The first users of Microsoft's cloud development service, Visual Studio Online, were small consulting companies or remote teams inside companies, because they needed a simple way of working on code together. "They didn't want to spend a lot of time getting up and running and they wanted a hosted solution so they didn't have to worry about VPNs and firewalls," Visual Studio Online chief Brian Harry told us.
"But now we're seeing that larger businesses are very much interested in Visual Studio Online. They like not having to upgrade to get new features – we're constantly showing them new features and they don't want to wait for the next version to get them." Visual Studio Online gets new features every three weeks, rather than the three years you might wait for a new version of Team Foundation Server you can run on your own servers.
Over the last few months, Harry says he's been hearing from large companies wanting to get on the service. "We have companies of all sizes who are customers and they have groups of 20, 30, 40 people that they put on Visual Studio Online. But in the last three months we've started getting requests from teams with more than a thousand people in."
Microsoft is adding new features to make Visual Studio Online ready for enterprise customers. "As we get these large customers who want to bring their entire enterprise on board with cloud, we're hearing common requests. They say 'we love cloud; we've managed Team Foundation Server ourselves for a long time and what we've come to realise is that we're never going to be as good at it as you are.' But they're also very sensitive about questions of privacy, security and control."
Compliance comes up a lot in these conversations, Harry says. "In January we announced some certification work that we've done to help people feel good about the care we take in protecting the integrity and confidentiality of their data." That included ISO 27001 certification and putting the EU-approved European Model Clauses in the service terms.
One of the most common requests has been for 'IP fencing'. "They'll say 'I want to have accounts on Visual Studio Online but have it so that only people on my company network can access them'. We're working with the Azure AD team on it and in the next couple of months we'll enable that feature."
That kind of access limitation might sound like losing a key advantage of using a cloud service. "It's not for everyone," Harry agrees. "One of the points of going to the cloud is the access from anywhere to this collaboration. But in this situation, the enterprise wants us to manage things, they like having it always up to date, they like using a SaaS service – but they still want it very private and very locked down."
Other businesses are uncomfortable with their traffic going over the internet, even using SSL. "So we worked with the Azure ExpressRoute team and we've now certified Visual Studio Online to work with ExpressRoute." That's the same thing Office 365 and Skype for Business have done – you can take a private connection from a provider like BT or AT&T and have all your traffic to Azure, Office 365 and Visual Studio Online go directly between your network's and Microsoft's data centres without ever touching the public internet.
Few businesses are asking for 'Bring Your Own Key' options, where they can store encryption keys for a service in their own systems, says Harry. "More often, I'm asked about encryption at rest, which we're working to support." That will secure your code but still let you use key Visual Studio Online features, he explains.
"We need to manipulate your data; we give you deltas of code changes, code analysis, per line code commenting and code reviews – we do all this manipulation of the data that provides value and helps you understand the data, but that has to be done on the service, so we need the encryption key to access your data. We recently announced the private preview of code search, which will give you enterprise-wide code search in your browser, and we can't do that if we can't decipher the data."