Fortify Your Data Like Gediminas Fortified Vilnius

Inspired by a short video I filmed on Gediminas Hill in Vilnius, this article expands the castle-to-data-governance analogy into seven practical lessons for public-sector data leaders. These lessons connect the tower’s history and defensive features with modern data governance practices, thus showing how Lithuania’s own digital government journey brings the metaphor to life.

As I stood at the base of Gediminas’ Tower on a cold November day, I watched the Lithuanian flag flapping in the wind and let my imagination wander. The hilltop once held a wooden fort built under Grand Duke Gediminas in the early 14th century, later rebuilt in brick by Grand Duke Vytautas in 1409 to withstand siege and time. That three-story stone and brick tower still stands watch, now a museum and a national symbol where the flag rose again in 1988 as Lithuania reclaimed its independence. From its battlements, Vilnius stretches out in every direction. It’s hard not to think about vantage points, layers of defense, and what it takes to keep something important safe.

That’s the heart of data governance in government. When we do it well, we bring clarity and confidence into programs and services, protect people’s information, and earn the trust that public institutions depend on. The parallels between an old fortress and modern data governance are both poetic and practical.

From battlements to dashboards: seven castle lessons for data governance

When I looked up from the base of Gediminas’ Tower, what struck me was both the size of the walls and how every feature worked with the others. Visibility, control, and resilience came from the whole design, not any single element. This is the mindset that public-sector data leaders need. Here are seven practical lessons drawn from the castle’s defenses:

• Thick masonry walls: Embed core protections (encryption, validation, backups) directly into the data lifecycle to safeguard citizen information and preserve trust.
• A strategic hilltop: Create true executive oversight and mission-linked objectives so leaders can see across programs and steer investments toward public value.
• Crenellated battlements: Maintain continuous monitoring, logging, and alerting to spot risks early and respond quickly with evidence.
• Narrow defensive windows: Enforce least-privilege, role-based access and data minimization so people see only what they need to do their jobs.
• The inward spiral staircase: Use clear data classification tiers that tighten controls as sensitivity rises while keeping routine data easy to use.
• A single guarded gate: Centralize identity, MFA, and single sign-on to provide one consistent, auditable entry point across systems and agencies.
• Interlocking defenses: Integrate policies, processes, and shared platforms so no single failure can compromise integrity, privacy, or service delivery.

Here are seven ways to put the idea to work right away:

• Define measurable objectives (the “strategic hilltop”): tie data governance directly to policy goals and program performance.
• Assign clear roles and stewardship (who’s on the walls, who watches the gate): name data owners, stewards, and an accountable governance board.
• Bake in privacy, security, and quality (the masonry): embed controls and validations in the data lifecycle, not just at the perimeter.
• Monitor and log everything (watch from the battlements): maintain complete audit trails and usage visibility across systems.
• Implement role-based access and MDM (the narrow windows and inner stair): segment access; centralize critical entities to reduce duplication and risk.
• Document policies in plain language (the castle plan): make the rules findable and usable for staff across the enterprise.
• Build iteratively (stone by stone): govern in agile increments to show value quickly and adapt to changing requirements.

What Lithuania’s digital government gets right

Walk down Gediminas hill and you’ll find a country that has deliberately fortified its digital state. Lithuania ranks among European leaders in digital public services and open data, with 84% of key services for citizens and 94% for businesses available online as of 2023, well above EU averages. It placed 7th in the European Commission’s 2023 E‑Government Benchmark and 7th in the 2023 Open Data Maturity Report, and it sits 10th on the OECD OURdata Index. In 2024, Lithuania reached 21st globally in the UN E‑Government Development Index, with 72% of the population actively using digital public services.

Under the hood, a central “Electronic Government Gateway” offers a one-stop shop for more than 700 services, backed by a national data exchange layer (VIISP) that provides secure authentication, e-payments, and interoperability across agencies. That’s a modern equivalent of the castle’s single, guarded gate; i.e., one consistent entry point with a clear security model and common protocols. This design is anchored in explicit legislation and standards for integrity, privacy, and security, which bind the digital state together.

Here’s what public-sector leaders elsewhere can take from Lithuania’s approach:

• Build shared infrastructure that makes the right thing the easy thing (eID, secure gateways, data exchange).
• Invest in interoperability and pre-filled services to reduce friction for citizens and businesses.
• Put transparency at the center through open data and clear metrics that allow teams—and the public—to see progress.
• Pair infrastructure with skills and inclusion so no one is left behind, from rural connectivity to community-based digital literacy programs.

These are governance choices that go far beyond the abstract; they harden defenses, widen access, and speed delivery.

A promise as strong as steel

In the 1320s, Gediminas wrote letters across Europe, inviting merchants, artisans, and whole communities to settle and build. In one, he pledged: “Our word is as strong as steel, the iron will sooner turn into wax, and the water will change into steel than we will take our word back.” 

That’s a high bar for integrity. It’s also the essence of public-sector data governance: say what you’ll do with data, do it, and prove it.

• Auditability and traceability let you keep your word; and show you did.
• Clear objectives and metrics ensure your promises connect to public value.
• Documented policies and defined roles prevent drift between intent and practice.

Trust doesn’t come from perfect security. It comes from consistent promises, transparent operations, and the ability to learn and adapt.

Bringing the metaphor home

If I were to sketch a quick blueprint for a government agency using the lessons from the castle, here’s what it would look like:

1. Elevate the vantage point: Create an executive data council with a charter tied to mission outcomes and published KPIs.
2. Name the defenders: Assign domain stewards and custodians with clear RACI around quality, privacy, security, and interoperability.
3. Strengthen the walls: Implement enterprise identity, MFA, encryption at rest and in transit, and DLP controls across shared platforms.
4. Watch from the battlements: Centralize logs, enable continuous monitoring, and implement automated access reviews.
5. Control the windows: Adopt role-based access and a data classification policy that maps sensitivity to controls.
6. Build the inner stair: Stand up Master Data Management for people, places, programs; reduce duplication and reconcile identifiers.
7. Publish the plan: Maintain a living policy library that’s searchable, versioned, and written for humans.
8. Iterate like masons: Deliver in 90-day increments; publish what changed and what improved, then repeat.

None of this requires a moonshot. It does require discipline, sponsorship, and a culture that values learning. That’s the real strength of a fortress: not that it never falls, but that it’s built to be maintained, adapted, and defended.

Key finding: The strongest public-sector data programs marry historical wisdom (visibility, layered defenses, clear lines of responsibility) with modern practices that put citizens at the center.

If you’re curious what sparked this reflection, here’s the short video I filmed at the tower that set this all in motion. I’d love to hear how you’re fortifying your own data governance; that is, what “battlements” you’ve built, and which vantage points you still need.

On Gediminas Hill, you can feel the centuries of vigilance. Down in the city, you can see a nation that’s turned that vigilance into a digital practice. That’s a model worth studying, and a commitment worth making; one in which your word is as strong as steel.