Chapter 3. A Strategy Framework for Cloud Data Governance
3.8. Managing the Proposed Framework Implementation
The proposed framework was developed based on five major phases, and each phase has important components. The proposed process is illustrated in Figure 3.28.
Start
Establishing a cloud data governance office
Establishing a cloud data governance office structure Defining roles and responsibilities
Defining com munication plan
Defining and building a cloud data governance busines s case Setting up a data governance ass essment guide to determ ine the
current state of data governance
Defining and identifying the essential requirements for a cloud data governance
Defining and establishing a cloud data governance functions Integrating a cloud data governance functions with the cloud
computing context
Aligning a cloud data governance functions with other strategy efforts in the organisation.
Defining a cloud data governance level agreem ent (CDGLA)
Negotiating the CDGLA with cloud provider
Developing a service level agreement (SLA) and legal contract with cloud provider
Configuring the activities of a cloud data governance program me
Reviewing and testing the configuration of a cloud data governance programm e
Im plementing and deploying a cloud data governance programme
Monitoring the cloud data governance program s performance and effectiveness
Ongoing Needs?
Developing a mechanism for sustaining a cloud data governance programm e Yes No End No Reconfigurati on
Pr
e-
Im
pl
em
en
tat
io
n
Im
pl
em
en
tat
io
n
Po
st-
Im
pl
em
en
tat
io
n
Yes StartEstablishing a cloud data governance office
Establishing a cloud data governance office structure Defining roles and responsibilities
Defining com munication plan
Defining and building a cloud data governance busines s case Setting up a data governance ass essment guide to determ ine the
current state of data governance
Defining and identifying the essential requirements for a cloud data governance
Defining and establishing a cloud data governance functions Integrating a cloud data governance functions with the cloud
computing context
Aligning a cloud data governance functions with other strategy efforts in the organisation.
Defining a cloud data governance level agreem ent (CDGLA)
Negotiating the CDGLA with cloud provider
Developing a service level agreement (SLA) and legal contract with cloud provider
Configuring the activities of a cloud data governance program me
Reviewing and testing the configuration of a cloud data governance programm e
Im plementing and deploying a cloud data governance programme
Monitoring the cloud data governance program s performance and effectiveness
Ongoing Needs?
Developing a mechanism for sustaining a cloud data governance programm e Yes No End No Reconfigurati on
Pr
e-
Im
pl
em
en
tat
io
n
Im
pl
em
en
tat
io
n
Po
st-
Im
pl
em
en
tat
io
n
YesThe management and implementation of this framework is a very important factor in securing the desired results. In this study, we propose a process for the successful implementation of the proposed framework. This process will be based on three stages: pre-implementation, implementation and post-implementation, and these are discussed below:
a) Pre-Implementation Stage
This stage refers to the preparation for the implementation of the proposed cloud data governance framework. Many factors should be addressed in this stage to ensure that the cloud data governance project is ready for implementation in the organisation. This stage covers the initial and design phases of the proposed framework, and its steps are described below:
Step 1: Establishing a cloud data governance office responsible for defining cloud data governance requirements in organisations and monitoring cloud data governance implementation.
Step 2: Establishing the structure for the cloud data governance office and identifying roles and responsibilities for the cloud data governance office teams or members. Additionally, in this step, the communication plan between the cloud data governance office teams or members should be addressed to create an effective office in the organisation. Thus, cloud data governance needs members that are involved in its structures; they may be cloud managers, cloud provider members and cloud brokers. In addition, in order to build the best cloud data governance office structure, the organisation should have classified representative groups involved in cloud data governance operating at three levels, namely strategic, tactical and operational.
Step 3: Defining and building the cloud data governance business case to understand the value that cloud data governance can bring to the organisation (Eugene, 2013). The business case for cloud data governance will be concerned with the organisation’s ability to alter age- old perceptions, to show the holistic impact of cloud data governance. It will try to persuade top management that this will lead to change outcomes through an improved business process. There are many steps that should be considered in the cloud data governance business case, such as the data governance vision and mission, the cost of data governance, and its benefits and risks.
Step 4: Setting up a data governance assessment guide to determine the current state of data governance, mechanisms and the capability of an organisation to change some of its processes when implementing cloud data governance (Huang & Nicol, 2013). Evaluating and identifying the risks and issues relating to data when it moves to a cloud computing
environment form part of the assessment procedure (Catteddu & Hogben, 2009). In this step, the organisation (cloud consumer) also should assess its cloud data governance based on a cloud data governance maturity model to determine its current level and its target level for the cloud data governance programme.
Step 5: Defining and identifying the essential requirements for cloud data governance. Identifying all requirements before implementing the cloud data governance programme is very important (Mell & Grance, 2011), and the cloud data governance requirements should be tailored to the organisation’s culture, organisational structure, requirements, budget and current decision-making processes.
