Almost 20 percent of government agencies using the public cloud do not encrypt their data, despite claiming that security is one of their biggest priorities, according to new survey by workload security firm HyTrust Inc.

The survey, which looked at how government agencies and the military use and implement public clouds, comes at a time when many departments are faced with budget constraints and increasingly strict regulations. In addition, the U.S. government has recently implemented a “cloud first” policy that requires agencies to consider cloud-based technology options when making information technology buying decisions.

These two factors are increasingly driving government adoption of public cloud, HyTrust said. And the majority of government agencies are pleased with their cloud deployments, citing benefits such as increased speed, agility and convenience. Nonetheless, 88 percent of the 59 government and military organizations surveyed said that security remains a big concern when it comes to the cloud, followed by cost (55 percent), reliability (39 percent) and job security (15 percent).

Given that security is apparently such a big concern, one might assume agencies are doing their best to ensure their cloud-based data is protected. But alarmingly, some 19 percent of government agencies admitted that they use no encryption whatsoever when sending data to the cloud. Of those that do employ encryption, 39 percent indicated that they use their cloud provider’s solution, while 41 percent said they prefer a third-party solution, something HyTrust says is preferable as it means the cloud provider doesn’t have access to the encryption keys.

The fact that almost a fifth of government agencies see no need to use encryption becomes all the more confusing when one considers that just over half of them said they believe that current IT security approaches will not work for cloud deployments.

HyTrust’s survey also looked at government agencies’ cloud strategies and most popular public cloud vendors. A majority of agencies – 58 percent – said they were seeking to obtain the benefits of public cloud while also maintaining the advantages of having on premises deployments. As such, they’re planning a hybrid cloud strategy that combines both public and private clouds. However, only 39 percent plan to use multiple public cloud vendors.

Perhaps the biggest surprise of the survey is that VMware Inc. was listed as the No. 1 choice of public cloud provider by government agencies, cited by 34 percent of respondents. It’s often said that Amazon Web Services is leading the public cloud market by some distance from its rivals, yet in the government and military sector it only comes in second with 24 percent. Microsoft Azure is currently being used by 19 percent of government agencies, and Google Cloud Platform by 14 percent. Disappointingly for IBM, not a single agency surveyed said it was using Big Blue’s public cloud services. In addition, 33 percent of government agencies said they don’t use the public cloud at all.

“We see major potential for government agencies adopting cloud technology and some agencies are already seeing the benefits,” said Bill Aubin, vice president of federal at HyTrust. “By carefully assessing the technology, policy and security requirements, agencies will be well on their way to a seamless and safe transition.”