Designing in secure spaces: How to be user-centred when user access is limited

Zaizi


Designing in secure environments is complex. But by leaning on user-centred principles, your team can make confident, informed decisions. Here, one of our senior UX/UI designers explains how.


Working on sensitive projects — think border security, national security, or the wider public sector — often means hitting a wall of access restrictions. Although this is perfectly understandable, it makes it difficult to get close to the people you’re designing for; the end users. 

But with the right approach, designing in secure environments doesn’t have to feel like designing in the dark.

At its heart, user-centred design (UCD) is about understanding the people who will use a service — their goals, behaviours, and pain points — and using those insights to guide every decision.

Challenges in secure environments

In secure environments, UCD fundamentals still apply but they’re harder to put into practice. Teams must navigate restrictions on access, data sensitivity, and time — all while staying focused on real user needs rather than assumptions.

Strict security controls

Project files, prototypes, and meetings (essentially all forms of communication) require careful handling, adding an extra layer of complexity. A secure environment can mean you can’t access certain tools and even setting up a meeting to bring the right people together can prove tricky.

Limited user access

It’s not always possible to test products directly with representative end users, which restricts user research. Iterative feedback cycles are also harder without access to user data or analytics.

Partial information

Security restrictions can limit important context – such as workflows, technical constraints, or organisational realities – making it harder to get a complete understanding of the problem space.

Even when participants are willing to share, security protocols can force them to give vague answers. For example, workflows may differ slightly between departments but participants cannot always provide full details.

Despite these limitations, the insights can still help teams identify key pain points, missing functionality and areas where prototypes need further changes.

What tools and techniques can you use to design systems within security constraints?

Even in secure environments, it’s possible to take a user-centred approach.

Over time, we’ve designed and refined approaches that consistently help teams surface assumptions, ideate collaboratively, and validate solutions – all without compromising security.

Collaborate early and often

Collaboration is the best tool you have. When user access is limited, working together becomes one of the most effective ways to understand the people you’re designing for. 

Bringing colleagues and clients into the process early helps align priorities, surface assumptions, and fill gaps left by missing data or restricted user access.

At Zaizi, we’ve found that facilitating workshops with clients alongside our own teams clarifies goals, builds shared understanding, and captures context that we might otherwise miss.

Maintaining regular communication – through secure boards, check-ins, or shared documents — keeps everyone focused on the same objectives and ensures progress continues even under constraints.

Collaboration doesn’t replace direct user insight. But it ensures that every design decision is grounded in a shared understanding and informed by the best available knowledge.

Test with real users to de-risk designs

There’s no user-centred design without users. Getting prototypes in front of a small number of end users allows you to uncover usability issues, validate design decisions, and reveal new opportunities you may never have anticipated. Even limited testing provides crucial evidence to guide your design and strengthen confidence in your decisions.

Recently, one of our teams conducted remote user testing via video calls. Due to security restrictions, some of the participants’ cameras were turned off, limiting our ability to observe non-verbal cues. They also couldn’t interact directly with the prototype, so the team guided them step-by-step through screenshots of the prototype to collect feedback.

Despite this, the sessions still surfaced valuable insights into workflows, clarified pain points and informed future design decisions.

Let the content define the interface, not the other way around

Start with the problem you’re trying to solve and the content needed to address it. Jumping straight into high-fidelity design can backfire — especially in secure environments.

Focusing too early on aesthetics pulls attention away from validating the underlying content and user needs. A content-first approach ensures early designs remain adaptable, reducing wasted effort on visual details.

You may lack access to real content or live data but you can work with generalised, representative placeholders that mirror the structure, tone, and constraints of the eventual content without exposing sensitive information. This keeps prototypes realistic enough for meaningful feedback while ensuring you stay compliant with strict security requirements.

Leverage design systems to focus on solving the core problem

Mature design systems, such as GOV.UK or the Intelligence Community Design System (ICDS), help speed up the design process and embed accessibility and usability best practices.

This frees up time to solve the core problem rather than reinvent individual components. They’re an essential tool for building consistent user experiences.

Engage with the wider design community

There’s a wealth of knowledge in the design community. Reach out, share ideas and learn from others to navigate the problem.

Zaizi operates a community of practice model, where groups focused on specific areas of expertise meet to share knowledge and support each other across projects.

The UCD community of practice, for example, provides a space for peer collaboration. It’s a sounding board for complex design challenges.

Recent sessions have included show-and-tell demonstrations on running co-design workshops and exploring AI-assisted design tools safely and transparently.

How to work confidently in secure environments

Designing in secure spaces isn’t just about following rules or checking boxes. It’s about a mindset that thrives under constraints and turns limitations into opportunities to uncover insights, collaborate effectively, and deliver user-centred solutions.

Advocate for the users

Limited access to users makes it tempting to rely on assumptions.

Be the voice of the user when they can’t be in the room. Ask questions, challenge decisions, and keep their needs central to every conversation.

Focus on evidence, not assumptions

Even when evidence is partial, documenting what you know – and noting assumptions or gaps – helps ensure decisions are rooted in the best available knowledge. It keeps the team aligned and makes reasoning behind choices transparent.

Insights don’t have to come only from direct user contact. Other useful sources include:

Be adaptable with your approach

Security restrictions often mean traditional UCD methods don’t fit perfectly. Adapt rather than abandon them. Shorter sessions, anonymised data, or remote walkthroughs can generate valuable insights within the limits you’re working under.

By framing your approach around these principles, your team’s mindset can shift from what you can’t do, to what you can – empowering you to confidently deliver effective, genuinely user-centred solutions.

What next?

Related content

Thanks for joining us! We’ll keep you informed with regular updates.

Subscribe to our monthly newsletter, including updates about our content and events

Consent(Required)
This field is for validation purposes and should be left unchanged.