AWS re:Inforce 2024
Securing Workloads Using Data Protection Services Feat Fannie Mae Dap321

Title: AWS re:Inforce 2024 - Securing workloads using data protection services, feat. Fannie Mae (DAP321)

Insights:

  • Introduction and Background: The session was led by Ade Oseni Adebite and Raj Patelje from Fendemy, a mortgage provider. They discussed their history, reasons for choosing AWS, and the data protection measures they implemented.
  • Fannie Mae's Mission: Established in 1938, Fannie Mae aims to help homeowners secure mortgages, assist renters, and support home buyers and sellers by providing liquidity to the market.
  • Data Protection Requirements: Key requirements include securing application workloads, protecting identities throughout their lifecycle, automating provisioning, ensuring data security in transit and at rest, leveraging least privilege access, and ensuring data resilience across regions.
  • Secret Management: Fannie Mae uses AWS Secret Manager to manage various secrets, including database credentials, API keys, and certificates. They emphasize namespace creation, event-driven lifecycle management, and automated secret rotation.
  • Encryption and Key Management: They use AWS KMS for encryption, ensuring data is encrypted at rest and in motion. They prefer customer-managed keys (CMK) for better access control and use multi-region KMS keys for resilience.
  • Hybrid Workloads: Fannie Mae's environment includes both AWS and on-premises workloads. They use AWS IAM role anywhere functionality to manage secrets across different environments.
  • Automation and Integration: Automation is crucial for managing secrets and credentials. They developed custom SDK wrappers to simplify secret integration for application teams.
  • Governance and Compliance: They use third-party products for governance and compliance, integrating with AWS ACM and private CA for certificate management.
  • Lessons Learned: Automation is challenging but essential. Moving workloads to the cloud requires collaboration with AWS to streamline processes and address specific needs.

Quotes:

  • "Our goal is to provide liquidity to the market so that banks can afford to loan financial information, financial data to renters and to buyers."
  • "We want to make sure that the application workloads are secure, the identities are protected in every lifecycle."
  • "We use AWS Secret Manager to manage all kinds of secrets... You need to secure, manage, rotate them in a very safe and sound manner."
  • "Automation is hard. Our application team are used to managing their own secrets. And as we moved them to the cloud, we said, let's help you remove this need for you to worry about, I need to rotate my credential."
  • "There are opportunity to streamline your process as you move your workload from on-prem into AWS. And you should talk to your AWS services, talk to them about your needs and your requirement."
Securing the Software Supply Chain with Detection as Code Tdr224 SSecuring Your Aws Environment with Automated Dspm Tdr323 S