Systems and methods for secure hybrid third-party data storage

What is claimed is: 1. A computer-implemented method for secure hybrid third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file; retrieving, in response to the request, from the third-party storage system and for the trusted proxy system: the encrypted file; a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key; receiving, at the trusted proxy system, the client-side key, without exposing the client-side key to the third-party storage system; decrypting the encrypted decryption key with the client-side key at the trusted proxy system rather than at the third-party storage system responsive to the trusted proxy system being owned by the owner of the encrypted file and the third-party storage system not being owned by the owner of the encrypted file; using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. 2. The computer-implemented method of claim 1 , wherein the trusted proxy system is administrated by an owner of the encrypted file and the third-party storage system is not administrated by the owner of the encrypted file. 3. The computer-implemented method of claim 1 , wherein accessing the encrypted file comprises transmitting the unencrypted version of the encrypted file to the client system. 4. The computer-implemented method of claim 1 , wherein using the decryption key to access the unencrypted version of the encrypted file comprises: generating, at the trusted proxy system, metadata describing the unencrypted version of the encrypted file; providing the metadata to at least one of the client system and the third-party storage system. 5. The computer-implemented method of claim 4 , wherein generating the metadata describing the unencrypted version of the encrypted file comprises at least one of: performing a scan on the unencrypted version of the encrypted file at the trusted proxy system; creating, at the trusted proxy system, an index entry of the unencrypted version of the encrypted file based on content within the unencrypted version of the encrypted file; generating, at the trusted proxy system, a preview of the unencrypted version of the encrypted file based on content within the unencrypted version of the encrypted file. 6. The computer-implemented method of claim 1 , wherein accessing the encrypted file comprises: identifying, at the trusted proxy system, a policy for scanning the unencrypted version of the encrypted file; scanning, at the trusted proxy system, the unencrypted version of the encrypted file based on the policy. 7. The computer-implemented method of claim 1 , wherein using the decryption key to access the encrypted file comprises: retrieving, from the third-party storage system and for the trusted proxy system, a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key; decrypting, at the trusted proxy system, the file key with the decryption key; decrypting, at the trusted proxy system, the encrypted file with the file key. 8. The computer-implemented method of claim 1 , wherein: accessing the encrypted file comprises providing access to the unencrypted version of the encrypted file to an additional user account; an additional asymmetric key pair is designated for the additional user account, the asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with an additional client-side key. 9. The computer-implemented method of claim 8 , wherein providing access to the unencrypted version of the encrypted file to the additional user account comprises: retrieving, from the third-party storage system and for the trusted proxy system, the additional encryption key and a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key; decrypting, at the trusted proxy system, the file key with the decryption key; encrypting, at the trusted proxy system, a copy of the file key with the additional encryption key; transmitting the encrypted copy of the file key from the trusted proxy system to the third-party storage system. 10. The computer-implemented method of claim 1 , further comprising: receiving, at the trusted proxy system, the unencrypted version of the encrypted file from the client system; generating the encrypted file at the trusted proxy system by: generating a file key based on at least one characteristic of the unencrypted version of the encrypted file; encrypting the unencrypted version of the encrypted file with the file key; encrypting the file key with the encryption key; transmitting the encrypted file and the encrypted file key to the third-party storage system. 11. The computer-implemented method of claim 10 , further comprising deduplicating the encrypted file with an additional encrypted file that is encrypted with the file key. 12. The computer-implemented method of claim 1 , wherein the third-party storage system lacks access to: the unencrypted version of the encrypted file; an unencrypted version of the decryption key; the client-side key. 13. The computer-implemented method of claim 1 , wherein using the decryption key to access the unencrypted version of the encrypted file comprises: retrieving, from the third-party storage system and for the trusted proxy system, an additional asymmetric key pair designated for a plurality of user accounts comprising the user account, the additional asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with the encryption key; decrypting, at the trusted proxy system, the encrypted additional decryption key with the decryption key; retrieving, from the third-party storage system and for the trusted proxy system, a file key used to encrypt the encrypted file, wherein the file key is encrypted with the additional encryption key; decrypting, at the trusted proxy system, the file key with the additional decryption key; decrypting, at the trusted proxy system, the encrypted file with the file key. 14. A system for secure hybrid third-party data storage, the system comprising: an identification module, stored in memory, that identifies, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file; a retrieving module, stored in memory, that retrieves, in response to the request, from the third-party storage system and for the trusted proxy system: the encrypted file; a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account by an encryption key and the encrypted decryption key; a receiving module, stored in memory, that receives, at the