Security
- News
- Last Updated: June 11, 2020
- Scott Truitt
We are thrilled to announce that Heroku Shield for Redis is now generally available and certified for handling PHI, PII, and HIPAA-compliant data. Heroku Shield for Redis is the final missing data service for Heroku Shield, which is an integrated set of Heroku services with additional security features needed for building high compliance applications. All Heroku Managed Data Services — Heroku Connect, Heroku Data for Redis, Heroku Postgres, and Apache Kafka on Heroku — are now fully certified for handling PHI, PII, and HIPAA-compliant data as part of Heroku Shield. Security and compliance come standard with Heroku Shield,…
- News
- Last Updated: May 06, 2020
- Scott Truitt
Security is always top of mind for Heroku customers; COVID-19 has further increased the urgency for enterprises and developers to deliver more mission-critical applications with sensitive and regulated data.
Given the needs of our customers, including those in regulated industries like Health & Life Sciences and Financial Services, we are thrilled to announce that Heroku Private Spaces and Shield customers can now deploy a new Postgres, Redis, or Apache Kafka service with a key created and managed in their private AWS KMS account. With BYOK, enterprises gain full data custody and data access control without taking on the…
- News
- Last Updated: May 14, 2024
- Scott Truitt
Today, we’re thrilled to announce four new trusted data integrations that allow data to flow seamlessly and securely between Heroku and external resources in public clouds and private data centers:
Heroku Postgres via mutual TLS
Heroku Postgres via PrivateLink
Apache Kafka on Heroku via PrivateLink
Heroku Redis via PrivateLink
These integrations expand Heroku's security and trust boundary to cover the connections to external resources and the data that passes through them. They enable true multi-cloud app and data architectures and keep developers focused on delivering value versus managing infrastructure. Data is the driving force in modern app development, and…
- News
- Last Updated: October 01, 2019
- Scott Truitt
We are thrilled to announce that Apache Kafka on Heroku Shield is now generally available and certified for handling PHI, PII, and HIPAA-compliant data. Our newest managed data service unifies Heroku Shield, a set of Heroku platform services that offer additional security features needed for building high compliance applications, with Apache Kafka on Heroku, our fully-managed service based on the leading open-source solution for handling event streams.
Organizations of all sizes face relentless pressure to bring better apps and experiences to market, and those with a strong focus on data security like Health and Life Sciences (HLS) organizations…
- News
- Last Updated: April 03, 2024
- Sepideh Setayeshfar
Today we are thrilled to announce the general availability (GA) release of Heroku Enterprise Accounts . All Enterprise Teams associated with a company are nested under an Enterprise Account which delivers a higher level of visibility and accountability. With an Enterprise Account, executives and admins can ensure trust and improved agility with simple fast management of teams, users and expenses, so application development teams can stay focused on the development process.
With applications sitting at the core of almost all businesses, collaborative environments that make it possible for users to efficiently work together without security concerns are essential…
- News
- Last Updated: July 23, 2019
- Scott Truitt
There are many reasons to choose Heroku Data services, but keeping the services you use secure and up-to-date rank near the top. This foundation of trust is the most important commitment we make to our customers, and frequent and timely maintenances are one way we deliver on this promise.
We do everything we can to minimize downtime, which is typically between 10 – 60 seconds per maintenance. There are ways for you to minimize disruption too (see the tips and tricks below). The rest of the post explains how we think about Heroku Data maintenances, how we perform…
- News
- Last Updated: May 22, 2019
- Scott Truitt
Today, we're thrilled to announce Heroku Postgres via PrivateLink, a new integration that enables customers to seamlessly and securely connect Heroku Postgres databases in Private Spaces to resources in one or more Amazon VPCs. Heroku Postgres via PrivateLink connections are secure and stable by default because traffic to and from Heroku Postgres stays on the Amazon private network; once a PrivateLink is set up, there is no brittle networking configuration to manage. As always, security and trust are top of mind with everything we do at Heroku.
The ability to configure Heroku Postgres via PrivateLink is…
- Engineering
- Last Updated: April 30, 2024
- Wade
There’s obviously more to security than humans, technology, and vendors with all of their implementations and expertise. At Heroku we believe that security is a byproduct of excellence in engineering.
All too often, software is written solely with the happy path in mind, and security assurances of that software has its own dangerous assumptions. A mature security program should challenge assumptions of security controls, move to testing continuously, and prepare for the unexpectable.
This means asking hard questions about the bigger picture. Think bigger than the development lifecycle, backing away from the fixations of confirming effective corrections…
- Engineering
- Last Updated: April 04, 2024
- Joe Kutner
This blog post is adapted from a talk given by Joe Kutner at Devoxx 2018 titled " 10 Mistakes Hackers Want You to Make ."
Building self-defending applications and services is no longer aspirational–it’s required. Applying security patches, handling passwords correctly, sanitizing inputs, and properly encoding output is now table stakes. Our attackers keep getting better, and so must we.
In this blog post, we'll take a look at several commonly overlooked ways to secure your web apps. Many of the examples provided will be specific to Java , but any modern programming language…
- News
- Last Updated: December 05, 2018
- Khushboo Goel
We are happy to announce two major improvements to our SSO experience for Heroku Enterprise customers: easier SSO login for users via the Heroku CLI, and the ability for admins to add more than one certificate at the Enterprise Team level.
Logging into all your different cloud applications can be a pain. We know that many of you like to use Heroku via the command line interface and in your web browser side-by-side, and until now that has meant logging in via SSO separately to each interface. You'll now be redirected from the CLI to the Dashboard to…
Subscribe to the full-text RSS feed for Security.