Qualys (News - Alert), a provider of cloud security and compliance management solutions, has analyzed the QualysGuard Policy Compliance (PC) data from more than five million scans conducted by companies across the globe and hopes to use the information derived to enable companies to comprehend key trends as they revamp their compliance strategies.

By using QualysGuard Policy Compliance (PC), an organization can reduce the risk of internal and external threats, while at the same time providing the proof of compliance demanded by auditors across multiple compliance initiatives. Its built in features can be leveraged to define policies of an organization’s security and integrity and deliver proof that the policies have been operationalized as well.

Companies are now increasingly using QualysGuard PC to automate General Computer Controls (GCC) to adopt a broad and proactive auditing approach to keep with the mounting pressures of regulatory compliance and increasing continuous monitoring trends.

Thus far, the company has collected data from over five million scans on nearly 53 million hosts across 12,000 clients over a period of 12 months. And its analysis of that data indicated that many computer technologies are no longer supported by manufacturers via standard support and those on extended support will soon see expiration. Continuous monitoring, where organizations monitor their assets more frequently, also showed accelerated improvement in addition to that a majority of top-failing controls are password-related.

Scott Crawford, research director for EMA (News - Alert) commented, “This data from over five million scans released by Qualys provides a glimpse into the state of policy compliance across companies worldwide, highlighting some simple ways that organizations can improve their security efforts. For example, the data highlights the need to establish processes for managing key controls such as settings for accounts, passwords, audits and databases. It also shows how regular, automated scans can highlight where and how organizations can more efficiently target remediation, attain compliance objectives and lower their IT security risk.”