Modernizing Public Sector IT with a BIO-Compliant Cloud

Back to overview

Our customer, a large cloud service provider for the Dutch government, wanted to expand their offerings with secure, compliant cloud environments. Together with SUE, they built an Azure-based platform that meets strict BIO (Baseline Information Security for Government) standards. This platform enables government organizations to move to the cloud safely without managing their own infrastructure or security policies. The result: faster adoption, minimized risk, and a future-proof public cloud foundation.

Customer A large cloud service provider for the Dutch government

Industry State & National Agencies

Application Modernization

Why change was needed

A secure bridge to cloud-first government services

The customer traditionally provided on-premise services to various public institutions. However, demand for flexible and scalable cloud services grew rapidly, driven by a mix of innovation needs and operational efficiency. Use cases ranged from testing environments for AI workloads to running government apps that didn’t involve sensitive data but still required high availability.

The customer saw a clear opportunity: offer cloud services as a “broker” between Azure and government agencies, taking care of all the heavy lifting, such as networking, access management, security, and compliance. Their goal was to deliver a secure, ready-to-use cloud environment that public institutions could trust from day one.

Security and compliance complexity as a blocker

Government agencies can’t just spin up a cloud environment overnight. Strict regulations, especially the BIO framework (the Baseline Information Security for Government, a standard based on ISO 27001), require careful implementation of security controls, logging, and identity governance. Most clients lacked the expertise or time to handle this internally.

The customer needed a solution that would be:

Fully BIO-compliant
Secure by default
Easily replicable across organizations

The technical foundation was partially in place, but it lacked the depth and automation needed for operational readiness. They needed help building a secure-by-design, policy-driven platform.

CTO

"By working with SUE, we accelerated years of architectural work into a secure, compliant cloud platform we can offer with confidence. BIO compliance, identity governance, and policy enforcement are now built into the foundation, not added as an afterthought. This partnership enables us to innovate faster, while we scale our services with far less operational risk."

The Resolution

Secure, compliant, and ready to scale

Together with SUE, the customer developed a robust cloud platform based on Microsoft’s Azure Landing Zones, using the Enterprise Scale architecture as a blueprint. The result is a repeatable model for public organizations: secure environments that are instantly usable, without requiring deep Azure or security knowledge.

The Outcome

BIO-compliant by default
All environments are built according to Dutch government standards for information security.
Security baked in
Sentinel, Defender for Cloud, Conditional Access, and Privileged Identity Management ensure enterprise-grade protection.
Speed to deploy
New cloud environments are provisioned automatically using Bicep and PowerShell.
Lower overhead
Clients only interact with the "landing zone", while all underlying infrastructure and security layers are managed by the customer.
Scalable foundation
The architecture supports future expansion, policy updates, and onboarding of additional public sector customers.

What SUE delivered

When SUE joined the project, a basic Enterprise Landing Zone framework was in place. We picked up from there, adding the layers that mattered most: security, automation, and compliance.

Each component was delivered as reusable code, allowing the customer to spin up secure environments for new clients quickly without manual steps or custom work per organization. Additionally, we ensured the entire platform evolved alongside Azure best practices. Over time, the codebase was upgraded (e.g., moving from PowerShell to Bicep), ensuring long-term maintainability.Enterprise Policy as Code: a fully automated policy framework ensuring resources are provisioned securely and consistently.

Azure Policies: enforcing what resources can and cannot be deployed, based on government-approved standards and BIO-compliant.
Sentinel logging and alerting: for real-time monitoring and incident response.
Defender for Cloud: Microsoft’s threat protection integrated across all subscriptions.
Priviledged Identity Management (PIM): to restrict and audit administrative access, with just-in-time elevation and approval workflows.
Conditional Access & Entra ID: enforcing MFA, geo-restrictions, and access conditions to prevent unauthorized usage.

Innovate faster

The bigger picture

This project was a strategic enabler for digital government. With SUE’s support, the customer now is able to offer a compliant and secure cloud foundation that lowers barriers for innovation across the public sector. Government organizationscan confidently adopt the cloud, knowing their environments are secure, compliant, and profesionally managed from the ground up. For the customer, that means faster client onboarding, fewer risks, and a clear path to scalable growth in a highly regulated domain.

Let's Talk