We are excited to announce that we are moving Connection Pooling for Heroku Postgres into GA. Connection Pooling unlocks the ability to use up to 10,000 client connections to a Heroku Postgres Database, without adversely impacting performance on the database. This will unlock more complex and higher scale applications with simpler architectures on the Heroku Platform.

Over the years, one of the factors that you have to consider when scaling applications is pressure on the database. Each connection to the database consumes resources that could be spent on processing requests. The balancing of resources spent on connections and processing is a delicate one that Heroku Engineering has had...

Today we're excited to announce Site-to-Site Virtual Private Network (VPN) support for Heroku Private Spaces. Heroku customers can now establish secure, site-to-site IPsec connections between Private Spaces on Heroku and their offices, datacenters and deployments on non-AWS clouds.

VPN is a powerful, proven and widely-adopted technology for securely combining multiple networks (or adding individual hosts to a network) over encrypted links that span the public Internet. VPN is well-understood and in use by most enterprise IT departments, and is supported on all major cloud providers and by a range of hardware and software-based systems.

Today we’re announcing a powerful new network control for apps running in Heroku Private Spaces: Internal Routing. Apps with Internal Routing work exactly the same as other Heroku apps, except the web process type is published to an endpoint that’s routable only within the Private Space and on VPC and VPN peered networks (see the Private Space VPN support companion post). Apps with Internal Routing are impossible to access directly from the public internet, improving security and simplifying management and compliance checks for web sites, APIs and services that must not be publicly accessible.

Today we are proud to announce that Heroku has achieved several important compliance milestones that provide third party validation of our security best practices:

• ISO 27001 Certification: Widely recognized and internationally accepted information security standard that specifies security management best practices and comprehensive security controls following ISO 27002 best practices guidance.
• ISO 27017 Certification: A standard that provides additional guidance and implementation advice on information security aspects specific to cloud computing.
• ISO 27018 Certification: Establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect...

In February, we announced Heroku Enterprise, with collaboration and management capabilities for building and running your app portfolio in a governable and secure way on Heroku. We also introduced fine-grained access controls with app privileges as a beta feature. Today, we are pleased to announce general availability of this feature: Heroku Enterprise accounts are now automatically enabled for fine-grained access controls. We're very happy to deliver this feature that many of our largest customers have requested.

"Enterprises need greater visibility around applications and scalability, and Heroku Enterprise adds those features to the core Heroku value proposition," said...