Modern distributed applications are long-lived, are expected to provide flexible and adaptive data services, and must meet the functionality and scalability challenges posed by dynamically changing user communities in heterogeneous execution environments. The practical implication of these requirements is that static policy and mechanism definitions are unsuitable for the design of modern software systems. This paper addresses the protection mechanisms of such systems, describing a novel approach to enabling the protection of key applications components and sensitive data in distributed applications. The approach, termed Dynamic Differential Data Protection (D3P), deploys context-sensitive, application-specific protection functionality at runtime to enforce restrictions in data access and manipulation. D3P is suitable for use in zero/low-downtime environments, appropriate for high-performance computing tasks and highly-scalable architectural patterns (such as publish/subscribe), and is deployable across a wide variety of OS and machine platforms. We introduce the need for D3P, using sample applications from the HPC and pervasive computing domains to illustrate the solutions it makes possible, and describe how D3P has been integrated into modern middleware. We demonstrate D3P's ability to capture individual end-users' or components' needs for data protection. Finally, we present experimental evaluations which quantify the performance implications of using D3P in data-intensive applications.