How reliable is Heroku for a sensitive app?

Question

How reliable is Heroku for a sensitive app? Can they be trusted for a very important app? Have you used it for a long time? What's your opinion?

Thanks

Answer 1

Heroku provides information about security policy in its legal section. According to the security documents, it seems to have a really reliable infrastructure and I have been using it for 1 year without any issues. I also haven't heard about noticeable security flaws in its system.

Some technical restrictions, such as the read-only file-system, can be a hassle at first glance but increase the security of the platform.

It is indeed much more secure than many other VPS providers and, unless you have the benefit of a team of sysadmins and security experts, you can probably trust them more than how you can trust your infrastructure.

A good infrastructure doesn't mean bullet-proof software. Your first priority should be to make sure your software won't include any security flaws. Stress test your software, use unit and integration tests to make sure your software is stable and you are not reintroducing any issues that have already been fixed.