Files in remote servers can be safer than they are on-site, says Microsoft man.

For lawyer Michael Brick, the workplace is the downtown Auckland office of Seattle-based Microsoft.

Meanwhile, his Kiwi-born wife Sally Brick, also a lawyer, is across the harbour in Devonport, managing a team of eight environmental lawyers working in Seattle for the US Government.

It's all possible because of technology, and, says Brick, illustrates the booming tech sector in New Zealand. "With the cloud you can base yourself in New Zealand but you can offer products and services around the world."

As general counsel for Microsoft, Brick is a legal Jack-of-all-trades, dealing with licences, nailing down contracts and ironing out HR issues, but he also spends a fair chunk of his time talking about cloud computing.


Customers he speaks to are quick to voice anxiety about the security of their information once it goes into the cloud.

Rightly so, he says, but safeguarding data is top priority for the global tech players - Microsoft alone tips US$1 billion into defending its products against hackers, malware and other security threats - making moving to the cloud more secure than keeping it on-site.

"My message to people is: be concerned about the cloud - make sure you are using the right cloud - but there is a huge amount of benefit from a security perspective by going to a very well-protected cloud."

And Microsoft definitely has its head in the cloud.

"We are in the process of transforming from a company where you used to go to Noel Leeming and buy Office in a little box or already installed on a computer, but moving to the cloud, moving Office and all of our products to the cloud.

"For us it's a transformation but it's also a transformation for consumers with their home computers but also for businesses in New Zealand."

From Microsoft's point of view, New Zealand has been an early adopter of cloud technology: this country is the most highly penetrated market for its cloud-based version of Office, Office 365, says Brick.

"People hear that they should be concerned about cyber security, which they should be, and they hear that they should be concerned about the cloud but they're really not sure about how to peel the onion and figure out what the issues are."

Much of the confusion can be traced back to not understanding what the cloud is, he says.

"At the end of the day the cloud is a bunch of servers in a data centre somewhere." In the case of Microsoft customers, those servers are in either Sydney or Melbourne.

"If you're going to move to the cloud you need to know how it works, you need to know where your data is, you need to know when people who operate the servers are going to access your data.

"A big issue today is: when does law enforcement have access to my data?"

Microsoft is currently defending itself against the the US Department of Justice, which has issued a US domestic search warrant in a narcotics investigation, arguing Microsoft should hand over emails sent to and from a Hotmail address belonging to an Irish citizen, stored on a server in Ireland, on the basis that the emails are "business records" of a US-based company.

The legal battle has huge implications for businesses around the world, says Brick, throwing up a number of issues about when a government has the right to access data.

It's not all "them vs us" in terms of government relations.

In New Zealand, Microsoft, with other technology players, is actively involved in the Government's cyber security strategy announced late last year, particularly the introduction of a CERT.

A registered trademark owned by Carnegie Mellon University, CERT - standing for computer emergency response team - is a recognised cyber security standard.

The CERT will provide a one-stop-shop for cyber security issues, says Brick. "I think it's great for New Zealand because today you have a lot of well-intentioned, different groups," he says.

"You've got the GCSB, who's tasked with protecting New Zealand's information systems, you've got the National Cyber Security Office, the Department of Prime Minister and Cabinet, there's a cyber security team within the New Zealand Police.

"Everyone is well intentioned but have one, as we would say at Microsoft, throat to choke or have one group coordinate and be responsible I think will be super important because it's then easier for that agency to coordinate all the other groups."

The CERT will be a partnership between public and private organisations, with Microsoft contributing the likes of real-time information it is getting on relevant local threats - important when cyber crime is a sophisticated global threat that no one company or government can successfully fight on its own, he says.

"I think the establishment of a CERT will be a huge step forward here in New Zealand."

Michael Brick

• Aged 47, father of three, married to a New Zealander he sat next to in law lectures at University of Iowa.
• Appointed legal counsel for Microsoft NZ in 2013 and on the Microsoft NZ senior leadership team.
• Earlier spent 10 years providing legal support to product development teams at Microsoft's offices in Redmond, near Seattle.