Secure message exchange between deployments

What is claimed is: 1. A method, comprising: receiving, by one or more processors of a first deployment in a network-based data system, a message from a first user in the first deployment to be transmitted to a recipient in a second deployment of the network-based data system, the first deployment being a private data-system deployment where processing and storage resources are dedicated to a single tenant and the second deployment being a public data-system deployment where processing and storage resources are shared by multiple tenants; in a message-type filtering stage, detecting a message type of the message, the message type defining an operation to be performed on stored data associated with the first or second deployments; blocking transmission of the message to the second deployment in the event the detected message type belongs to a first set of message types; passing the message to a data-analysis filtering stage in the event the detected message type belongs to a second set of message types; in the data-analysis filtering stage, performing an analysis of data content in the message based on a content rule set preventing transmission of sensitive customer information; and blocking transmission or transmitting the message to the second deployment based on the analysis of the data content in the message. 2. The method of claim 1 , further comprising: in a characteristic filtering stage, detecting a characteristic of the message; blocking transmission of the message to the second deployment in the event the detected characteristic belongs to a first set of characteristic types; passing the message to the data-analysis filtering stage in the event the detected characteristic belongs to a second set of characteristic types. 3. The method of claim 2 , wherein the characteristic of the message includes one or more of: identity of sender, identity of recipient, and direction of the message. 4. The method of claim 2 , wherein the characteristic filtering stage is performed before the data-analysis filtering stage. 5. The method of claim 1 , wherein the second deployment employs a filtering scheme before the message reaches the recipient in the second deployment. 6. The method of claim 5 , further comprising: receiving notification from the second deployment that the message was blocked from reaching the recipient. 7. The method of claim 1 , further comprising: detecting that the second deployment has been compromised; and based on detecting that the second deployment has been compromised, blocking transmission of the message to the second deployment. 8. The method of claim 7 , further comprising: based on detecting that the second deployment has been compromised, blocking reception of any messages at the first deployment from the second deployment. 9. A system comprising: one or more processors of a machine; and at least one memory storing instructions that, when executed by the one or more processors, cause the machine to perform operations comprising: receiving, by one or more processors of a first deployment in a network-based data system, a message from a first user in the first deployment to be transmitted to a recipient in a second deployment of the network-based data system, the first deployment being a private data-system deployment where processing and storage resources are dedicated to a single tenant and the second deployment being a public data-system deployment where processing and storage resources are shared by multiple tenants; in a message-type filtering stage, detecting a message type of the message, the message type defining an operation to be performed on stored data associated with the first or second deployments; blocking transmission of the message to the second deployment in the event the detected message type belongs to a first set of message types; passing the message to a data-analysis filtering stage in the event the detected message type belongs to a second set of message types; in the data-analysis filtering stage, performing an analysis of data content in the message based on a content rule set preventing transmission of sensitive customer information; and blocking transmission or transmitting the message to the second deployment based on the analysis of the data content in the message. 10. The system of claim 9 , the operations further comprising: in a characteristic filtering stage, detecting a characteristic of the message; blocking transmission of the message to the second deployment in the event the detected characteristic belongs to a first set of characteristic types; passing the message to the data-analysis filtering stage in the event the detected characteristic belongs to a second set of characteristic types. 11. The system of claim 10 , wherein the characteristic of the message includes one or more of: identity of sender, identity of recipient, and direction of the message. 12. The system of claim 10 , wherein the characteristic filtering stage is performed before the data-analysis filtering stage. 13. The system of claim 9 , wherein the second deployment employs a filtering scheme before the message reaches the recipient in the second deployment. 14. The system of claim 13 , the operations further comprising: receiving notification from the second deployment that the message was blocked from reaching the recipient. 15. The system of claim 9 , the operations further comprising: detecting that the second deployment has been compromised; and based on detecting that the second deployment has been compromised, blocking transmission of the message to the second deployment. 16. The system of claim 15 , the operations further comprising: based on detecting that the second deployment has been compromised, blocking reception of any messages at the first deployment from the second deployment. 17. A machine-storage medium embodying instructions that, when executed by a machine, cause the machine to perform operations comprising: receiving, by one or more processors of a first deployment in a network-based data system, a message from a first user in the first deployment to be transmitted to a recipient in a second deployment of the network-based data system, the first deployment being a private data-system deployment where processing and storage resources are dedicated to a single tenant and the second deployment being a public data-system deployment where processing and storage resources are shared by multiple tenants; in a message-type filtering stage, detecting a message type of the message, the message type defining an operation to be performed on stored data associated with the first or second deployments; blocking transmission of the message to the second deployment in the event the detected message type belongs to a first set of message types; passing the message to a data-analysis filtering stage in the event the detected message type belongs to a second set of message types; in the data-analysis filtering stage, performing an analysis of data content in the message based on a content rule set preventing transmission of sensitive customer information; and blocking transmission or transmitting the message to the second deployment based on the analysis of the data content in the message. 18. The machine-storage medium of claim 17 , further comprising: in a characteristic filtering stage, detecting a characteristic of the message; blocking transmission of the message to the second deployment in the event the detected characteristic belongs to a first set of characteristi