How Australia's National Gallery achieved government security compliance with advanced bot management, DDoS protection, and content scraping controls whilst improving digital visitor experience.
As a critical national cultural institution, the National Gallery of Australia faced increasing cybersecurity threats targeting government websites. With the bulk of the IT staff dedicated to the gallery's physical infrastructure, the incoming head of digital, Dr. Keir Winesmith, needed a comprehensive application security solution that could protect valuable digital assets whilst improving visitor experience. The existing international security provider was failing to deliver adequate protection, leaving the gallery vulnerable to bot attacks, content scraping, and potential DDoS threats targeting their priceless digital art collection.
The National Gallery website, nga.gov.au, was using an American DDoS/security provider. An unannounced plan change by the provider had compromised both security and performance, leaving the gallery exposed to threats whilst degrading user experience for Australian visitors.
The gallery selected Peakhour's Application Security Platform to provide comprehensive protection for their main website and digital collection. Peakhour worked closely with gallery technical staff to implement a complete security solution, ensuring seamless migration whilst maintaining service availability during the transition.
Government Security Compliance & Threat Protection
When the Australian Government mandated comprehensive security audits for all .gov.au websites, the National Gallery needed to demonstrate robust protection against modern threats. Peakhour implemented a multi-layered security approach including advanced rate limiting to prevent bot attacks, intelligent bot management to distinguish between legitimate visitors and automated threats, and comprehensive DDoS protection with full page caching strategy.
The security platform successfully blocked thousands of malicious bot requests, prevented vulnerability scanning attempts, and mitigated multiple DDoS attacks targeting the gallery's digital infrastructure. Additionally, LLM scraping controls were implemented to protect the gallery's valuable digital art metadata and descriptions from unauthorised data harvesting whilst allowing legitimate research access.
Comprehensive Digital Asset Protection
The National Gallery had developed multiple microsites on different technology stacks over several years, each with varying security profiles:
Knowmyname.nga.gov.auEach microsite presented distinct security challenges and potential attack vectors. Peakhour's content mounting feature enabled consolidation of these dispersed digital assets under unified security protection without requiring changes to existing web software or hosting infrastructure. Content from microsites was transparently secured under the main domain, for example:
knowmyname.nga.gov.au
was securely consolidated to
nga.gov.au/knowmyname
This consolidation significantly strengthened the security posture by eliminating multiple potential attack surfaces whilst providing consistent threat protection across all digital gallery assets. The unified approach also improved SEO performance and simplified security management for the IT team.
Secure Digital Art Asset Management
As an art gallery website, nga.gov.au houses significant high-quality digital imagery of Australia's most valuable art collection. The gallery tried to pre-optimise images as much as possible but couldn’t take advantage of the optimal format for the target device due to specific use cases. For example, they supplied super high quality images for media publications. Peakhour implemented intelligent content protection controls that could distinguish between legitimate media requests and potential content scraping attempts. A special API feature enabled the gallery to provide high-quality images for authorised media publications whilst preventing bulk downloading by malicious actors. The security-optimised delivery system achieved a ~48% reduction in file sizes for general visitors whilst maintaining full-resolution access for authenticated users.
"There's so many American technology companies that do feel the need to cater to clients outside the US. As a national body, we felt it important to seek out local expertise, and to partner with companies that were interested in supporting our specific goal as a national cultural institution with a large digital footprint."
Dr Keir Winesmith
Head of Digital at NGA.com.au (Nov 2020 - Dec 2022)
© PEAKHOUR.IO PTY LTD 2024 ABN 76 619 930 826 All rights reserved.