Cloud Security Administration for Maryland Health Benefit Exchange (MHBE)


The Maryland Health Connection (administered by the Maryland Health Benefit Exchange) is the health insurance marketplace in the U.S. state of Maryland, created in accordance with the Patient Protection and Affordable Care Act. The marketplace is offered to individuals and families who are not covered by their employers. It allows enrollees to compare health insurance plans and provides those who qualify with access to tax credits. It also provides access to Medicaid enrollment for low-income Marylanders. Enrollment started on October 1, 2013. As of the 2019 calendar year, 156,963 people were enrolled in private health plans, 39,720 people were enrolled in stand-alone dental plans, and 1,076,175 people were enrolled in Medicaid through Maryland Health Connection.

Project Scope

The Maryland Health Benefit Exchange (MHBE) was seeking a Cloud Security Specialist vendor to administer security systems for the Maryland Health Benefit Exchange systems.


V Group is currently working with MHBE as a prime vendor to develop and implement cloud security controls, cloud-based processes and tools, and cloud security task automation. We perform security assessments, work closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure, and find solutions to provide required functionality securely. Our team is responsible for continuously monitoring cloud security operations, responding to security issues, and escalating as necessary. We conduct security impact analysis of controls on proposed system changes. V Group conducts cloud security assessments and Penetration testing performs Incident Response and Forensics evaluation using security information and event management (SIEM) tools and ensures that the MHBE system security requirements are addressed during all phases of the system development life cycle.

We are also responsible for reviewing and updating systems security documentation and artifacts such as Systems Security Plan, Information Security Risk Assessment, Privacy Impact Assessment, Systems Security Report, Correction Action Plan, Plan of Action, and Milestones (POA&M) and creation, tracking POA&M requirements for resolving security findings. We administer cloud-based and physical firewalls and adhere to all security, change control, and MHBE Project Management Office (PMO) policies, processes, and methodologies.


  • Cloud Security
  • Computer Security
  • AWS or Azure supporting Security Operations
  • SIEM; AWS Security features such as Security Groups
  • Network Access Control List
  • Firewall
  • WAF
  • Guard Duty
  • CloudTrail
  • CloudWatch
  • Control Tower

Word from Spearhead

Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.