Securing MongoDB Transport in the cloud [closed]

I think the answer depends on whether you are evaluating providers solely on the basis of providing SSL over the Mongo Wire protocol (choices are likely limited at the moment) or if you are fine to use their APIs (most will support https).

MongoDB's SSL support (as at 2.0.6) requires a separate build due to some licensing/export complications, and is "all or nothing" (i.e. all of your mongo processes and client drivers will need to use SSL). There is some ongoing discussion on the Jira issue for this feature request: SERVER-524: encryption of wire protocol with SSL.

Based on a quick search, the providers you mentioned do not currently appear to offer secure transport on top of the wire protocol (and have caveats on same) .. but they do have https endpoints for their REST APIs:

• MongoHQ's REST API - The MongoHQ REST API allows you to create and interact with MongoDB databases created on the MongoHQ platform with an easy to use JSON API over HTTPS.

• MongoLab's REST API - With MongoLab's REST API you can access any database linked to your account. The API exposes most the operations you would find in the MongoDB driver, but offers them as a RESTful interface over HTTPS.

For end to end security you should use SSL. It is not good practice to rely on the network configuration. MongoDirector.com offers SSL support for your MongoDB servers at no extra charge. Here are the details - https://scalegrid.io/blog/secure-your-mongo-clusters-with-ssl/

Disclaimer: I am one of the founders of MongoDirector.com