Data quarantine and recovery

What is claimed is: 1. A system, comprising: a cloud server comprising a processor, and a memory storing instructions that, when executed by the processor, configure the cloud server to: host user data that is accessible from a user device; manage access by the user device to user data via an application program interface (API) in an application operating at the user device; monitor a number of API calls and a type of request of the API calls from the API to the cloud server; collect telemetry that identifies the number of API calls and the type of request of the API calls; define an allowable threshold for the number of API calls of the corresponding type of request of API calls; detect, based on whether the collected telemetry exceeds the allowable threshold, whether a data event has occurred; and in response to detecting that the data event has occurred, deny access from the user device to the user data associated with the data event and the user device. 2. The system as recited in claim 1 , further comprising: a recovery graphical user interface (GUI) operable by a user from the user device communicatively coupled to the cloud server, the recovery GUI configured to remotely enable the user to authorize the data event or perform recovery actions for the quarantine of access to the user data, wherein the recovery GUI is configured to require multi-factor authentication by the user before granting access to the recovery actions, wherein the telemetry further comprises API error codes, a user level quality of service (QoS), and user data support requests, wherein the allowable threshold indicates a threshold quantity for a corresponding API error code, a threshold level for the user level QoS, and a threshold number for user data support requests. 3. The system as recited in claim 2 , wherein the quarantine of access is set at a quarantine level corresponding to the data event, and wherein triggering of the quarantine of access is further to initiate a message to the user for notification of the quarantine. 4. The system as recited in claim 3 , wherein the quarantine level corresponding to the data event identifies whether access to data is to be granted for read, write, update, delete, and archive, and wherein different data event types enable different combinations of data access for the quarantine level. 5. The system as recited in claim 1 , further comprising quarantine evaluation logic coupled to the data management logic and operable by the processor coupled to the cloud server, the quarantine evaluation logic configured to provide an indication whether a requested access to the user data is one of permitted and not permitted, the indication being responsive to an attempted access of the user data, wherein the data management logic is configured to deny access to the user data when indicated as not permitted. 6. The system as recited in claim 5 , wherein the cloud server is configured to send a notification when access to the user data is denied, the notification including information to initiate recovery actions. 7. The system as recited in claim 5 , wherein the cloud server is configured to query the quarantine evaluation logic before performing asynchronous processing of the user data, and responsive to an indication that access to the user data is not permitted for a requested asynchronous action, then postponing the asynchronous action. 8. The system as recited in claim 5 , wherein the cloud server is further configured to identify a quarantine state for a user of the user device that was set manually, by an administrator of the cloud server. 9. The system as recited in claim 1 , wherein the telemetry includes at least one of metrics associated with API calls to access the user data, metrics associated with a periodic integrity scan of the user data, or metrics associated with user data support requests, wherein the integrity scan of the user data includes at least one of: a malware scan, a scan for file corruption based on file extension or metadata, a scan for missing links, segments, or file portions, or a scan for corruption of a user data file system and file hierarchy, and wherein the metrics associated with API calls include information associated with requests associated with at least one of: file deletion requests, file modification requests, file encryption requests, file property change requests, file overwrite requests, or file move requests. 10. The system as recited in claim 1 , wherein requested access to the user data originates from one of: a first user of the device, a second user authorized to access the user data by the first user, a background process of the cloud server initiated on behalf of the first user, or a client or cloud server system. 11. A computer implemented method for quarantine of user data, comprising: monitoring a number of API calls and a type of request of the API calls from the API to a cloud storage server; collecting telemetry that identifies the number of API calls and the type of request of the API calls associated with attempted access of the user data, the user data hosted by the cloud storage server in a user space dedicated to a first user; define an allowable threshold for the number of API calls of the corresponding type of request of API calls; detecting, based on the collected telemetry exceeding the allowable threshold, by the cloud storage server, a data event associated with an attempted access of the user data via the API calls; and triggering a quarantine of the user data associated with the data event, the quarantine including other data in the user space dedicated to the first user. 12. The computer implemented method as recited in claim 11 , further comprising: providing a graphical user interface (GUI) to enable the first user to perform a user action, the user action including recovery or data event authorization, and the GUI to require multi-factor authentication of the first user; and canceling the quarantine of the user data, responsive to the user action, wherein the telemetry further comprises API error codes, a user level quality of service (QoS), and user data support requests, wherein the allowable threshold indicates a threshold quantity for a corresponding API error code, a threshold level for the user level QoS, and a threshold number for user data support requests. 13. The computer implemented method as recited in claim 12 , wherein the quarantine of the user data is set at a quarantine level corresponding to the data event, and wherein triggering of the quarantine is further to initiate a message to the first user for notification of the quarantine. 14. The computer implemented method as recited in claim 13 , wherein the quarantine level corresponding to the data event identifies whether access to the user data is to be granted for read, write, update, delete, and archive operations, and wherein different data event types enable different combinations of data access for the quarantine level. 15. The computer implemented method as recited in claim 11 , wherein the telemetry includes at least one of metrics associated with API calls to access the user data, metrics associated with a periodic integrity scan of the user data, or metrics associated with user data support requests, and wherein collecting of telemetry is performed as background processing by the cloud storage server at a pre-defined interval. 16. A non-transitory machine readable storage medium, having instructions stored thereon, the instructions when executed on a machine cause the machine to: monitor a n