How/Is Visual Studio Online Protected?

CertifiedIf you have been pushing your company, or even yourself, toward using Microsoft’s Visual Studio Online (VSO) cloud offering, you’ve no doubt been on the other end of questions such as: How does Microsoft project my data? How do I know it’s not going to end up in the wrong hands? What happens if a database fails? and on, and on, and…

These are fair questions. If you are going to trust another entity with the very essence of the software solutions your company has put so much time, effort, money and, potentially, intellectual property into then you want to ensure your “bits” are in safe hands.

A while back (October, 2014) Jeff Beehler (who runs the compliance team at Microsoft) put out a paper, Microsoft Visual Studio Online Data Protection. This paper discusses details regarding the technology behind VSO, data availability, service availability, service security, and so on. If you are at all curious about what goes on behind the scenes in how Microsoft protects your assets in VSO, then this is a must read!

The same paper also mentions that Microsoft is in the “final phases of the audit process for ISO 27001:2013 certification”. As of a couple of days ago, Brian Harry blogged that they have indeed reached certification status (as of last month) – as well as added the European Model Clauses to the service terms (which essentially means that Microsoft is ensuring their VSO service abides by the EU data privacy regulations).


Brian goes on to mention that ISO 27001 certification isn’t the “end of our journey” but, rather, the beginning. He states that it is likely they will go on to achieve SOC compliance.

I am not a lawyer, nor do I have any desire to ever become one :-) However, I do have a deep appreciation (and certain expectations) of Microsoft working through these processes to ensure protection of the data we entrust to them.

I’m curious… does this milestone make you – or your company – more likely to trust Microsoft with your data (in VSO)?