What is Heroku Shield?
Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Use Heroku Shield to build HIPAA or PCI* compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Heroku Shield simplifies the complexity associated with regulatory compliance, so you can enjoy same great developer experience when building, deploying, and managing your high compliance apps. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.
How Heroku Shield works
Heroku Shield is available to Heroku Enterprise customers as an additional package. Your Shield apps run in your own network isolated Heroku Shield Private Space using Heroku Shield Private Dynos to further enhance security at runtime.
You have the option to add Heroku Shield Postgres for highly-compliant data management, Apache Kafka on Heroku Shield for managing secure and HIPAA-regulated streaming datasets, and Heroku Shield Connect to safely sync data between your Shield apps and Salesforce. In addition, Heroku Shield gives you enhanced trust controls, such as Private Space Logging, that greatly simplify compliance auditing while still giving you full control of app configuration and deployment.
Why build with Heroku Shield?
Simplify the complexities of regulatory compliance.
Secure access to sensitive and compliant data
Build secure, multi-cloud app and data architectures across public clouds and private data centers. All data remains private and secure over the public internet via an encrypted and mutually-authenticated, connection.
At Heroku, trust is our number one value. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.
See it in action
Components of Heroku Shield
A suite of services with enhanced trust and security.
Learn more about Heroku Shield
Please tell us more about your project and we'll be in touch.
Dev Center Documentation
- Heroku Enterprise Overview
- Heroku Enterprise Dynos
- Heroku Private Spaces
- Heroku Postgres and Private Spaces
- Heroku Connect
- Heroku Security, Privacy, and Compliance
Webinars
Building High Compliance Apps using Heroku Shield
See how Heroku Shield helps developers solve many of the challenges of HIPAA compliant app development.
Architecting HIPAA and High Compliance Apps Using Heroku Shield
Learn how to configure a compliance-ready environment and data center in the cloud using Heroku Shield.
From the Blog
Heroku Shield for Redis is Now Generally Available
Heroku Shield for Redis is certified for handling PHI, PII, and HIPAA-compliant data, enabling organizations to build real-time apps with secure data more easily than ever.
Introducing Heroku Shield: Continuous Delivery for High Compliance Apps
Heroku Shield, a new addition to our Heroku Enterprise line of products, offers developers the power and productivity of Heroku for strictly regulated apps.
Announcing PCI Compliance for Heroku Shield
Heroku’s PCI Level 1 Service Provider designation* helps our customers understand how Heroku's systems and human processes work together to safeguard customer data.
Announcing General Availability of Heroku Shield Connect
Heroku Shield Connect enables high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications with Salesforce as the system of record for customer data.
Apache Kafka on Heroku Shield is Now Generally Available
Apache Kafka on Heroku Shield enables security-minded and health and life sciences companies to build HIPAA-compliant apps with real-time data that is sensitive, protected, regulated, and highly-personalized.
*Important note: Heroku Shield Connect and Heroku Shield for Redis are currently not PCI compliant. If you require PCI compliance, please contact us and we can help you find the right solution for your needs.