Carmichael Patton, the lead architect for the Zero Trust journey at Microsoft.


TRUSTcast’s purpose is to bring insights from trust executives and leaders from around the world into your homes and share them in an atmosphere of a relaxed conversation. In Episode 3, we are hosting Carmichael Patton, the lead architect for the Zero Trust journey at Microsoft. Carmichael has over 20 years of experience in the IT industry with the last 7 years being in Microsoft.

We have discussed what trust means, the challenges of managing trust and ensuring trustworthiness, Zero trust vs zero risk, the collaboration of different teams in the Zero Trust Universe, and future trends in this sector.

“Trust can mean different things to different people… We need to put some measurement of trust to figure out what it means and why are we trying to get to that.”

“Zero Trust has become an overburdened term now because everyone is using it for their products… You know, My product is zero trust, My solution is Zero Trust, I’m selling you zero trust…But Zero Trust is not something you buy or sell. It is about how do I handle my risk, how do I mitigate that risk by implementing security policies, networking or infrastructure changes, that will bring that risk as close to zero as possible so that I can start putting a measure of trust in those devices, connections, and users so that my policies are effective.”

“Covid was interesting to say it that way… The term that everybody loves I’ve always done it that way – Well all of a sudden you can’t always do it that way because that way does not exist anymore because I have all of my employees someplace else and all my data is accessed in different ways. That caused a lot of us to rethink what we were doing.”

“In the security space and my architecture space we realised That vision we had that was maybe 10 years away, I think we might be closer to 2 or 5. So we had to start pivoting more on what can I do to accelerate that vision.”

“Sending people home for Covid was almost a non-venture for us because we had an infrastructure in place to deal with it. The challenges for us were more around the usage of things such as personal devices… This led to the issue of how to get physical clients into people’s hands because the other issue that happened in the last years was in the supply chain and demand… You have a thousand interns starting in the summer of 2020 how do we ensure they are able to work for us?…”

“There is a definite need to understand the overall governance of the environment, the risk, devices you have, what service they connect to… there is a need to centralise that governance. This is where future investments should go to.”

Author: Dr Adela Drozdibob

Publication date: 12th November 2022, QUT, Brisbane,