Security Compliance
- Ecosystem
- Last Updated: May 13, 2025
- Julián Duque
Logging is the unsung hero of enterprise operations—quietly saving the day, one log line at a time. Imagine trying to maintain successful applications without knowing what’s happening inside them. This would be like flying a plane blindfolded at night, in a storm, with no instruments. Spoiler alert: Neither scenario would end well!
Today’s distributed systems are massively complex. To develop and maintain them properly, your ability to capture, analyze, and act on log data becomes essential. You need good logging for the critical insights to help you:
Diagnose and troubleshoot issues
Rightsize cloud resources
Ensure security
In this post, we’ll explore the…
- Engineering
- Last Updated: August 22, 2024
- Ethan Limchayseng
Data Residency Compliance Is Possible with the Right Cloud Provider
Because today’s companies operate in the cloud, they can reach a global audience with ease. At any given moment, you could have customers from Indiana, Indonesia, and Ireland using your services or purchasing your products. With such a widespread customer base, your business data will inevitably cross borders. What does this mean for data privacy, protection, and compliance?
If your company deals with customers on a global — or at the very least, multi-national — scale, then understanding the concept of data residency is essential. Data residency deals with the…
- News
- Last Updated: April 03, 2024
- Tim Lawrence
We re-enabled payments to Heroku in India! At the start of August, we resumed accepting credit and debit cards issued by Indian financial institutions.
From the engagement on our public roadmap , we know that there are many developers in India eager to get back on the platform. We want to address the work done to re-enable this functionality, and why Heroku stopped accepting payments from India in the first place.
We started by enabling 3D Secure (3DS) on our platform. 3D Secure is a protocol that prompts a user to use a dynamic authentication methods such…
- News
- Last Updated: July 20, 2023
- Andre Soto
Subdomain reuse, also known as subdomain takeover, is a security vulnerability that occurs when an attacker claims and takes control of a target domain. Typically, this happens when an application is deprecated and an attacker directs residual traffic to a host that they control.
As of 14 June 2023, we changed the format of the built-in herokuapp.com domain for Heroku apps. This change improves the security of the platform by preventing subdomain reuse. The new format is <app-name>-<random-identifier>.herokuapp.com. Previously, the format was <app-name>.herokuapp.com. The new format for built-in herokuapp.com domains is on by default…
- News
- Last Updated: April 12, 2021
- Tushar Pradhan
Customer Trust is our highest priority at Salesforce and Heroku. It’s more important than ever to implement stronger security measures in light of increasing security threats that could affect services and apps that are critical to businesses and communities.
We’re pleased to announce that all Heroku customers can now take advantage of the security offered by Multi-Factor Authentication (MFA) . We encourage you to check out these new MFA features and add another layer of protection to your account by enabling MFA.
As we announced in February 2021, all Salesforce customers are required to enable MFA starting Feb 1, 2022 . There’s…
- News
- Last Updated: June 11, 2020
- Scott Truitt
We are thrilled to announce that Heroku Shield for Redis is now generally available and certified for handling PHI, PII, and HIPAA-compliant data. Heroku Shield for Redis is the final missing data service for Heroku Shield, which is an integrated set of Heroku services with additional security features needed for building high compliance applications. All Heroku Managed Data Services — Heroku Connect, Heroku Data for Redis, Heroku Postgres, and Apache Kafka on Heroku — are now fully certified for handling PHI, PII, and HIPAA-compliant data as part of Heroku Shield. Security and compliance come standard with Heroku Shield,…
- News
- Last Updated: October 01, 2019
- Scott Truitt
We are thrilled to announce that Apache Kafka on Heroku Shield is now generally available and certified for handling PHI, PII, and HIPAA-compliant data. Our newest managed data service unifies Heroku Shield, a set of Heroku platform services that offer additional security features needed for building high compliance applications, with Apache Kafka on Heroku, our fully-managed service based on the leading open-source solution for handling event streams.
Organizations of all sizes face relentless pressure to bring better apps and experiences to market, and those with a strong focus on data security like Health and Life Sciences (HLS) organizations…
- Engineering
- Last Updated: April 29, 2024
- chris le roy
Seccomp (short for security computing mode) is a useful feature provided by the Linux kernel since 2.6.12 and is used to control the syscalls made by a process. Seccomp has been implemented by numerous projects such as Docker, Android, OpenSSH and Firefox to name a few.
In this blog post, I am going to show you how you can implement your own seccomp filters, at runtime, for a Go binary on your Dyno.
By default, when you run a process on your Dyno, it is limited by which syscalls…
- News
- Last Updated: August 23, 2018
- Jamie Arlen
Today we are proud to announce that Heroku has achieved several important compliance milestones that provide third party validation of our security best practices:
ISO 27001 Certification: Widely recognized and internationally accepted information security standard that specifies security management best practices and comprehensive security controls following ISO 27002 best practices guidance. ISO 27017 Certification: A standard that provides additional guidance and implementation advice on information security aspects specific to cloud computing. ISO 27018 Certification: Establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with defined privacy principles for…
- News
- Last Updated: June 21, 2018
- Robert Zare
Today we are pleased to announce general availability of Heroku Shield Connect, the latest addition to our lineup of Heroku Shield services.
Heroku Shield , announced last year, enabled new capabilities for Dynos, Postgres databases and Private Spaces that make Heroku suitable for high compliance environments such as those that fall under the Health Insurance Portability and Accountability Act (HIPAA) regulations. Heroku Shield Connect extends this offering by enabling high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications – all in a matter…
Subscribe to the full-text RSS feed for Security Compliance.