What is Heroku Shield?

Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Use Heroku Shield to build HIPAA or PCI* compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Heroku Shield simplifies the complexity associated with regulatory compliance, so you can enjoy same great developer experience when building, deploying, and managing your high compliance apps. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

How Heroku Shield works

Heroku Shield is available to Heroku Enterprise customers as an additional package. Your Shield apps run in your own network isolated Heroku Shield Private Space using Heroku Shield Private Dynos to further enhance security at runtime.

You have the option to add Heroku Shield Postgres for highly-compliant data management, Apache Kafka on Heroku Shield for managing secure and HIPAA-regulated streaming datasets, and Heroku Shield Connect to safely sync data between your Shield apps and Salesforce. In addition, Heroku Shield gives you enhanced trust controls, such as Private Space Logging, that greatly simplify compliance auditing while still giving you full control of app configuration and deployment.

An example of setting up a shield space

Why build with Heroku Shield?

Simplify the complexities of regulatory compliance.

Designed to meet industry regulations

Build engaging healthcare apps, fintech apps*, or life sciences apps with secure data services and meet complex regulatory requirements, including HIPAA and PCI*.

Fast set up & deployment

Spin up a HIPAA or PCI* compliant environment in minutes and start deploying your apps with all the ease of the Heroku developer experience using git push heroku main.

Out-of-the-box trust controls

Get additional trust controls, such as: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Securely share data with Salesforce

Extend your CRM capabilities to your Heroku apps and safely share PII data or PHI data with your Salesforce instance, including contacts, account data, and other custom objects.

Secure access to sensitive and compliant data

Build secure, multi-cloud app and data architectures across public clouds and private data centers. All data remains private and secure over the public internet via an encrypted and mutually-authenticated, connection.

At Heroku, trust is our number one value. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

Visit Heroku's Compliance Center

See it in action

“Heroku Shield makes HIPAA compliance easier to execute, so now my dev teams can focus on building great apps using a modern app-dev toolset, refer to customer-sensitive data with added confidence, and ultimately provide our customers with an engaging experience that differentiates Align Technology in the marketplace.”

Leela Parvathaneni
Director of Customer-Facing Applications, Align Technology
Align Technology’s story →

Components of Heroku Shield

A suite of services with enhanced trust and security.

Heroku Shield Private Spaces

Get all the benefits of a network isolated Heroku Private Space with additional trust controls to deliver high compliance apps with confidence. Heroku Shield Private Spaces docs →

Heroku Shield Private Dynos

Shield Private Dynos include an encrypted ephemeral file system and restricts SSL termination from using TLS 1.0 (which is considered vulnerable). Shield Private Dyno docs →

Heroku Shield Postgres

Shield Postgres further extends Heroku Postgres to guarantee that your sensitive data is always encrypted both in transit and at rest. Heroku Shield Postgres docs →

Heroku Shield Connect*

Using Heroku Connect's bi-directional synchronization between Salesforce and Shield Postgres, you can share sensitive PII data or PHI data in a high compliance environment. Heroku Shield Connect docs →

Apache Kafka on Heroku Shield

Apache Kafka on Heroku Shield combines the industry-leading open source solution for managing event streams with the strict controls needed to deliver real-time, HIPAA-compliant apps. Apache Kafka on Heroku Shield docs →

Heroku Shield for Redis®*

Use Heroku Shield for Redis to handle PHI and PII data safely in-memory. Build a new class of real-time apps with strict security and seamless HIPAA compliance, perfect for regulated industries such as Healthcare & Life Sciences and Financial Services. Heroku Shield for Redis docs →

Learn more about Heroku Shield

Please tell us more about your project and we'll be in touch.

Submitting this form signifies that you have read and agree to the Terms of Service, the Salesforce Japan Privacy Statement (if applicable), and our Privacy Policy.

Dev Center Documentation

Building High Compliance Apps using Heroku Shield

See how Heroku Shield helps developers solve many of the challenges of HIPAA compliant app development.

Architecting HIPAA and High Compliance Apps Using Heroku Shield

Learn how to configure a compliance-ready environment and data center in the cloud using Heroku Shield.

From the Blog

Heroku Shield for Redis is Now Generally Available

Heroku Shield for Redis is certified for handling PHI, PII, and HIPAA-compliant data, enabling organizations to build real-time apps with secure data more easily than ever.

Introducing Heroku Shield: Continuous Delivery for High Compliance Apps

Heroku Shield, a new addition to our Heroku Enterprise line of products, offers developers the power and productivity of Heroku for strictly regulated apps.

Announcing PCI Compliance for Heroku Shield

Heroku’s PCI Level 1 Service Provider designation* helps our customers understand how Heroku's systems and human processes work together to safeguard customer data.

Announcing General Availability of Heroku Shield Connect

Heroku Shield Connect enables high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications with Salesforce as the system of record for customer data.

Apache Kafka on Heroku Shield is Now Generally Available

Apache Kafka on Heroku Shield enables security-minded and health and life sciences companies to build HIPAA-compliant apps with real-time data that is sensitive, protected, regulated, and highly-personalized.

*Important note: Heroku Shield Connect and Heroku Shield for Redis are currently not PCI compliant. If you require PCI compliance, please contact us and we can help you find the right solution for your needs.

Redis is a trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by Salesforce is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and Salesforce.