to comply with the law when dealing with confidential data erodes trust, which can seriously damage the view of the top management of an organisation regarding the trustworthiness of the cloud provider services [108]. The legal context for cloud data governance includes the Data Protection Act 1998, change of control act and cloud regulations. Figure 18 shows the legal context of cloud data governance.

Legal Context
The legal aspect in this context determines the external and internal laws and regulations related to the data which might affect an organisation's intent to adopt cloud technology [106], which can in turn affect the implementation of an adequate data governance programme for cloud computing services. Therefore, the data governance teams must understand what is implied about data in all relevant contracts before implementing a data governance strategy. Failure to comply with the law when dealing with confidential data erodes trust, which can seriously damage the view of the top management of an organisation regarding the trustworthiness of the cloud provider services [108]. The legal context for cloud data governance includes the Data Protection Act 1998, change of control act and cloud regulations. Figure 18 shows the legal context of cloud data governance.

Monitor Matrix
The monitor matrix in data governance is the exercise of authority, control and shared decisionmaking over the management of data assets [41]. Measuring and monitoring supports ongoing data governance efforts to ensure that all incoming and existing data meets business rules [109]. By adding a monitoring component to the data governance programme, data quality efforts are enhanced, which in turn renders data much more reliable [109]. Moreover, continuous monitoring ensures compliance with SLAs and the set requirements defined in the data governance strategy [42]. The data governance monitor matrix for cloud computing services includes the cloud control matrix, KPIs and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.

Monitor Matrix
The monitor matrix in data governance is the exercise of authority, control and shared decision-making over the management of data assets [41]. Measuring and monitoring supports ongoing data governance efforts to ensure that all incoming and existing data meets business rules [109]. By adding a monitoring component to the data governance programme, data quality efforts are enhanced, which in turn renders data much more reliable [109]. Moreover, continuous monitoring ensures compliance with SLAs and the set requirements defined in the data governance strategy [42]. The data governance monitor matrix for cloud computing services includes the cloud control matrix, KPIs and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.

Monitor Matrix
The monitor matrix in data governance is the exercise of authority, control and shared decisionmaking over the management of data assets [41]. Measuring and monitoring supports ongoing data governance efforts to ensure that all incoming and existing data meets business rules [109]. By adding a monitoring component to the data governance programme, data quality efforts are enhanced, which in turn renders data much more reliable [109]. Moreover, continuous monitoring ensures compliance with SLAs and the set requirements defined in the data governance strategy [42]. The data governance monitor matrix for cloud computing services includes the cloud control matrix, KPIs and a monitoring tool. Figure 19 shows the elements of the monitor matrix for cloud data governance.     Figure 20. The overall taxonomies of data governance for cloud and non-cloud.

Conclusions
Data management solutions alone are becoming very expensive and are unable to cope with the reality of everlasting data complexity. Businesses have grown more sophisticated in their use of data, which drives new demands, requiring different ways to handle this data. Forward-thinking organisations believe that the only way to solve the data problem will be the implementation of effective data governance. With the absence of sufficient literature on data governance in general, and specifically for the cloud paradigm, this paper presents a useful contribution to the relevant research communities. In this paper, we proposed taxonomies for data governance, for both non-cloud and cloud computing networks. A holistic taxonomy that combines all different taxonomies is depicted in Figure 20. These taxonomies are supported by the results of a systematic literature review (SLR), which offers a structured, methodical, and rigorous approach to the understanding of the state of the art of research in data governance. The objective of the study is to provide a credible intellectual guide for upcoming researchers in data governance, to help them identify areas in data governance research where they can make the most impact.
However, this study presents a taxonomy of data governance development requirements for non-cloud and the cloud environments; thus, it does not cover a taxonomy of operational data governance risks that attempts to identify and organize the sources of operational data governance risk. Moreover, this paper is the first of its type, to the best of the authors' knowledge, to cover cloud data governance taxonomy; this presents another limitation, which is related to the lack of relevant literature in this subject domain. The literature shows that most of the existing studies focus on a survey of data governance for non-cloud environments, whilst only three sources in the literature focused on accountability of data governance in cloud computing environments.
Due to the lack of research in this subject area, future work will focus of validation of the proposed taxonomies with specialists from both academia and practitioners. Further research can investigate the application of the proposed taxonomies, especially for cloud data governance, in real world case scenarios. The presented research in this paper shows the lack of research in cloud data governance, which creates an urge for the need to develop a holistic framework for cloud data governance strategy, which highlights the main pillars, processes and attributes to design more specific data governance program. The proposed taxonomies are expected to play an instrumental role in developing such a framework.