Using a tree structure to segment and distribute records across one or more decentralized, acyclic graphs of cryptographic hash pointers

What is claimed is: 1 . A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising: receiving, with a computer system, a request to read data stored in a database, the request being received from a computing entity and comprising a user identifier; accessing, with the computer system, one or more log entries associated with prior read requests associated with the user identifier; determining, with the computer system, that at least some of the data to be returned in response to the request is to be obfuscated based on an access policy applicable to a user having the user identifier, the access policy comprising one or more access control rules that define conditions for access to values stored in respective fields of the database; in response to the determination, causing, with the computer system, a response to the request to comprise data from the database with one or more values in the response obfuscated in accordance with the access control rules; monitoring, with the computer system, a number of read requests associated with the user identifier, each read request having an associated time duration; and determining, with the computer system, that the number of read requests having time durations that exceed a duration threshold satisfies a count threshold. 2 . The medium of claim 1 , wherein the determination that the number of read requests having time durations exceed a duration threshold is made by determining that the time duration of the read requests falls within a time range of the duration threshold. 3 . The medium of claim 1 , the operations further comprising providing, upon determining that the number of requests satisfies the duration threshold, an alarm. 4 . The medium of claim 3 , wherein providing the alarm comprises: creating a notification comprising an indication of the user identifier and the number of requests, wherein the database is a relational database. 5 . The medium of claim 1 , the operations further comprising: evaluating, with the computer system, a set of access control rules associated with the data, wherein: the access control rules are defined in association with one or more user attributes stored in an access policy repository; and the user attributes include at least three of a department identifier, clearance level, jurisdictional scope, or group membership of the computing entity. 6 . The medium of claim 5 , wherein evaluating the set of access control rules comprises retrieving a policy from a repository stored separately from the database and applying the policy to determine access to one or more data entries in the database. 7 . The medium of claim 1 , wherein the obfuscation to be performed based on the access policy is applied to at least some of the returned data in response to the request. 8 . The medium of claim 1 , wherein the obfuscation comprises applying at least one of the following techniques to one or more values in the returned data: applying a cryptographic hash to a value, redacting the value, replacing the value with a constant, inserting a placeholder value in place of an original value, or omitting the value from the response. 9 . The medium of claim 1 , the operations further comprising parsing, with the computer system, a structured query language statement included in the request to identify one or more query fields associated with data stored in the database. 10 . The medium of claim 1 , wherein the data returned in response to the request is obfuscated in accordance with the access control rules, and wherein the returned data is obfuscated without modifying the data stored in the database. 11 . The medium of claim 1 , the operations further comprising: parsing, with the computer system, a structured query language statement included in the request to identify one or more fields associated with the data stored in the database; and determining, with the computer system, whether any of the fields identified in the request are associated with a sensitivity classification defined in metadata associated with the database. 12 . The medium of claim 11 , the operations further comprising enforcing, with the computer system, a masking rule or access restriction based on the sensitivity classification prior to returning the response. 13 . The medium of claim 11 , the operations further comprising selecting, with the computer system, a masking rule or access restriction to be applied based on the sensitivity classification associated with the identified fields. 14 . The medium of claim 1 , wherein: the data stored in the database is stored in one or more content nodes of a content graph; the content graph comprises a plurality of content nodes connected by directed content edges, wherein each directed content edge includes a cryptographic hash pointer based on one or more attributes of a target content node, the cryptographic hash pointer comprising a hash of content of the target content node and an identifier of the target content node; modification of content stored in any content node results in one or more cryptographic hash pointers within the content graph being inconsistent with a previously calculated hash value; and the content graph is decentralized across a plurality of storage compute nodes, wherein different subsets of the content nodes are stored at different compute nodes that are configured to replicate and verify content using the cryptographic hash pointers. 15 . The medium of claim 1 , wherein the computing entity is an application executing on a user device. 16 . The medium of claim 1 , the operations further comprising exporting, with the computer system, one or more access log entries associated with the request to read the data to a storage object maintained in a cloud-based object storage service, wherein the access log entries comprise a user identifier, a timestamp, and a reference to a field of the database accessed in response to the request. 17 . The medium of claim 1 , wherein determining whether the data to be returned in response to the request is to be obfuscated based on an access policy comprises steps for classifying values as higher security values or lower security values. 18 . The medium of claim 1 , wherein determining whether the data to be returned in response to the request is to be obfuscated based on an access policy comprises steps for determining a risk metric. 19 . A method, comprising: receiving, with a computer system, a request to read data stored in a database, the request being received from a computing entity and comprising a user identifier; accessing, with the computer system, one or more log entries associated with prior read requests associated with the user identifier; determining, with the computer system, that the data to be returned in response to the request is to be obfuscated based on an access policy applicable to a user having the user identifier, the access policy comprising one or more access control rules that define conditions for access to values stored in respective fields of the database; in response to the determination, causing, with the computer system, a response to the request to comprise data from the database with one or more values in the response obfuscated in accordance with the access control rules; monitoring, with the computer system, a number of read requests associated with the user identifier, each read request having an associated time duration;