The Hybrid Compromise: How NEO Belgium Ended the “Cloud vs. No Cloud” Debate

In this interview, Martijn Bauters, CDO at NEO Belgium, breaks down how the governmental agency bypassed the “all-or-nothing” cloud deadlock to build a strictly governed hybrid platform for social security data. He discusses the logic behind their hybrid architecture, the reality of making compliance “boring,” and how they maintain a data product approach in a highly regulated environment.

For government agencies handling social security, the “cloud versus no cloud” debate often stalls innovation for years. NEO Belgium bypassed this deadlock by skipping the full cloud migration in favor of a hybrid model with rigid boundaries. By establishing exactly which data stays on-premise and which workloads use the cloud, they turned compliance from a bottleneck into a repeatable feature. 

We spoke with Martijn Bauters, CDO at NEO Belgium and Co-Founder of Agoya, about making hybrid platforms “boring” for compliance and building data products in highly regulated zones. 

Highly regulated environments are challenging for cloud adoption. How did you overcome this at NEO Belgium?

Martijn Bauters, Speaker at the Data Innovation Summit

Martijn Bauters: We did not do a full move to the cloud, which is an important nuance to highlight. We are moving to a hybrid model with clear boundaries. This stopped the “cloud versus no cloud” debate and allowed us to define which data can never leave certain zones, which workloads benefit from cloud elasticity, and which controls must be proven through auditability, access control, encryption, logging, and segregation.


Defining this helped us establish an accepted governance and security model, and focus on the lowest-risk, highest-value use cases first. We actually made it boring for compliance.

What has been the biggest technical challenge in building a hybrid cloud platform for sensitive social security data?

Martijn Bauters: You have a large number of regulatory compliance rules to adhere to, which already limits the options. Hybrid is not hard because of “two platforms.” Hybrid is hard because you need one consistent authorization model to define who can see what and why, end-to-end lineage to track where every number came from, and logging that stands up in an audit. All of this must happen across on‑prem and cloud systems that were never designed for that level of control. So the biggest challenge is making the platform behave like one governed system, while technically it is not. 

As we our hybrid platform is really the middle man in this process with a clear centralized data platform at the start and clear applications to connect to the data it is easier to handle access rules and permissions on both systems equally.

With government compliance and fraud detection as top priorities, how do you maintain a “data product” approach?

Martijn Bauters: We see compliance as an opportunity, or a feature, not as a blocker. Adhering to regulatory compliance allows you to move faster without constantly revisiting the same questions. We also embed the hybrid model as the middle layer, which allows us to push a data product approach across different locations in the platform. 

A data product approach still works, but you have to be very explicit about ownership and who is accountable for the data product. You need clear contracts regarding definition, quality, refresh, and access rules, alongside robust observability for quality metrics, incidents, and usage. 

Finally, security‑by‑design through masking, least privilege, and approvals is essential. Fraud detection is a good example of this because it pushes you to be consistent; the first thing fraud models punish is messy definitions and inconsistent data.

Hybrid platforms combine legacy on‑premise systems with modern cloud applications. How do you ensure consistent data quality across both?

Martijn Bauters: We always start with an on‑prem “hop” that enables anonymization and pseudonymization before moving anything to the cloud. For us, metadata is not an add‑on, but a foundational requirement to move data further through the platform. The “serve layers” that provide data to end users are the endpoint of both the on‑prem flow and the cloud flow.

How do you enable non‑technical teams to use the platform effectively while maintaining security and governance?

Martijn Bauters: We use layered governance, where individuals gain more rights after completing the necessary training, moving from dashboard users and self‑service creators to full platform contributors. Additionally, cloud‑based tools connected to the platform can only use the non‑sensitive flows in the cloud, and not the flows from the on‑prem hop.

Concretely, we publish curated datasets with clear descriptions and usage guidance so people don’t have to reverse engineer them. We use role‑based access and we keep it simple: users should not need to understand security to be secure. We standardize the tooling for consumption through the BI layer and approved notebooks or templates. Finally, we train people with real examples by showing them the dataset, explaining what they can do with it, and being very clear about what they cannot do.

When the outcomes are national statistics and improved social security, how do you evaluate the impact or ROI of the data platform?

Martijn Bauters: The impact is that we can now produce these outcomes as data products following FAIR principles, instead of relying on old‑school SAS workloads running without CI/CD. This means we now have a technologically superior product that attracts better statisticians and engineers, and enables them to work more efficiently and effectively.

Looking ahead, what trends in hybrid cloud adoption should European government agencies be preparing for, and what lessons have you learned from implementing them?

Martijn Bauters: Be prepared for partners to change their service and implementation details. For example, we initially used Airbyte for data integration because one of our requirements is that only non‑PII and pseudonymized or anonymized data can move to the cloud. Airbyte used to have a self‑hosted on‑prem solution which they are cancelling by the summer, which forces us to execute our exit strategy and evaluate alternative tools.

To see these strategies in action, catch Martijn Bauters at the Data Innovation Summit 2026 in Stockholm. He will be on the Data Platform & Architecture Stage, where he’ll discuss the frameworks and governance models that turn high-stakes compliance into a scalable business advantage. Don’t miss this chance to hear how one of the industry’s leading voices is moving beyond AI pilots to build resilient, product-driven data departments. 

Add a comment

Leave a Reply