Security and users don't mix
There is no "storage vs security" issue.
If you have a design AND implementation that is intrinsically secure (hint: nobody does, the best there is are systems that will slow hackers down to a speed that matches the slow and ponderous decision making processes with an organisation ... sometimes), then adding more terabytes won't change that.
Obviously you mustn't do anything idiotic, like have storage you can log in to, or control remotely, or physically remove. But a secure system can have 1GB of mass storage (though that's not very "mass") or 100 PB.
However, more storage is generally a portent of bigger problems: users.
Users hate security and will go to great lengths to subvert, avoid, negate and deny it. It slows them down. It makes them jump through hoops. It makes them type in stuff and remember stuff. In a JFDI world, it's an annoyance - and we'd all be better off without it (so I'm told). Thatt's not an unreasonable attitude, when your users are under-staffed, over-stressed and pressured to "do more with less". Given the lack of loyalty that companies show their users, why should the users show any back? Perhaps by caring about security and working diligently to implement it - after all, it's not their data.
So if you want a secure system, first you have to secure the people who access your data. That starts by treating them with respect, instilling a feeling of ownership in them and rewarding them (monetarily or environmentally) for NOT making mistakes, taking shortcuts, and by giving them a system with security that is neither onerous nor intrusive. If you can do that, you will have the skills necessary to design systems that are secure by default - no matter how much storage they require. Better: you'll have users (and maybe even admins) who respect the need for that security. What you can never do is add security, like a new coat of paint, after the fact.