Heroku Shield graphic

What is Heroku Shield?

Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Use Heroku Shield to build HIPAA or PCI* compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Heroku Shield simplifies the complexity associated with regulatory compliance, so you can enjoy same great developer experience when building, deploying, and managing your high compliance apps. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

How Heroku Shield works

Heroku Shield is available to Heroku Enterprise customers as an additional package. Your Heroku Shield apps run in your own network isolated Heroku Shield Private Space using Shield Private Dynos to further enhance security at runtime.

You have the option to add Shield Postgres for highly-compliant data management, Apache Kafka on Heroku Shield for managing secure and HIPAA-regulated streaming datasets, and Shield Connect to safely sync data between your Shield apps and Salesforce. In addition, Heroku Shield gives you enhanced trust controls, such as Private Space Logging, that greatly simplify compliance auditing while still giving you full control of app configuration and deployment.

An example of setting up a shield space

Why build with Heroku Shield?

Simplify the complexities of regulatory compliance.

Designed to meet industry regulations

Build engaging healthcare apps, fintech apps*, or life sciences apps with secure data services and meet complex regulatory requirements, including HIPAA and PCI*.

Fast set up & deployment

Spin up a HIPAA or PCI* compliant environment in minutes and start deploying your apps with all the ease of the Heroku developer experience using git push heroku master.

Out-of-the-box trust controls

Get additional trust controls, such as: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Securely share data with Salesforce

Extend your CRM capabilities to your Heroku apps and safely share PII data or PHI data with your Salesforce instance, including contacts, account data, and other custom objects.

At Heroku, trust is our number one value. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

Learn more

Components of Heroku Shield

A suite of services with enhanced trust and security.

Shield Private Spaces

Get all the benefits of a network isolated Heroku Private Space with additional trust controls to deliver high compliance apps with confidence. Learn more →

Shield Private Dynos

Shield Private Dynos include an encrypted ephemeral file system and restricts SSL termination from using TLS 1.0 (which is considered vulnerable). Learn more →

Shield Postgres

Shield Postgres further extends Heroku Postgres to guarantee that your sensitive data is always encrypted both in transit and at rest. Learn more →

Shield Connect*

Using Heroku Connect's bi-directional synchronization between Salesforce and Shield Postgres, you can share sensitive PII data or PHI data in a high compliance environment. Learn more →

Apache Kafka on Heroku Shield

Apache Kafka on Heroku Shield combines the industry-leading open source solution for managing event streams with the strict controls needed to deliver real-time, HIPAA-compliant apps. Learn more →

Learn more about Heroku Shield

Please tell us more about your project and we'll be in touch.

Dev Center Documentation

Building High Compliance Apps using Heroku Shield

See how Heroku Shield helps developers solve many of the challenges of HIPAA compliant app development.

Architecting HIPAA and High Compliance Apps Using Heroku Shield

Learn how to configure a compliance-ready environment and data center in the cloud using Heroku Shield.

From the Blog

Introducing Heroku Shield: Continuous Delivery for High Compliance Apps

Heroku Shield, a new addition to our Heroku Enterprise line of products, offers developers the power and productivity of Heroku for strictly regulated apps.

Announcing PCI Compliance for Heroku Shield

Heroku’s PCI Level 1 Service Provider designation* helps our customers understand how Heroku's systems and human processes work together to safeguard customer data.

Announcing General Availability of Heroku Shield Connect

Heroku Shield Connect enables high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications with Salesforce as the system of record for customer data.

Apache Kafka on Heroku Shield is Now Generally Available

Apache Kafka on Heroku Shield enables security-minded and health and life sciences companies to build HIPAA-compliant apps with real-time data that is sensitive, protected, regulated, and highly-personalized.

*Important note: Heroku Shield Connect is currently not PCI compliant. If you require bi-directional, PCI compliant sync between Heroku Postgres and Salesforce, please contact us and we can help you find the right solution for your needs.