Amgueddfa Cymru – National Museum Wales achieve 100% visibility

across its network with C-STEM and Forescout

Sector: GLAMs/NFP
Device Visibility and
Control

““C-STEM’s involvement
has been crucial to us in
helping us build the cyber
essentials policies that
we are using as the
foundation of our
security.

“C-STEM’s willingness to
engage with us and the
knowledge of the
technical team has been
brilliant.”

Tim Philips
Information Security Manager
Amgueddfa Cymru – National
Museum Wales


Amgueddfa Cymru – National Museum Wales is a not for profit organisation, which is responsible for the preservation and curation of the Welsh national collection. The Museum’s estate covers eight sites, seven museums and one central archive, across Wales, which hold varied and valuable artworks and artifacts. The Museum employs over 650 staff across these sites and in addition, has over 1,300 volunteers working at various points during the year.

The Museum IT team is responsible for ensuring that all systems and data are secure across the whole estate. They need to have clear accurate information about the security state for every device on the network, including front and back of house IT devices, IoT and OT devices that monitor and control the humidity and heat for various collections, digital signage and CCTV cameras.

The Challenges

The challenges facing an organisation, such as the Museum, is how to secure not only their data, but also the millions of pounds worth of cultural assets with very limited resources, particularly budget and human resources.  When asked about the role cyber security plays in their digital transformation journey Tim Phillips, the Information Security Manager for the Museum commented that “everything relies on the security and stability of the network”.

In order to resolve their challenges, the first thing they needed to do was to understand what they had on their network and therefore what they were trying to manage. The Museum already had many systems in place, which reported on the state of the network, however, there wasn’t a single point of access available that gave real time and complete visibility (including unmanaged devices) of all connected devices on the network. As a small team with competing demands on time and resource, this was a challenge.

Another challenge was to find a solution that would assist the team in reducing the time and effort needed to achieve and maintain regulatory compliance accreditation. Phillips explains “We wanted a system that will give us documented compliance as an ongoing, day-to-day process, not just the point in time when we did the submission”.  Therefore, the Museum’s IT team were looking for a NAC solution, which would not only give them a single point of management and visibility across the network but also, be able to automate response, whilst being able to integrate with their existing technologies at an affordable price.

The Solution

After detailed market research and following a strict and highly governed selection process, Forescout CounterACT* technology and C-STEM**, as the design and delivery partner, were chosen to assist the Museum in delivering the business outcomes needed. Gaining complete visibly and control to their network. Phillips reflected that “The CounterACT was agentless, which meant that we didn’t have to deploy agents to the devices. In addition, it had dynamic segmentation and the ability to get a perpetual licence”.

Using C-STEM’s (Systems + Techniques = Effective Management) proven engagement process, the Museum was able to demonstrate the solution was the correct fit for the business and would solve the challenges they faced. They were also able to ensure, with C-STEM’s continued assistance, that sustainable business value would be realised. The CounterACT was able to offer them a single view of their whole network in real time, thus enabling them to ensure that every device was compliant and correctly managed at all times.

Mike Hatherall, Senior engineer at C-STEM who worked on this project commented that “Forescout is an ideal NAC solution for the Amgueddfa Cymru – National Museum Wales as it is completely agentless and integrates smoothly with all their existing technology, whilst assisting them to gain Cyber Essentials”.

Business outcomes and impact to Amgueddfa Cymru – National Museum Wales

The impact that C-STEM and the CounterACT has had on the Museum is that there is now far greater visibility of the network, which has allowed them to improve their security
practices. It has made the administration easier and allowed the IT team to focus their time and effort in other areas.

C-STEM helped the Museum to avoid tech clash and meet the cyber demands of the business, by assisting them in the development of an operating model, which is efficient and supports their digital transformation outcomes. When asked about the benefits of using C-STEM as the design and delivery partner, Phillips said “C-STEM’s willingness to engage with us and the detailed knowledge of the technical team has been brilliant, their involvement has been crucial to us in helping us build the cyber essentials policies that we are using as the foundation of our security” he continues by stating that “C-STEM’s engagement within Wales and the Welsh cultural sector was also important to us”.

  • Asset management – Real time auditing & reporting
  • Device compliance – Control and visibility of all their IT/OT devices
  • Network access control – Sustainable effectiveness in protecting against continually changing threat landscapes
  • Network segmentation – Dynamic segmentation, which safeguards new, legacy and custom built technology investments
  • Incident response – Streamlined and seamless automation and response

Phillips noted that these are common challenges within the museum community and believes that other organisations in the sector facing similar challenges would also benefit
from the value that C-STEM and the CounterACT bring. C-STEM have worked with other museums and “having knowledge of the museum and the environment in which we operate is beneficial”.

“Everything relies on the
security and stability of
the network.”

“When we got initial
visibility , we could
immediately see that the
number of devices on the
network was greater
than expected.”

Tim Philips
Information Security Manager
Amgueddfa Cymru – National
Museum Wales

About C-STEM and Forescout CounterACT

*The Forescout CounterACT is an agentless solution, which offers the unique ability to see devices instantly as they connect to the network. It orchestrates and controls information-sharing amongst other existing security tools, which allows organisations to tackle cyber resilience more efficiently.

**C-STEM are an accredited and experienced Forescout Professional Services partner.  They use industry leading technologies, combined with their highly specialist expertise to enable organisations to fully leverage maximum value from their investments.

Systems + Techniques = Effective Management

C-Stem-QEC-ISO-IEC-27001
C-Stem Accreditation SSIP
C-Stem Accreditation Crown Commercial Services
C-Stem Accreditation Cyber Wales
C-Stem Accreditation Ombudsman Services

C-STEM  - Platfform Building, 11-20 Devon Place, Newport NP20 4NW

Tel: 0345 241 0000 | Fax: 0345 241 0001

C-STEM is the trading name for Communication-STEM Limited.  Registered Office: 10 Temple Back, Bristol, BS1 6FL. Registered in England 03270429. VAT no. 682398492