As an IT service provider for the government, Smals contributes every day to the digital transformation of essential services for citizens and businesses. They monitor critical digital platforms such as E-health and data sharing. Reliability, continuity and security are therefore essential in the IT environment managed by CTO Dirk Deridder.
Smals is an IT service provider that supports more than 300 public institutions and the government in Belgium. It is involved in crucial projects with an impact on the lives of every Belgian.
At the helm of Smals’ IT environment is CTO Dirk Deridder. He oversees various teams where 2,200 employees work together on more than 3,000 applications. That is why Deridder uses a clear mantra: rather move forward slowly and thoughtfully than accelerate blindly and keep running into the wall.
For him, there are three important pillars within Smals: operational dependency, digital resilience and knowing what his teams do on a daily basis. “Our systems are often critical to society,” says Deridder. “If they fail, various parties feel it immediately.” In a conversation with ITdaily, Deridder elaborates on the functioning of Smals and the unique challenges he has to find an answer to as CTO.
read also
Not all Flexibility is the Same: should You be Locked into a (Cloud) Provider?
ITdaily: “What does the IT environment you’re responsible for look like?”
Deridder: “Our IT environment is quite extensive. We operate in three data centers with the full technology stack in them. We manage as many as 3,000 applications for all our members. These are all institutions and organizations from the public sector.”
“The IT environment also serves as an internal engine for these institutions to realize their impact on society. This means that we manage very critical systems where a failure can have a major impact. If the E-health platform is down, it affects pharmacists, doctors and the patients themselves. That is why we provide 24/7 support.”
What are your main priorities at the moment?
Deridder: “Our priorities are not that different from other large service providers: a hybrid smart cloud strategy, AI, cybersecurity, NIS2… Cost control is also an important point. We must use the resources we receive sparingly.”
Does the rest of Smals understand these priorities sufficiently? Is everyone on the same page?
Deridder: “We have 2,200 employees, so it is important that we communicate sufficiently and involve the teams sufficiently. I want to know how and in what context people work. Everything can be said and we take that into account. In this way we can adjust our strategy and bridge the gap between the strategic and the tactical to the operational. We want to keep this interaction between employees and management very active.”
Does the IT department have access to enough people and resources to successfully complete the challenges?
Deridder: “Like everyone in IT, we face an enormous challenge in finding good and strong profiles. That is why we have to do more with the same number of people, and we think it is important that people evolve sufficiently. Our employees must embrace new technologies such as AI, otherwise we will stagnate. We provide a significant training budget for our employees so that they can remain up-to-date at all times.”
Is the future of Smals’ IT environment in the cloud, on-premises or in a combination of both?
Deridder: “For us, it will definitely remain and become a hybrid environment. For niche applications, such as ticketing or contact center software, we resolutely opt for the public cloud. These are domains where we do not have the scale or expertise to do that efficiently ourselves. It is different for our core systems. These are applications that must remain operational for five, fifteen or even thirty years and whose use is predictable. We are not a start-up that suddenly has to scale exponentially. That is why we make conscious, opportunity-driven choices: what can go in the public cloud and what cannot.”
“This hybrid approach is also important in the context of digital sovereignty and geopolitical risks. We want to avoid becoming dependent on one supplier or one country. That is why we are looking at open source and architectures that keep us sufficiently agile.”
What impact do regulations like NIS2 and DORA have on IT policy?
Deridder: “We fall under NIS2 for critical infrastructure and that obviously has an impact. I see this as a positive thing, because we live in a completely digital society today. If digital systems fail, everything comes to a standstill. At the same time, we must be careful not to focus too much on compliance. The goal should not be to build a paper NIS2 with a lot of policies, audits and documents. We must not protect ourselves against the regulations, but against cyber attacks.”
“That is why I think it is important that the majority of our efforts go to effective technical and process measures. Moreover, NIS2 goes much further than IT alone: it also affects physical security, access control, business continuity plans and crisis management. Digital resilience must be priority number one.”
How does Smals deal with the AI hype?
Deridder: “Everything is AI today, but we try to contextualize it. There are different types of AI and not every technology is suitable for every use case. Generative AI, for example, is not deterministic, so you should not use it for applications that must be 100 percent correct, such as legal processes.”
“We therefore have an internal innovation process, an AI framework and a network of ambassadors who spot opportunities and supervise experiments. This allows us to test new technologies without blindly joining the hype. At the same time, I do not see AI as a threat, but as a necessity. In cybersecurity, we receive millions of alerts every day. No human can process that manually. With AI and machine learning, we reduce that to a manageable number. AI helps us do more with the same people, but it does not replace them.”
Which important trends are you following with an eye on the next three years?
Deridder: “An important trend is quantum computing, not to apply it today, but because of the impact on cryptography. We must ensure that data that is encrypted today is still secure tomorrow. That is why we are committed to crypto-agility. In addition, digital sovereignty remains crucial, especially in the current geopolitical context. We try to tackle this through agile architectures, open source and multi-vendor strategies, so that we are not tied to one supplier.”
“Of course, artificial intelligence remains a dominant trend, but linked to the flexibility of the organization, talent development and strong cooperation with our members. Finally, I think it is essential that we continue to invest in domain knowledge and digital inclusion, so that technological innovation always remains at the service of society.”