Research Problem Statement and Motivation

In today’s world it is impossible not to acknowledge the impact of technology on development and organisational growth. The use of technology is practically indispensable; it is present in every sector and industry, in small, medium or large enterprises. As IT has become a backbone of every organisation, IT governance has become an integral part of any business strategy, falling under the category of corporate governance(Héroux & Fortin, 2016). Historically, data emerged out of disparate legacy transactional systems, being seen as a by-product of running the business, with little value beyond the transaction and the application that processed it. As such, data was not treated as a valuable shared asset. This was the trend until the early 1990s, when the value of data, beyond that of recording transactions, started to be recognised. Business decisions and processes increasingly became driven by data and data analysis (Kamioka et al., 2017). Further investment in data management approaches aimed to tackle the increasing volume, velocity and variety of data that came to the fore. Among such approaches were complex data repositories, data warehouses, ERP and CRMs. Data links became very complex and were shared amongst multiple systems; the need for providing a single point of reference in order to simplify daily functions became crucial, which gave birth to Master Data Management.

Data complexity and volume continue to explode, as businesses have grown more sophisticated in their use of data. This growth drives new demands, which entail different ways of combining, manipulating, storing and presenting information. In response, forward- thinking companies recognise that data management solutions on their own are becoming very expensive and unable to cope with business reality; thus they need to solve data problems in a different way, through the implementation of an effective data governance (Imhanwa et al., 2013). Data governance needs to take a policy-centric approach to data models, data quality standards, data security and lifecycle management, and the processes for defining, implementing and enforcing these policies(Benfeldt, 2017). On the same note, the notion of data governance underwent an important transformation towards a new direction. Previous attempts at governing data failed as they were driven by IT, and affected by rigid processes and fragmented activities carried out on a system-by-system basis. Until very recently, governance has been largely informal, in siloes around specific enterprise repositories, lacking structure and the wider support of the organisation.

Cloud computing is one of the most popular recent technological trends. Despite the numerous benefits of cloud computing, it is still not widely adopted by public sectors in many countries, due to a number of issues and challenges(Owuonda et al., 2016). Central to these concerns is the loss of control over data, the security and privacy of data, data quality and assurance, and data stewardship, which are all attributes of data governance. Therefore, in the literature, the cloud computing model was discussed as a highly disruptive technology, requiring extremely rigorous data governance strategies and programmes that may be complex, but necessary. However, very few studies have reported on data governance for cloud services, despite its significance. Furthermore, digital transformation in Saudi Arabia is one of the core elements of achieving the goals of Saudi Vision 2030. In this thesis, the author argues that data governance plays a vital role in the success of this vision. This role is further emphasised when considering the country’s appetite for emerging technologies such as cloud computing solutions. Cloud computing is expected to be one of the main foundational enablers in future digital transformation projects; in Saudi Arabia it will offer the scale and speed that is needed for businesses and public organisations to achieve the vision’s goals. However, the literature review gathered evidence that the fear of the loss of data governance is one of the main obstacles to the adoption of the cloud model.

As discussed above, a central point of concern is the lack of understanding about data governance in most organisations in different countries. This is particularly crucial considering that data governance is a major concern for organisations when they move their data to the cloud. This concern is borne from the fact that a loss of data governance would mean that cloud consumers would lose control of their sensitive data in the cloud environment (Ko et al., 2011). The partnership between cloud consumers and providers in terms of designing, building, deploying and operating cloud computing technology presents new issues in providing adequate security and privacy, and protecting data in different delivery models(The Data Governance Institute, 2015). A collaborative process between cloud consumers and providers, meaning that they share the responsibilities of implementing the necessary controls, therefore becomes crucial. In this way, cloud consumers have a sense of security and reliability as they understand exactly how the process of data control functions and runs in the cloud computing environment. An effective data governance process will achieve this by clarifying responsibilities to cloud consumers when they move their data into cloud environments. Figure 1.7 presents the research problem statement.

Figure 1.7 Research Problem Statement.

As one size does not fit all, currently there is no single approach to implementing data governance programmes in all organisations (Weber et al., 2009; Begg & Caira, 2012). Therefore, each organisation should develop its data governance programme based on its own requirements to achieve its strategy. The motivation for this research is the need to determine the important requirements for the development of an effective cloud data governance programme, which will help organisations to maintain control of their data in cloud computing environments. Therefore, the following five factors emphasise the motivation of this study:

❖ The majority of the current research focuses on data governance aspects for traditional IT (non-cloud) environments, and there is a lack of research on data governance for cloud computing services.

❖ Consideration of special features in data governance that arise as a result of the differences between cloud computing and traditional IT (non-cloud).

❖ Almost no research on data governance for traditional IT and cloud computing services in Saudi Arabia.

❖ The lack of empirical studies that investigate data governance in general, and more specifically cloud computing.

❖ The lack of knowledge in public sector organisations in Saudi Arabia about how to design data governance programmes in general, and for the cloud computing environment.