by October 21, 2011 0 comments

Mulholland, CTO,

underlying theory behind outside-in software is that to create
successful software, you must have a clear understanding of the goals
and motivations of your stakeholders. Your ultimate goal is to
produce software that is highly
and meets/exceeds the needs of your client.

you extend this thought further, and really think about what those
business people with iPads, smartphones or Android tablets are doing
then the clear answer is it’s not IT as we define it today. The
first point is that they are not looking to connect to, and use, the
existing enterprise applications beyond email, no instead they want
to participate in external communities, use the Web in its broadest
sense for real-time information, and consume selected services from
‘App Shops’, possibly even generate completely new business
activities on Amazon Web Services. All activities which focus on
interaction with people, process and real-time data to use a phrase
often associated with mobility and clouds but more often with
real-time data.

importantly, these activities are centered outside the enterprise,
outside the firewall, and outside the traditional enterprise
application technology of IT, with only a few activities requiring
connection ‘inside’ the enterprise i.e. mobility in the full
sense of the word can be described as ‘outside-in’. The primary
focus and value comes from external or activities ‘outside’ the
enterprise and there is a limited secondary value around connecting
‘inside’ the enterprise.

the activities of enterprise IT can be defined as ‘inside-out’ as
they start, and are focused on activities ‘inside’ the enterprise
and reach towards the outer edge with only a few activities requiring
‘outside’ access i.e. use of the Internet and Web. The key point
of this important insight is the question; exactly why are we trying
to deliver this new ‘outside’ world of business use from the
‘inside’ with all the attendant issues? Even more importantly,
are we failing to recognize that additionally the enabling technology
is radically different as well? The ‘inside-out’ model of
traditional IT is around monolithic enterprise applications using
client-server to support a close-coupled, state-full, or
data-centric, deterministic environment whereas the ‘outside-in’
is based on Internet Web architecture characterized as loose-coupled,
stateless and non-deterministic.

a real client example from last week helps to make this clear; it was
the operating authority of a major airport, and in the airline
industry there have been several announcements of airlines deploying
large numbers of tablets or smartphones to improve ‘operating
efficiency’ to frontline staff. In plain language this means
dealing with the many unplanned events, from missing passengers to
lost luggage, finding the passenger steps to replenishing food and
drink, etc for a last minute change of the gate an aircraft arrives
at etc. The existing ‘inside-out’ IT systems of all the various
members of this ecosystem, airport operator, airlines, baggage
handler, food services, etc, etc each show
their planned activity to their staff via their secure enterprise.
The data comes from the central processing out to the edge of the
enterprise in the form of structured non real-time information
delivered securely within the ‘firewall’, or boundaries of their
enterprise IT operations.

operational improvement challenge is that in the ‘real’ world a
series of unforeseen events occur that, to be solved, require the
staff of the organizations involved to interact
in a unique way to suit each event. The better any business can do
this the higher their customer satisfaction, and most likely the
lower the costs by optimizing each circumstance. In the Netherlands
we have implemented the
a nationwide
facility which allows the agencies involved in responding to a crisis
to share information with each other in real-time. Before this, the
crisis management systems of the various emergency services, public
authorities and private sector organizations were often not
connected. Each party ran its own ‘
IT systems, and the digital flow of information stopped at the
firewall, leaving staff on the frontline to share the relevant data
with their counterparts across organizational boundaries, and
coordinate a response. The
has replaced this
with an
approach in which content —
assessments to aerial photos, location coordinates and risk

is sent to a pool beyond
the boundaries of the contributing organizations, and partners see
what is relevant to them, depending on what data from that pool they
have subscribed to. Now the agencies can collaborate more easily,
because the traditional barrier between inside and out no longer
prevents each player from seeing the full picture.

is highly people-centric, using real-time data ending in a ‘work
around’ solution, or process, to suit the circumstances. Most
importantly, it doesn’t require any of the people to be present in
each other’s existing enterprise IT systems, though when the crisis
is finally resolved the final set of data is logged in the existing
IT systems of each company or agency. This is the ‘outside-in’
view; the activity occurs ‘outside’ the enterprise and only a
limited amount of access is required to be passed ‘in’ to the
enterprise’s secure IT environment.

new technologies of mobility, big data and clouds allow this to be
achieved without infringing the enterprise security model only if we
apply them in a very different way. Current good practice is to
create and manage a comprehensive and cohesive IT environment within
a secure boundary, and, for the tight coupled, state-full
data-centric client-server applications this is entirely correct.
But, in the examples, given the challenge of permitting unknown
operational staff and networks working in an unstructured way, to
enter this controlled and structured world in a secure manner is

a result the rapid and constantly changing introduction of new types
of ‘apps’ or ‘services’ that allow interaction through social
and collaborative tools, the huge amounts of data to be pooled, and
the new app-based processes to be deployed around this new generation
of ‘front office’ business requirements is a struggle to
accommodate. But only if we insist that we must satisfy these
existing criteria drawn up for a completely different set of business
and technology reasons.

adopting an ‘outside-in’ approach the relevant users and devices
are moved outside the existing secure IT environment, and in the case
of the airport operations will co-exist together on a cloud that
permits loose-coupled, stateless, consumption of ‘services’
supported from this shared cloud. The periodic need to access email,
and a handful of enterprise applications can be handled with true
thin clients working from ‘outside-in’, thus preventing the data,
system, or application from being vulnerable in the same way as if
these devices and users were working from ‘inside-out’ and
requiring everything to be ‘brought inside’ the secure zone. This
model can also accommodate customers bringing their own devices,
agile business and other ways that the requirement for a new business
model is expressed.

is a completely different way of thinking about the requirement,
delivery and deployment model, but given that this is a completely
new generation of technologies that are used in a completely
different way by business we should expect that? After all, the last
big shift to using PC network technology changed every aspect of the
mini computer requirement, delivery and deployment model in the early
1990s!! We simply need to reflect on that definition from the agile
community and realize that we are working from the perspective of
people in shared ecosystems outside and not from the perspective of
data and systems inside. Actually we will need both, which brings me
to the interesting comment from Forrester about the rising importance
of gateways as the connection mechanism between the two environments.

This same thinking impacts
how we are seeing business information change from an ‘inside-out
delivery of historical analytical reporting based on structured data,
to an ‘outside-in
reaction to new data captured from events and activities that is
unstructured and untrusted. In future blogs I intend to explore some
of these aspects.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.