MongoDB has introduced two new security features in its 3.6 release to improve ease and cost of security management, even for fast-paced development environments. The first feature is the localhost binding set by default, which restricts access to the local machine on which MongoDB is installed, eliminating whole classes of threats while preserving deployment speed and ease. The second feature is IP whitelisting for authentication, which allows clients authenticating against a user account or role to meet specific restrictions in documents attached to that user. This change raises the bar on safety while providing security teams with configurations they demand for mission-critical situations.