Quoting from Wikipedia; Of all the agile software development methodologies, outside-in software development takes a different approach to optimizing the software development process. Unlike other approaches, outside-in development focuses on satisfying the needs of stakeholders. The underlying theory behind outside-in software is that to create successful software, you must have a clear understanding of the goals and motivations of your stakeholders. Your ultimate goal is to produce software that is highly consumable and meets/exceeds the needs of your client.

If you extend this thought further, and really think about what those business people with iPads, smartphones or Android tablets are doing then the clear answer is it’s not IT as we define it today. The first point is that they are not looking to connect to, and use, the existing enterprise applications beyond email, no instead they want to participate in external communities, use the Web in its broadest sense for real-time information, and consume selected services from ‘App Shops’, possibly even generate completely new business activities on Amazon Web Services. All activities which focus on interaction with people, process and real-time data to use a phrase often associated with mobility and clouds but more often with real-time data.

Most importantly, these activities are centered outside the enterprise, outside the firewall, and outside the traditional enterprise application technology of IT, with only a few activities requiring connection ‘inside’ the enterprise i.e. mobility in the full sense of the word can be described as ‘outside-in’. The primary focus and value comes from external or activities ‘outside’ the enterprise and there is a limited secondary value around connecting ‘inside’ the enterprise.

Conversely, the activities of enterprise IT can be defined as ‘inside-out’ as they start, and are focused on activities ‘inside’ the enterprise and reach towards the outer edge with only a few activities requiring ‘outside’ access i.e. use of the Internet and Web. The key point of this important insight is the question; exactly why are we trying to deliver this new ‘outside’ world of business use from the ‘inside’ with all the attendant issues? Even more importantly, are we failing to recognize that additionally the enabling technology is radically different as well? The ‘inside-out’ model of traditional IT is around monolithic enterprise applications using client-server to support a close-coupled, state-full, or data-centric, deterministic environment whereas the ‘outside-in’ is based on Internet Web architecture characterized as loose-coupled, stateless and non-deterministic.

Using a real client example from last week helps to make this clear; it was the operating authority of a major airport, and in the airline industry there have been several announcements of airlines deploying large numbers of tablets or smartphones to improve ‘operating efficiency’ to frontline staff. In plain language this means dealing with the many unplanned events, from missing passengers to lost luggage, finding the passenger steps to replenishing food and drink, etc for a last minute change of the gate an aircraft arrives at etc. The existing ‘inside-out’ IT systems of all the various members of this ecosystem, airport operator, airlines, baggage handler, food services, etc, etc each show separately their planned activity to their staff via their secure enterprise. The data comes from the central processing out to the edge of the enterprise in the form of structured non real-time information delivered securely within the ‘firewall’, or boundaries of their enterprise IT operations.

The operational improvement challenge is that in the ‘real’ world a series of unforeseen events occur that, to be solved, require the staff of the organizations involved to interact together in a unique way to suit each event. The better any business can do this the higher their customer satisfaction, and most likely the lower the costs by optimizing each circumstance. In the Netherlands we have implemented the Information Pool, a nationwide facility which allows the agencies involved in responding to a crisis to share information with each other in real-time. Before this, the crisis management systems of the various emergency services, public authorities and private sector organizations were often not connected. Each party ran its own ‘inside-out’ IT systems, and the digital flow of information stopped at the firewall, leaving staff on the frontline to share the relevant data with their counterparts across organizational boundaries, and coordinate a response. The Information Pool has replaced this with an ‘outside-in’ approach in which content – from impact assessments to aerial photos, location coordinates and risk charts – is sent to a pool beyond the boundaries of the contributing organizations, and partners see what is relevant to them, depending on what data from that pool they have subscribed to. Now the agencies can collaborate more easily, because the traditional barrier between inside and out no longer prevents each player from seeing the full picture.

This is highly people-centric, using real-time data ending in a ‘work around’ solution, or process, to suit the circumstances. Most importantly, it doesn’t require any of the people to be present in each other’s existing enterprise IT systems, though when the crisis is finally resolved the final set of data is logged in the existing IT systems of each company or agency. This is the ‘outside-in’ view; the activity occurs ‘outside’ the enterprise and only a limited amount of access is required to be passed ‘in’ to the enterprise’s secure IT environment.

The new technologies of mobility, big data and clouds allow this to be achieved without infringing the enterprise security model only if we apply them in a very different way. Current good practice is to create and manage a comprehensive and cohesive IT environment within a secure boundary, and, for the tight coupled, state-full data-centric client-server applications this is entirely correct. But, in the examples, given the challenge of permitting unknown operational staff and networks working in an unstructured way, to enter this controlled and structured world in a secure manner is huge.

As a result the rapid and constantly changing introduction of new types of ‘apps’ or ‘services’ that allow interaction through social and collaborative tools, the huge amounts of data to be pooled, and the new app-based processes to be deployed around this new generation of ‘front office’ business requirements is a struggle to accommodate. But only if we insist that we must satisfy these existing criteria drawn up for a completely different set of business and technology reasons.

In adopting an ‘outside-in’ approach the relevant users and devices are moved outside the existing secure IT environment, and in the case of the airport operations will co-exist together on a cloud that permits loose-coupled, stateless, consumption of ‘services’ supported from this shared cloud. The periodic need to access email, and a handful of enterprise applications can be handled with true thin clients working from ‘outside-in’, thus preventing the data, system, or application from being vulnerable in the same way as if these devices and users were working from ‘inside-out’ and requiring everything to be ‘brought inside’ the secure zone. This model can also accommodate customers bringing their own devices, agile business and other ways that the requirement for a new business model is expressed.

‘Outside-in’ is a completely different way of thinking about the requirement, delivery and deployment model, but given that this is a completely new generation of technologies that are used in a completely different way by business we should expect that? After all, the last big shift to using PC network technology changed every aspect of the mini computer requirement, delivery and deployment model in the early 1990s!! We simply need to reflect on that definition from the agile community and realize that we are working from the perspective of people in shared ecosystems outside and not from the perspective of data and systems inside. Actually we will need both, which brings me to the interesting comment from Forrester about the rising importance of gateways as the connection mechanism between the two environments.

This same thinking impacts how we are seeing business information change from an ‘inside-out’ delivery of historical analytical reporting based on structured data, to an ‘outside-in’ reaction to new data captured from events and activities that is unstructured and untrusted. In future blogs I intend to explore some of these aspects.

For more on the ‘outside-in’ and ‘inside-out’ approaches to cloud in the public sector, visit: http://www.capgemini.com/insights-and-resources/by-publication/g-cloud/.