Dynamically throttling snapshot capture rates

What is claimed is: 1. A computer-implemented method, comprising: monitoring actions of a first user having access to a cluster; identifying a second user that shares an operational relationship with the first user; in response to determining that the first user has performed a risk event: incrementing a risk score assigned to the first user, and adjusting a risk score assigned to the second user such that it matches the incremented risk score assigned to the first user; determining whether the incremented risk score is outside a predetermined range; and in response to determining that the incremented risk score is outside the predetermined range: dynamically reducing a snapshot quota assigned to the first user, and adjusting a snapshot quota assigned to the second user such that it matches the snapshot quota assigned to the first user, wherein the snapshot quotas limit a number of snapshots that may be formed in response to requests received from the respective first and second users in a given amount of time. 2. The computer-implemented method of claim 1 , wherein each user having access to the cluster has a unique snapshot quota assigned thereto, wherein the unique snapshot quota assigned to a given one of the users having access to the cluster limits: a number of snapshots the given one of the users is permitted to form for each fileset in the cluster in a first amount of time, and a number of clones the given one of the users is permitted to form of each file in the cluster in the first amount of time. 3. The computer-implemented method of claim 2 , wherein the unique snapshot quotas are updated dynamically over time. 4. The computer-implemented method of claim 1 , comprising: detecting two or more user identifications that have access to the cluster and which correspond to the first user; assigning, to each of the two or more user identifications, the incremented risk score that is assigned to the first user; and replacing a unique snapshot quota assigned to each of the two or more identifications with the snapshot quota assigned to the first user. 5. The computer-implemented method of claim 1 , wherein dynamically reducing the snapshot quota assigned to the first user includes: sending identification information associated with the first user to data storage; and sending one or more instructions to the data storage to apply the snapshot quota to the first user. 6. The computer-implemented method of claim 1 , comprising: determining an amount of time that has passed since the first user last performed a risk event; in response to determining that the amount of time that has passed since the first user last performed a risk event is outside a second predetermined range, decrementing the risk score assigned to the first user; and in response to determining that the decremented risk score is not outside the predetermined range, dynamically increasing the snapshot quota assigned to the first user. 7. The computer-implemented method of claim 1 , wherein the risk event includes attempting to access data the first and/or second users do not have access to and/or tailgating. 8. The computer-implemented method of claim 1 , comprising: receiving a snapshot creation request from the first user; using the snapshot quota assigned to the first user to determine whether the snapshot creation request should be satisfied; and in response to determining that the snapshot creation request should not be satisfied: rejecting the snapshot creation request, flagging the first user as having attempted to exceed the snapshot quota assigned to the first user, decrementing the snapshot quota assigned to the first user, and sending a warning to an administrator, the warning indicating that the snapshot creation request was denied. 9. The computer-implemented method of claim 1 , wherein the operations are performed by a threat management module, wherein the threat management module is configured to communicate with the cluster, wherein the threat management module and the cluster are geographically separated from each other. 10. The computer-implemented method of claim 1 , wherein monitoring actions of the first user having access to the cluster includes: receiving telemetry data corresponding to the actions of the first user; evaluating the telemetry data to determine whether the first user has performed a risk event. 11. A computer program product comprising one or more computer readable storage media having program instructions embodied therewith, the program instructions readable and/or executable by a processor to cause the processor to: monitor, by the processor, actions of a first user having access to a cluster; identify a second user that shares an operational relationship with the first user; in response to determining that the first user has performed a risk event: increment, by the processor, a risk score assigned to the first user, and adjust a risk score assigned to the second user such that it matches the incremented risk score assigned to the first user; determine, by the processor, whether the incremented risk score is outside a predetermined range; and in response to determining that the incremented risk score is outside the predetermined range; dynamically reduce, by the processor, a snapshot quota assigned to the first user, and adjust a snapshot quota assigned to the second user such that it matches the snapshot quota assigned to the first user, wherein the snapshot quotas limit a number of snapshots that may be formed in response to requests received from the respective first and second users in a given amount of time. 12. The computer program product of claim 11 , wherein the snapshot quotas limit the number of snapshots the respective first and second users are permitted to form for each fileset in a first amount of time. 13. The computer program product of claim 12 , wherein the snapshot quotas limit a number of clones the respective first and second users are permitted to form each file in a second amount of time. 14. The computer program product of claim 11 , comprising: detecting two or more user identifications that have access to the cluster and which correspond to the first user; assigning, to each of the two or more user identifications, the incremented risk score that is assigned to the first user; and replacing a unique snapshot quota assigned to each of the two or more identifications with the snapshot quota assigned to the first user, wherein dynamically reducing a snapshot quota assigned to the first user includes: sending identification information associated with the first user to data storage; and sending one or more instructions to the data storage to apply the snapshot quota to the first user. 15. The computer program product of claim 11 , wherein the program instructions are readable and/or executable by the processor to cause the processor to: determine, by the processor, an amount of time that has passed since the first user last performed a risk event; in response to determining that the amount of time that has passed since the first user last performed a risk event is outside a second predetermined range, decrement, by the processor, the risk score assigned to the first user; and in response to determining that the decremented risk score is not outside the predetermined range, dynamically increase, by the processor, the snapshot quota assigned to the first user. 16. The computer program product of claim 11 , wherein the risk event includes attempting to access data the first and/or second user