National Portrait Gallery gets all of its security tools on one palette

The National Portrait Gallery deployed Censornet USS as it looked to improve its security posture and achieve the government’s Cyber Essentials security standard. As one of Britain’s best-loved museums, with the most extensive collection of portraits in the world, the Gallery has a high public profile. Pair this with the fact it receives split funding from the government, public donations and receipts from ticketed exhibitions, gift shop sales and events, and it’s clear why achieving Cyber Essentials was important for the Gallery, to demonstrate its responsible approach to and practical excellence in cyber security to the public and stakeholders.

As the Gallery’s existing security contracts came to an end, Nicky Dowland, Head of Information Technology, sought a more advanced solution that would provide additional layers of security on a platform that was easy for a small IT team to manage, and that could help it achieve the Cyber Essentials security standard.

“The National Portrait Gallery has a proud reputation and maintaining it means that, like all organisations, we have to consider our cyber security,” said Dowland. “The sad reality is that many cyber-attacks are indiscriminate and all organisations are targeted. Our aim was to not just meet the Cyber Essential standards, but surpass them, ensuring our security posture was exemplary and that our staff and visitors’ data was safe.”


Gallery improves email security and brings web, CASB and MFA into the frame

Seeing Censornet’s Unified Security Service (USS) in action at Infosecurity Europe, Dowland believed the solution would be able to give the Gallery the best security coverage and added value they were looking for thanks to its combination of email security, web security, CASB and MFA in one application.

With Censornet’s solution, the National Portrait Gallery is now able to check all URLs in emails at point of click with its Link Scan technology. This additional feature, unique to Censornet, has greatly improved the Gallery’s ability to identify attacks and alert staff before malicious links or attachments are opened, thus reducing the impact of email threats. The USS also allows the Gallery to undertake additional customized email, web and application filtering, which had not been available previously, and provided an additional layer of security, multi-factor authentication (MFA), for privileged users.

“With Censornet USS we have protection against, and additional information on, threats facing our company and staff that we simply did not have before,” said Dowland. “We can see all the cloud applications being used within the organisation, web browsing trends, and have a far more effective email scanning solution. It’s shocking, we are quite regularly blocking a lot more than we are receiving.

The graphic displays on the USS portal dashboard have been a welcome feature for Dowland. “The ability to view all of the data collected through these solutions in one portal means that we have a better view of threat management and are assured Censornet is protecting our staff.”

With Censornet USS, the Gallery has also managed to put rules in place so that threats identified across different channels can be cross-referenced and blocked across web, cloud and email, as all of these solutions are integrated. This is particularly valuable to the Gallery given the size of its IT team. Taking individual point solutions out of siloes and onto a single unified platform allowed the team to vastly simplify security threat management and act faster and more decisively.

Highlighting the cost and time saving benefits of utilizing all four products on the USS platform, Dowland commented, “We can go on to the portal and view what’s it’s doing and check how it’s going in one place which makes it easier for us. We don’t need to do day to day management of it, it runs, and it does its job by itself. We have a relatively small IT department but the nature of Censornet USS means we are able to punch above our weight, especially with web and cloud security tools that we did not have before. The combination of this increased functionality with Censornet offering a simpler solution to use is extremely powerful.”


Going above and beyond security certification

With the help of Censornet USS, the National Portrait Gallery has now met the standards needed to achieve the Cyber Essentials certification and has even gone beyond this to achieve Cyber Essentials Plus. This demonstrates to customers and shareholders alike that the Gallery has significant cyber security measures in place and the strength of its security posture has been verified by independent experts.

“Censornet allowed us to prove that we had taken all the necessary measures to protect our employees from viruses and malware and are controlling who had access to sensitive data through MFA,” said Dowland. “While the Cyber Essentials certification is fantastic, the most important benefit to us from Censornet is the peace of mind that our data is safe. We are able to do far more than before to prevent attacks and have greater insights that mean we are able to better investigate if we do find something suspicious. It’s definitely one of the best software-purchasing decisions we have made.”