Federal Mortgage Buyers Fannie Mae and Freddie Mac Are Moving To Commercial Cloud

The government’s two major housing loan programs, Fannie Mae and Freddie Mac, have been working their way through large-scale transitions to commercial clouds, though not without a few hiccups, according to a report from the Federal Housing Finance Agency Office of the Inspector General.

In a report released Wednesday, the FHFA OIG outlined the two programs’ cloud migration efforts and identified ongoing issues and risks that cloud computing—and, specifically, the migration process—introduce.

Freddie Mac, the government-sponsored mortgage corporation that works with small banks, has been working through its Infrastructure Transformation Program since February 2019, including a mass legacy application migration on track to be completed by the end of March.

That effort resulted in 70% of the program’s apps being migrated to a commercial cloud platform, while the remaining 30% were deemed not suitable for a public cloud. That remainder will be maintained in government-owned data centers for the time being while Freddie Mac officials look at alternatives, such as modernizing or outright replacing the legacy apps.

As part of the plan, Freddie Mac also intends to modernize its applications to better operate in a cloud environment, including those that were not deemed suitable for migration during the first phase.

“In the second phase, Freddie Mac is exploring modern, cloud-based options for the legacy applications—for both the applications that it did not move to the cloud and the applications that moved to the cloud in their legacy form,” the report states.

The second-phase work began in mid-2019—concurrent with Phase I—but officials told the IG there is no hard end date for that effort.

During the first phase, Freddie Mac officials saw a marked increase in “technology related incidents” across the enterprise, topping out in September 2019. Since that time, the program established a task force to identify and mitigate issues, which has led to a significant drop in incidents as of January 2020, the IG reports.

“Upon completion of its cloud migration, Freddie Mac expects a decrease in its overall operational risk because its technology infrastructure would no longer be in a transitional state,” they wrote.

Freddie Mac’s sister program, Fannie Mae, which performs a similar function but buys mortgage loans from larger, commercial banks, is also in the middle of a major cloud migration. The Fannie Mae migration effort has been split into three parallel streams: preparing the cloud environment, migrating applications and migrating data. With the first stream complete, the program has been hard at work migrating apps and data.

As of October 2019, the loan agency reported a quarter of its apps had been migrated to commercial cloud infrastructure, with a goal of reaching 36% by the end of 2020. Over the next few years, officials expect to move some three-quarters of Fannie Mae’s business apps to the cloud.

Fannie Mae officials told the IG they expect the third stream—data migration—to be completed in its entirety by the end of 2020.

As with Freddie Mac, Fannie Mae officials noted active migrations open the enterprise to risks.

“Specifically, Fannie Mae identified the risk of creating multiple copies of data, which can cause confusion and conflicts, during the migration process,” the report states. “Fannie Mae officials told us the enterprise is actively monitoring the risk and exercising a high level of rigor as they migrate the data.”

Along with these migration risks, the IG also pointed to other cloud computing issues, including concentrating too many services with a single cloud provider and insufficient technical staff within the programs to handle issues.

Officials from both programs told the IG they are aware of the concentration issue and are working with the cloud providers to ensure backups and redundancies are in place. The programs also said they have “developed risk mitigation strategies for hiring, training and retaining cloud personnel” to deal with potential staffing issues.