US Patent 10013364 Securing data using per tenant encryption keys

One embodiment is directed to a technique which secures data on a set of storage drives of a data storage system. The technique involves encrypting data from a first tenant using a first tenant key to form first tenant encrypted data and storing the first tenant encrypted data on the set of storage drives. The technique further involves encrypting data from a second tenant using a second tenant key to form second tenant encrypted data and storing the second tenant encrypted data on the set of storage drives, the first tenant being different from the second tenant, and the first tenant key and the second tenant key being per tenant keys which are different from each other. The technique further involves destroying the first tenant key to prevent the first tenant encrypted data stored on the set of storage drives from being decrypted while maintaining the second tenant key to enable decryption of the second tenant encrypted data stored on the set of storage drives.