Virtual private cloud that provides enterprise grade functionality and compliance

What is claimed is: 1. A method of managing files, comprising: receiving, at a file management system, a policy to be applied with respect to a synchronization set, wherein the policy comprises a retention policy; and ensuring compliance with the policy across a plurality of heterogeneous endpoints associated with the synchronization set by propagating the policy to the heterogeneous endpoints, wherein the plurality of endpoints are associated with a plurality of computing systems respectively including one or more non-transitory computer-readable storage mediums, and wherein each of the endpoints is configured to enforce at the endpoint policies received from the file management system, including by responding in a manner prescribed by the policy to occurrence of a policy-triggering event defined in the policy, wherein the policy restricts access to a file from one or more of the endpoints, wherein the policy triggering event comprises receipt of a request to delete a file to which the retention policy applies, wherein at least partially in response to the policy trigger event, the file is marked as deleted at one or more endpoints at which the file has been stored, and a copy of the file is retained until expiration of a retention period specified in the policy, and wherein ensuring compliance with the policy includes preventing access to the file by the one or more endpoints at which access is restricted. 2. The method of claim 1 , wherein each of the endpoints is configured to store or can access at least a subset of files to which the policy is to be applied. 3. The method of claim 1 , wherein the policy comprises one or more of a retention policy, a security policy, and an access restriction policy. 4. The method of claim 1 , wherein enforcing comprises: monitoring the endpoint to detect the occurrence of the policy-triggering event; and responding to the occurrence by performing operations prescribed by the policy. 5. The method of claim 1 , wherein the policy restricts access to a file upon the occurrence of the policy-triggering event, and wherein ensuring compliance with the policy includes preventing access to the file upon the occurrence of the policy-triggering event. 6. The method of claim 1 , wherein: the policy comprises a retention policy; and responding comprises detecting the occurrence of the policy-triggering event and performing a retention policy operation prescribed by the retention policy. 7. The method of claim 1 , wherein the copy is stored centrally. 8. The method of claim 1 , wherein the copy is stored, but not made visible to users, at one or more of the endpoints. 9. The method of claim 1 , further comprising providing an administrative user interface to enable the policy to be defined. 10. The method of claim 9 , wherein the administrative user interface is configured to receive an identification of files to which the policy is to be applied. 11. The method of claim 1 , further comprising creating and storing an audit record or other data that evidences that a compliance action required by the policy has been performed. 12. The method of claim 1 , further comprising taking, with respect to a file as stored at a first endpoint, an action required by the policy and propagating an effect of the action to other endpoints. 13. The method of claim 1 , wherein the policy requires data associated with one or more of a file, a user, an endpoint, and a device to be deleted. 14. The method of claim 1 , further comprising initiating remotely an operation to cause data associated with a file, user, endpoint, and device, to be deleted. 15. The method of claim 14 , wherein the operation causes associated file management system metadata to be updated or deleted. 16. The method of claim 1 , wherein at least one of the endpoints corresponds to a network storage system that provides access to one or more files stored on the associated one or more non-transitory computer-readable storage medium. 17. The method of claim 16 , wherein the network storage system is associated with a web service that provides a storage service that provides access to one or more files stored on the associated one or more non-transitory computer readable storage medium. 18. The method of claim 1 , wherein one or more of the plurality of endpoints is connected to the file management system over a network. 19. The method of claim 1 , wherein one or more of the plurality of endpoints is connected to the file management system via the Internet. 20. A file management system, comprising: a processor configured to: receive, at a file management system, a policy to be applied with respect to a synchronization set, wherein the policy comprises a retention policy; and ensure compliance with the policy across a plurality of heterogeneous endpoints associated with the synchronization set by propagating the policy to the heterogeneous endpoints, wherein the plurality of endpoints are associated with a plurality of computing systems respectively including one or more non-transitory computer-readable storage mediums, and wherein each of the endpoints is configured to enforce at the endpoint policies received from the file management system, including by responding in a manner prescribed by the policy to occurrence of a policy-triggering event defined in the policy, wherein the policy restricts access to a file from one or more of the endpoints, wherein the policy triggering event comprises receipt of a request to delete a file to which the retention policy applies, wherein at least partially in response to the policy trigger event, the file is marked as deleted at one or more endpoints at which the file has been stored, and a copy of the file is retained until expiration of a retention period specified in the policy, and wherein ensuring compliance with the policy includes preventing access to the file by the one or more endpoints at which access is restricted; and a memory or other storage device coupled to the processor and configured to store the policy. 21. The system of claim 20 , wherein enforcing comprises: monitoring the endpoint to detect the occurrence of the policy-triggering event; and responding to the occurrence by performing operations prescribed by the policy. 22. The system of claim 20 , wherein each of at least a subset of the endpoints is configured to store or can access at least a subset of the files to which the policy is to be applied. 23. A computer program product to manage files, the computer program product being embodied in a tangible, non-transitory computer readable storage medium and comprising computer instructions for: receiving, at a file management system, a policy to be applied with respect to a synchronization set, wherein the policy comprises a retention policy; and ensuring compliance with the policy across a plurality of heterogeneous endpoints associated with the synchronization set by propagating the policy to the heterogeneous endpoints, wherein the plurality of endpoints are associated with a plurality of computing systems respectively including one or more non-transitory computer-readable storage mediums, and wherein each of the endpoints is configured to enforce at the endpoint policies received from the file management system, including by responding in a manner prescribed by the policy to occurrence of a policy-triggering event defined in the policy, wherein the policy restricts access to a file from one or more of the