Skip to content

SparkPost is the leading email delivery and analytics provider that sends more than 5 trillion messages annually, representing more than 37% of the world’s business email. SparkPost provides customers with actionable, real-time data to drive engagement and ROI.

SparkPost has architected its platform to run on AWS and maintains a sizable and dynamic public cloud footprint. The SparkPost security team needed a means to detect security and compliance risks on an ongoing basis, and to streamline audit processes for their AWS resources.



  • Assess SparkPost’s tens of thousands of AWS resources on an ongoing basis for security and compliance risks
  • Streamline data gathering and analysis for CIS AWS Benchmark andSOC 2 audits
  • Secure cloud environments without significant human intervention and manual processes

Fugue Solutions

  • Utilized Fugue's SaaS application to manage SparkPost's AWSfootprint.Fugue's SaaS is hosted on AWS, and utilizes services such as Fargate, RDS, Redshift, and S3
  • Continuous compliance with Fugue’s ability to scan large AWSenvironments against CIS AWS Benchmark, SOC 2, NIST 800-53, GDPR, and other compliance standards
  • Protected critical resources by notifying users of any configuration changes to a previously designated “baseline” environment
  • Demonstrated proof of compliance with dashboards and reporting to streamline audit processes


  • Verify that their AWS cloud systems are secure and meeting various compliance standards including NIST800-53, SOC 2, GDPR, and ISO 27001.


  • Continuous compliance against SOC 2, NIST 800-53, and other compliance standards
  • Demonstrated to customers and auditors that data is safe and secure on AWS
  • Reduced time to close new contracts
  • No longer had to hire additional cloud security engineers to track compliance manually











SparkPost was able to seamlessly onboard and configure dozens of AWS accounts onto Fugue in a matter of weeks, as Fugue is a SaaS product that only required SparkPost to provide appropriate IAM role ARNs for access. SparkPost has now incorporated Fugue into its AWS account creation process, to ensure that appropriate Fugue environments are also part of the setup.

Business Outcomes

Given the scale and complexity of their AWS configurations, SparkPost needed a means to comprehensively identify compliance risks and secure their public cloud footprint. With Fugue, Sparkpost was able to continuously scan and assess their cloud infrastructure against Fugue's pre-built policy rules, and their security engineers were notified of changes and configuration drift for protected "baseline" environments.

Streamlined Compliance Process

SparkPost has applications and workloads in AWS that need to comply with CIS AWS Benchmark and other security best practices. With Fugue, SparkPost was able to generate compliance reports highlighting compliant and non-compliant cloud resources mapped to specific compliance controls and standards. Fugue also provided SparkPost's security team with point-in-time snapshots of their cloud infrastructure resources.

With Fugue's solution, SparkPost was able to measure their ROI with the following results:

  • Mean time to remediation (MTTR): Fugue detects any configuration changes to resources defined in a "baseline" and alerts SparkPost's security team within an hour. This enables the team to respond quickly to potential misconfigurations and threats.
  • Initial time to value: SparkPost was able to see compliance scan results within 30 minutes of adding an AWS account to Fugue's platform, demonstrating where specific cloud resources were compliant - or not - with the CIS AWS Benchmark.
  • Time saved on audit reporting: Prior to adopting Fugue, the SparkPost security team needed 2-3 weeks to complete audit reports on their AWS environments. Engineers needed to work via the AWS console and manually enter information into spreadsheets. With Fugue, reporting on CIS AWS Benchmark compliance takes minutes to complete with out-of-the-box dashboards.

Get Started with Fugue Today

Prevent misconfiguration and ensure continuous compliance with enterprise security policies.