The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization, for instance, may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages. With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
Many techniques have been developed to enhance data security. However, with large distributed systems, different people may have different roles and different skills with respect to development of and maintenance of applications executing in the distributed systems. With a distributed system employing many different types of applications, each with its own role, ensuring the security of data accessible to the various applications can be a challenge. In many examples, insecurities introduced into an application, whether maliciously or inadvertently, can be difficult to detect. For example, an application with code having an insecure feature (e.g., an improper implementation of a secure communications protocol) may nevertheless operate in accordance with its primary purpose, providing no indication of the insecurity that is present.