diff --git a/Security-Overview.md b/Security-Overview.md
new file mode 100644
index 0000000..fe4dc7c
--- /dev/null
+++ b/Security-Overview.md
@@ -0,0 +1,19 @@
+# Overview
+There are a few things to secure the SeaweedFS system:
+1. Secure GRPC operations server via mutual TLS
+1. Secure file upload/delete to volume server
+
+Not covered, yet:
+1. master server http access
+1. filer server http access
+
+# Securing Volume Servers
+Since SeaweedFS is a distributed system with many volume servers, the volume servers have the risk of being changed without proper access control.
+
+There are 2 ways to change volume servers: 
+1. Administrative operations via GRPC
+1. File upload, update, and delete operations.
+
+To control administrative operations, mutual TLS can be enabled for all GRPC calls.
+
+To control file upload/update/delete operations, Json Web Token (JWT) is used to control access for each file id.