An advert fromBytemagazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today's prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess of US$1,000,000, with possibly a price premium for small size and portability. In fact, it cost me about US$10, evidence of the continuing drop in the price of electronic storage media in terms of price by stored byte. The amount of storage that can be acquired for a given cost has roughly doubled every 14 months since 1980 [1]. There is nothing to suggest that this trend won't continue for the foreseeable future. We can look forward to larger and larger data storage devices at cheaper cost. But what are the implications of this trend for security professionals?
I am sure that every file on the 1980 hard disk was stored for a clear reason that was almost certainly known to the system administrator. Superfluous files that had not been accessed in a long time would have been cleared out to free up precious storage space for files that needed to be on the hard disk. I'm equally sure that I have no idea what it stored on my 1GB flash drive, and that there are certainly files stored on the device that I shall never access again, but which might come in handy at some point in the future. The stability of modern storage media means that these files will probably still be accessible many years in the future. This wasn't an assertion that could have been made regarding the storage media of the early 80's. The ubiquity, cheapness and stability of modern data storage means that it is easy for users to store information for far longer than it is required, which entails its own risks.
Just because a file is no longer actively accessed does not mean that the data in the file is without value. TheFinancial Timesreported that attackers had stolen personal data collected from a competition in 2001 during the Sony PlayStation Network Hack in 2011[2]. If storage had remained at 1980 prices, it is unlikely that such old data would have been retained since it had served its purpose and after ten years much of the information would no longer be accurate. Nevertheless the data was kept and proved to be especially valuable since the theft, along with other data, lead to a