Today, we’re thrilled to announce four new trusted data integrations that allow data to flow seamlessly and securely between Heroku and external resources in public clouds and private data centers:
- Heroku Postgres via mutual TLS
- Heroku Postgres via PrivateLink
- Apache Kafka on Heroku via PrivateLink
- Heroku Key-Value Store via PrivateLink
These integrations expand Heroku's security and trust boundary to cover the connections to external resources and the data that passes through them. They enable true multi-cloud app and data architectures and keep developers focused on delivering value versus managing infrastructure. Data is the driving force in modern app development, and these integrations further enhance its value on Heroku by exposing new options for enrichment, analysis, learning, archiving, and more.
Personalized Apps and Experiences with Sensitive and Regulated Data
Customers are increasingly working with sensitive and regulated data on Heroku and other public clouds or in private data centers. Looking across their use cases, workflows, and challenges, we see two requests emerge:
- Developers want more agility and flexibility.
- Enterprises want ironclad safety and security.
The use of sensitive and regulated data enables more personalized apps and unique experiences. Working with sensitive and regulated data also introduces greater legal complexities, especially when data crosses cloud boundaries. Heroku’s trusted and compliant data services minimize this risk, so organizations can stay focused on innovating with their data.
First, Heroku Shield provides a set of Heroku platform services that offer additional security features needed for building and running sensitive and regulated data applications. Next, Shield versions of Heroku Postgres, Heroku Key-Value Store, and Apache Kafka on Heroku are dedicated, network-isolated data services with strict security rules and compliance standards. And now, our new family of trusted data integrations allows Heroku managed data services to connect to and exchange data with other public clouds or private data centers.
All new trusted data integrations are enabled as of today, included at no additional charge, durable across maintenances and HA failovers, and available in all six Private and Shield Spaces global regions: Sydney, Tokyo, Frankfurt, Dublin, Oregon, and Virginia. Read on for more information on what’s new and how to get started.
Trusted Data Integrations Between Heroku, Other Public Clouds, and Private Data Centers
Heroku Postgres via mutual TLS
This integration allows customers to easily encrypt and mutually authenticate connections between Private and Shield Postgres databases and resources running in other public clouds and private data centers.
Heroku Postgres via mutual TLS requires that both the server and the client verify their certificates and identities to ensure that each one is authenticated and authorized to share data. For additional security, Heroku requires an allowlisted IP or IP range for the client and valid Heroku Postgres credentials. We also log the creation of a mutual TLS connection, notify admin members on the account, and periodically send reminder notifications as long as it is live.
The entire mutual TLS configuration and lifecycle is managed by Heroku to maintain security and meet compliance standards. It’s designed to be configured once and updated every year with new certificates, so the integration recedes into the background of the developer workflow. Get started with Heroku Postgres via mutual TLS.
Trusted Data Integrations Between Heroku and AWS
Heroku Postgres via PrivateLink
Earlier this year, we released Heroku Postgres via PrivateLink , which enabled Heroku Postgres databases in Private Spaces to integrate with resources in one or more Amazon VPCs. PrivateLink connections are secure and stable by default because traffic stays on the AWS private network; once a PrivateLink is set up, there is no brittle networking configuration to manage.
We now provide PrivateLink support for Heroku Postgres in Shield Spaces, so that sensitive and regulated data can flow securely and seamlessly between Heroku and AWS. We now log the creation of a PrivateLink, notify admin members on the account, and periodically send reminder notifications as long as it is live. We have also applied these changes to the Private Space version. Get started with Heroku Postgres via PrivateLink.
Apache Kafka on Heroku via PrivateLink
We also now provide the same PrivateLink support for Apache Kafka on Heroku in Private and Shield Spaces. Just over a month ago, we released Apache Kafka on Heroku Shield and it too now has the ability to integrate with Amazon VPCs for true multi-cloud architectures and best-of-breed solutions. We log, notify, and remind customers as long as this integration is live. Get started with Apache Kafka on Heroku via PrivateLink.
Heroku Key-Value Store via PrivateLink
Finally, we now provide the same PrivateLink support for Heroku Key-Value Store in Private Spaces . Likewise, we log, notify, and remind customers while the integration is live. Get started with Heroku Key-Value Store via PrivateLink.
Get Started Today
Heroku balances developer agility and flexibility with enterprise safety and security. Our new trusted data integrations enable sensitive and regulated data to be used across multiple clouds. This allows for true multi-cloud app and data architectures that integrate resources from Heroku, public clouds, and private data centers.
We built these new Trusted data integrations for you and we’re excited to see what you build with them. Please send any feedback our way.
Want to learn more about Heroku Data Services integrations using mutual TLS and PrivateLink? Contact sales