Behind the Scenes at FOD BOSA: How Dries and His Team Are Building a Modern, Automated and Secure Government Infrastructure

Behind the Scenes at FOD BOSA: How Dries and His Team Are Building a Modern, Automated and Secure Government Infrastructure

At the latest OPEN for GOV event, Dries — Operations Manager at FOD Financiën (SPF Finances) — offered a rare and refreshingly honest behind-the-scenes look at how his organisation is reshaping its infrastructure to meet growing public-sector demands. Instead of focusing only on tools or buzzwords, he walked us through the complex reality of running digital services used daily by millions of citizens, and what it takes to keep them stable, secure and resilient.

His presentation painted a clear picture: the digital backbone of the Belgian government is evolving fast, and that evolution requires strong foundations, smart automation, and the right partners.

⸻

A Digital Ecosystem Serving Millions of Citizens

FOD Financiën supports a wide range of essential public services — from identity and authentication flows to secure messaging between administrations and citizens. Well-known applications such as Itsme, My eBox and the Digital Wallet all rely on underlying services and infrastructure that must function flawlessly, regardless of the load or season.

Every month, these systems handle:
    •    Millions of logins and authorisations
    •    Over 4 million delivered messages
    •    Massive seasonal peaks during tax declarations, pension updates and government notifications

This scale leaves very little room for error. Any slowdown or misconfiguration has real consequences for citizens and public services. As Dries explained, this made it clear that the organisation needed to rethink its approach and push toward a more modern, predictable and automated operational model.

⸻

Why Change Was Necessary

Before the transformation began, FOD Financiën faced challenges that many public-sector IT departments will find familiar: manual processes, dependence on individual expertise, slow provisioning times and inconsistent configurations across teams and environments.

For example:
    •    Provisioning a single VM could take up to two weeks
    •    Updates were often manual or ad hoc
    •    Operational knowledge lived in people’s heads instead of documented workflows
    •    Monitoring and troubleshooting were scattered across multiple tools
    •    Escalations depended too heavily on individuals rather than automated processes

For an organisation supporting millions of digital transactions per month, this wasn’t sustainable.

⸻

A Clear Set of Principles to Build On

Dries shared the pillars that guide their ongoing transformation — a set of principles that may resonate with many public-sector IT leaders:

1. Standardisation as a Stability Strategy

By reducing exceptions and defining strict, predictable standards for VMs, clusters, access and tools, the team has dramatically lowered operational risk. Standardised infrastructure means fewer surprises and more reliable deployments.

2. Automate When You Repeat

If a task is done more than once, it should be automated. This operational philosophy has been crucial in bringing consistency and speed to the platform.

3. Built-In Security

Security is not an afterthought but a requirement woven through every part of the infrastructure lifecycle.

4. Lifecycle Discipline

Outdated systems, legacy versions and forgotten components are actively eliminated instead of tolerated.

5. A Move Toward Self-Service

The long-term vision is clear: developers and DevOps teams should be empowered through automated provisioning and GitOps-driven governance — not slowed down by tickets and manual steps.

⸻

Modernising the Virtual Infrastructure Layer

One of the biggest breakthroughs came from redefining how virtual machines are provisioned and maintained.

Where provisioning used to take weeks, it now takes around 30 minutes, thanks to:
    •    Automated templates
    •    Foreman and Ansible integrations
    •    Version-controlled inventories in GitLab
    •    Centralised package management via Satellite
    •    Standardised VM configurations across the board

This shift did more than speed up delivery — it provided visibility, consistency and a single source of truth for all operational components.

⸻

Strengthening and Governing OpenShift

As the container landscape expanded, new challenges emerged. Multiple teams, external suppliers and an increasing number of clusters made governance essential.

The team tackled issues such as:
    •    Namespace ownership and access control
    •    Missing resource quotas
    •    Limited insights into real capacity consumption
    •    Manual alerting and unclear escalation paths
    •    Inconsistent configuration across clusters

By introducing ArgoCD for GitOps, better policies, improved Prometheus-based monitoring and more reliable logging pipelines, FOD Financiën gained the visibility and control needed to operate OpenShift at scale.

⸻

The Critical Role of Monitoring and Log Management

Dries shared that their Elasticsearch platform ingests hundreds of millions of logs per day — and ensuring reliability at that volume is no small feat. The team strengthened indexing strategies, capacity planning, lifecycle management and redundancy across Elastic and Kafka.

They also built:
    •    End-to-end synthetic monitoring
    •    Detailed dashboards for key citizen-facing services
    •    Automated escalations through OpsGenie
    •    More predictable alerting pipelines

These changes significantly reduced incident response times and made nighttime interventions the exception rather than the rule.

⸻

A Real-World Incident That Improved the System

One powerful anecdote involved a log-ingestion outage that happened late at night. Although monitoring detected the problem, the escalation workflow didn’t reach the right engineer. The incident wasn’t resolved until morning — a clear sign that detection alone isn’t enough.

This led to improvements such as:
    •    Stronger, multi-layered emergency escalation
    •    Reinforced backups and snapshot strategies
    •    Fully automated deployments for Elastic and Kafka
    •    More robust on-call workflows

Instead of hiding the issue, Dries used it to strengthen the system — a refreshing level of transparency uncommon in public-sector environments.

⸻

Where Kangaroot Fits In

Dries highlighted that this transformation isn’t something a single team could achieve alone.
Kangaroot, as a long-term partner, plays a crucial role in enabling this evolution. Through their expertise in Linux, open-source tooling, OpenShift, automation and GitOps, they support FOD Financiën with:
    •    Architectural guidance for container and VM platforms
    •    Operational best practices
    •    Hands-on expertise for Kubernetes, Elasticsearch, Kafka and monitoring
    •    Training and knowledge transfer to internal teams
    •    Reinforcement during migration or scaling phases

Their collaboration helps ensure that processes are not only implemented but also embedded sustainably within the organisation.

In other words: Kangaroot acts as a trusted technical accelerator — a partner that ensures the infrastructure keeps evolving in the right direction, aligned with the needs of both DevOps teams and public services.

⸻

Looking Ahead

The roadmap for FOD Financiën is ambitious but grounded in practical needs. The team is moving steadily toward:
    •    Broader GitOps adoption
    •    Policy-driven governance
    •    Automated cost and capacity insights
    •    Stronger secrets and artifact management
    •    More self-service capabilities
    •    Even tighter collaboration between infrastructure and application teams

The overall goal is clear:
a stable, predictable and secure platform that empowers developers instead of slowing them down.

⸻

A Final Reflection

Dries’ presentation offered a candid look into the complexities of modernising government IT. It’s not about chasing the newest hype; it’s about making smart, sustainable and secure decisions that improve reliability for millions of citizens.

With clear principles, disciplined execution and strong partners like Kangaroot, FOD Financiën is building an infrastructure that not only works for today — but is ready for tomorrow.

⸻