SparkPost is a leading email delivery and analytics provider whose customers send more than 5 trillion messages annually, representing more than 37% of the world’s business email. SparkPost provides customers with actionable, real-time data to drive engagement and ROI. .

SparkPost has architected its platform to run on AWS and maintains a sizable and dynamic public cloud footprint. The SparkPost security team needed a means to detect security and compliance risks on an ongoing basis, and to streamline audit processes for their AWS resources.


  • Assess SparkPost’s tens of thousands of AWS resources on an ongoing basis for security and compliance risks
  • Streamline Sparkpost's data gathering and analysis for CIS AWS Foundations Benchmark audits
  • Secure their cloud environments without significant human intervention and manual processes

Fugue Solution

  • Ensure continuous compliance with Fugue's ability to scan large AWS environments against CIS, NIST 800-53, GDPR, and other compliance standards
  • Protect critical resources by notifying users of any configuration changes to a previously designated "baseline" environment
  • Demonstrate proof of compliance with dashboards and reporting to streamline audit processes


SparkPost was able to seamlessly onboard dozens of AWS accounts onto Fugue in a matter of days, as Fugue is a SaaS product that only required SparkPost to provide appropriate IAM role ARNs for access. SparkPost has  now incorporated Fugue into its AWS account creation process to ensure that appropriate Fugue environments are also part of the setup.


Business Outcomes

Given the scale and complexity of their AWS configurations, SparkPost needed a means to comprehensively identify compliance risks and secure their public cloud footprint. With Fugue, SparkPost was able to continuously scan and assess their cloud infrastructure against Fugue’s pre-built policy rules, and their security engineers were notified of changes and configuration drift for protected "baseline" environments.

Streamlined Compliance Process

SparkPost has applications and workloads in AWS that need to comply with CIS AWS Foundations Benchmark and other security best practices. With Fugue, SparkPost was able to generate compliance reports highlighting compliant and non-compliant cloud resources mapped to specific compliance controls and standards. Fugue also provided SparkPost's security team with point-in-time snapshots of their cloud infrastructure resources.

With Fugue, SparkPost was able to measure their ROI with the following results:

  • Mean time to remediation (MTTR): Fugue detects any configuration changes to resources defined in a "baseline" and alerts SparkPost's security team within an hour. This enables the team to respond quickly to potential misconfigurations and threats.
  • Initial time to value: SparkPost was able to see compliance scan results within 30 minutes of adding an AWS account to Fugue's platform, demonstrating where specific cloud resources were compliant - or not - with the CIS AWS Foundations Benchmark.
  • Time saved on audit reporting: Prior to adopting Fugue, the SparkPost security team needed 2-3 weeks to complete audit reports on their AWS environments. Engineers needed to work via the AWS console and manually enter information into spreadsheets. With Fugue, reporting on CIS AWS Foundations Benchmark compliance takes minutes to complete with out-of-the-box dashboards.