Step 6: Defining and establishing the cloud data governance functions. The data governance functions refer to master activities for data governance (Loshion, 2007), which data governance committees have to take into account when implementing the cloud data governance programme. The cloud data governance functions consist of many activities, namely the devising of policies, principles, process and standards, and determining who has the rights to make key decisions (The Data Governance Institute, 2015). Setting up the cloud data governance functions (good standards and practices) will help cloud consumers to gain control of their data in the cloud environment. Cloud business objectives and risks related to their data in the cloud environment should be considered when setting up the cloud data governance functions. Therefore, it is important that the organisation (cloud consumer) establishes the cloud data governance functions at the very first stage before choosing a cloud provider as this will lead to an effective cloud data governance programme.
Step 7: Integrating the cloud data governance functions that have been defined in the previous step within the cloud computing context. The integration should be focused on integrating the characteristics of the cloud deployment models (public, private, hybrid, community) and service delivery models (SaaS, PaaS, IaaS) (Mell & Grance, 2011). This step is important to ensure that the consumer’s data is well governed in the different cloud deployment and delivery models.
Step 8: Aligning the cloud data governance functions with other factors in other strategy efforts in the organisation. This alignment will help cloud consumers to achieve an effective cloud data governance strategy and programme (Lui, 2011). Thus, the cloud data governance strategy becomes one of several important strategies in the organisation (Cloud Security Alliance, 2015b). Any new strategy adopted in the organisation at a later point should align with the cloud data governance strategy.
Step 9: Defining the cloud data governance level agreement, which includes the cloud data governance requirements, before negotiating and developing a legal contract with the cloud provider.
Step 10: Negotiating a cloud data governance level agreement with the cloud provider. In this step, the cloud consumer informs the cloud provider of its requirements for the cloud in general and, more specifically, for data governance, before moving its data to the cloud provider’s environment (Cochran & Witman, 2011). The cloud consumer should understand all the factors that may influence the negotiation before starting it. For example, they should understand the complex infrastructure of negotiations, and be aware of the context of the negotiation and negotiation culture. It is important that legal teams on both sides (consumer/provider) are fully involved in the negotiation. In sum, all data governance policies will need to be negotiated between the cloud consumer and provider in order to identify the target level of data governance before the contract is written.
Step 11: Developing an SLA and legal contract with the cloud provider; the cloud data governance requirements should be included in the SLA.
b) Implementation Stage
This stage refers to the cloud provider implementing and deploying the cloud data governance programme in real time. It involves executing the activities related to cloud data governance and managing the transformation of non-governed data assets so that they become governed data assets. Many factors should be addressed in this stage to implement the cloud data governance programme. This stage covers the deploy phase in the framework. The implementation steps are highlighted below:
Step 1: Configuring the activities of the cloud data governance programme so that they are consistent. The cloud provider should configure the cloud data governance functions that have been defined in the SLA.
Step 2: Reviewing and testing the configuration of the cloud data governance activities before implementing the cloud data governance programme in real time.
Step 3: Implementing and deploying the cloud data governance programme in real time, and managing the transformation of the cloud consumer’s non-governed data assets into governed data assets.
c) Post-Implementation Stage
This stage refers to monitoring and following up, in order to make continuous improvements towards the success of the cloud data governance programme. This stage involves monitoring the performance and effectiveness of the cloud data governance programme and ensuring that
it can be sustained in the long term. There are many factors that should be addressed in this stage to implement the cloud data governance programme. This stage covers the monitor and sustain phases in the framework. The post-implementation steps are highlighted below:
Step 1: Setting up activities for monitoring the cloud data governance programme’s performance and effectiveness. This step aims to ensure that the cloud data governance functions and requirements are enforced by the cloud provider as set out in the data governance level agreement; it also ensures that the cloud data governance is heading in the right direction (Pearson et al., 2012). In this step, the cloud consumer should develop a tool, matrices and KPIs to present the monitoring results.
Step 2: Setting up activities and developing a mechanism for sustaining the cloud data governance programme. This step aims to ensure the continuity of the cloud data governance programme, and to see that improvements are made in order to achieve its objectives.
3.9. Chapter Summary
This chapter presents one of the core contributions of this thesis, i.e. a strategy framework to design, deploy and sustain an effective cloud data governance programme. This chapter starts by defining the theoretical foundations, which were the analytic theory and CSF concept, and the proposed framework aim was also outlined in this chapter. The data governance taxonomy and key dimensions for data governance in cloud and non-cloud environments were considered and presented in this chapter before developing the framework. Then, the existing data governance frameworks were analysed based on the key dimensions of cloud data governance and the results were described in this chapter. Five phases of the framework, which were the initial phase, design phase, deploy phase, monitor phase and sustain phase and their components were presented and discussed in detail based on the literature review. Then, the proposed framework was developed in this chapter based on these phases and their components. Finally, the steps for implementing the proposed framework were also presented in this chapter. The following chapter will discuss and present the cloud data governance maturity model and its assessment matrix development.