Increasingly communications between services or applications within an enterprise occur via multiple different server machines. That is, application processing has become distributed where communications between multiple machines and even networks has become commonplace and often occurs in manners that are transparent to the users.
In fact, a large portion of existing applications rely on communication with a variety of other servers that exist within an enterprise network. These applications can contact all sorts of different servers. For the most part, these inter-server communications are not authenticated to one another before processing occurs and so these communications are not truly secure.
Enterprises rely on a variety of assumptions to assuage their security concerns that are perspicacious with non authenticated inter-server communications.
Firstly, it is assumed that if someone has penetrated a firewall or secure environment of an enterprise then that the entity, which has penetrated the firewall, was properly authenticated before that entity begins processing applications within the secure environment. In other words, entities are authenticated before they gain access to a secure environment and what those entities can do within that environment is closely monitored and controlled. Secondly, certain applications are restricted from being executed based on policy and security limitations, which can be enforced within the firewall environment by enterprise security systems; so, the assumption is that critical applications are closely monitored within the firewall anyway by the enterprise. Thirdly, the enterprise assumes the only way in which inter-server communication within the firewall can be authenticated is via costly modifications to legacy applications and the expense of doing this outweighs the perceived added security benefit in securing inter-server communications within the firewalled environment.
Thus, what is needed is a mechanism by which legacy network processes or applications can be authenticated without having to modify those legacy network processes.