Case Study National Gallery Australia

How Australia's National Gallery achieved government security compliance with advanced bot management, DDoS protection, and content scraping controls whilst improving digital visitor experience.

The Security Challenge

As a critical national cultural institution, the National Gallery of Australia faced increasing cybersecurity threats targeting government websites. With the bulk of the IT staff dedicated to the gallery's physical infrastructure, the incoming head of digital, Dr. Keir Winesmith, needed a comprehensive application security solution that could protect valuable digital assets whilst improving visitor experience. The existing international security provider was failing to deliver adequate protection, leaving the gallery vulnerable to bot attacks, content scraping, and potential DDoS threats targeting their priceless digital art collection.

Application Security Platform Implementation

The National Gallery website, nga.gov.au, was using an American DDoS/security provider. An unannounced plan change by the provider had compromised both security and performance, leaving the gallery exposed to threats whilst degrading user experience for Australian visitors.

The gallery selected Peakhour's Application Security Platform to provide comprehensive protection for their main website and digital collection. Peakhour worked closely with gallery technical staff to implement a complete security solution, ensuring seamless migration whilst maintaining service availability during the transition.

“Peakhour offered many features our previous provider didn't, and took the time to understand what was specific about the National Gallery's web ecosystem”

Government Security Compliance & Threat Protection

When the Australian Government mandated comprehensive security audits for all .gov.au websites, the National Gallery needed to demonstrate robust protection against modern threats. Peakhour implemented a multi-layered security approach including advanced rate limiting to prevent bot attacks, intelligent bot management to distinguish between legitimate visitors and automated threats, and comprehensive DDoS protection with full page caching strategy.

The security platform successfully blocked thousands of malicious bot requests, prevented vulnerability scanning attempts, and mitigated multiple DDoS attacks targeting the gallery's digital infrastructure. Additionally, LLM scraping controls were implemented to protect the gallery's valuable digital art metadata and descriptions from unauthorised data harvesting whilst allowing legitimate research access.

Largest Contentful Paint Improvements Improvement in Largest Contentful Paint due to Page Caching and Image Optimisation

Comprehensive Digital Asset Protection

The National Gallery had developed multiple microsites on different technology stacks over several years, each with varying security profiles:

Knowmyname.nga.gov.au
Tours.nga.gov.au
Publications.nga.gov.au
Searchthecollection.nga.gov.au

Each microsite presented distinct security challenges and potential attack vectors. Peakhour's content mounting feature enabled consolidation of these dispersed digital assets under unified security protection without requiring changes to existing web software or hosting infrastructure. Content from microsites was transparently secured under the main domain, for example:

knowmyname.nga.gov.au

was securely consolidated to

nga.gov.au/knowmyname

This consolidation significantly strengthened the security posture by eliminating multiple potential attack surfaces whilst providing consistent threat protection across all digital gallery assets. The unified approach also improved SEO performance and simplified security management for the IT team.

"Being able to get comprehensive application security, advanced threat protection, content optimisation and unified microsite protection for our legacy web projects, all from one Australian company was both cost and time efficient for us"

Secure Digital Art Asset Management

As an art gallery website, nga.gov.au houses significant high-quality digital imagery of Australia's most valuable art collection. The gallery tried to pre-optimise images as much as possible but couldn’t take advantage of the optimal format for the target device due to specific use cases. For example, they supplied super high quality images for media publications. Peakhour implemented intelligent content protection controls that could distinguish between legitimate media requests and potential content scraping attempts. A special API feature enabled the gallery to provide high-quality images for authorised media publications whilst preventing bulk downloading by malicious actors. The security-optimised delivery system achieved a ~48% reduction in file sizes for general visitors whilst maintaining full-resolution access for authenticated users.

Image Optimisation Image optimisation statistics for the last month

"There's so many American technology companies that do feel the need to cater to clients outside the US. As a national body, we felt it important to seek out local expertise, and to partner with companies that were interested in supporting our specific goal as a national cultural institution with a large digital footprint."

Dr Keir Winesmith

Head of Digital at NGA.com.au (Nov 2020 - Dec 2022)

Get world-class security, performance and availability with Peakhour

Find out how to get started

© PEAKHOUR.IO PTY LTD 2024   ABN 76 619 930 826    All rights reserved.