There needs to be a reality check at some point, however.
A company's needs might not be in tune with Heroku's general security policy. If you're creating an app that handles personal information, then I hope to god that your developer/ops guys are security minded.
This particular vulnerability is quite embarrassing, however: separation of environments should at least be a given on Heroku.
Heroku should have filtered other processes out of view that were related to other user's dynos. I think they will fix that.
It was interesting to read how the author figured it out, and his point that he could run a bunch of reapers to steal the information.
Now, if the IT guy running Herkous operations has his hat on straight he will notice the change in bandwidth patterns (higher upload following a heroku push) from the reapers, which is what the Heroku press release alluded to.
Generally, to benefit maliciously you would have to be watching the content without downloading it ("by hand" if you will) and then find something that was worth the effort.
Now that Dynos have more time to be considered in a different light, design changes will at least make the same "lottery watch dog" effect harder to achieve than just lurking on node.
In theory it shouldn't matter whether my security expertise is in-house or I pay some external party to provide it, right? The usual argument for economies of scale also applies - it's beneficial to have the platform provider manage security for the customers. I think the problem is that Heroku's (and most other providers') promise of security is nice in theory, but in practice they carry no responsibility if anything goes wrong.
I agree that it's important to make sure the provider's security policy is sufficient for your needs in the first place, however.
In theory it shouldn't matter whether my security expertise is in-house or I pay some external party to provide it, right?
You are not paying an external party to come by and secure all your servers/applications — you are paying for a service which require you to share a lot of your data with a third party.
The usual argument for economies of scale also applies
But the bigger the third party you outsource to is, the more people will try to hack it.
A company's needs might not be in tune with Heroku's general security policy. If you're creating an app that handles personal information, then I hope to god that your developer/ops guys are security minded.
This particular vulnerability is quite embarrassing, however: separation of environments should at least be a given on Heroku.