To Alex's and Nic's points, we have successfully used space permissions and even page restrictions to segregate customers within one instance. We had one instance that might be considered extreme to some but wasn't to us - where different customers were in the same space.  With the diligent use of page restrictions they had access to different content - everyone could see the same landing page but through the use of available macros while they 'knew' other customers were in there, they couldn't access other customer's content.

That being said, having them in different spaces via space permissions would be cleaner and easier especially when the content you wish to provide is more than a page or two's worth.

We have also made the customer spaces more 'elegant' through the use of a theming plugin (there are a number of options in the Marketplace to choose from) that transforms Confluence spaces into more of a typical website look-and-feel.  It strips out the updated by line (if desired), adds menu tabs (if desired), and for some home pages especially, the comments area is suppressed (internal departments like this additional customization/clean up).  It has been a worthwhile investment for us to add this plugin as it has assisted greatly in acceptance/adoption by other groups in the business who like the 'website look' over raw Confluence in many cases. Since one can apply a theme per space, our internal customers can choose which option they want.

We do similar things because we have employees and customers that access our confluence instance. Employees are allowed to see everything but customers can only see certain spaces. We also use themes on customer facing spaces to give them a different look and hide certain things we don't want customers to be able to use or see like the people directory, space admin section, and various options under the Tools menu. Customer facing spaces also have additional help links and a support button. As of yet we have not run into any issues where customers were able to see anything they were not given permission to. Our JIRA instance is a different story since it is completely internal only so we don't have to worry about customers seeing info there.

I would just echo that space permissions is the way to go, and segregate out your customers to different LDAP groups from your internal staff (note, everyone has to be a member of confluence-users). Then you have good control on rights within a space based on group membership, on a page, and at the space level.

Don't try to complicate your life with multiple Confluence instances.

<<Don't try to complicate your life with multiple Confluence instances.>>

Amen to that!

Yup, the only weakness of one single system is that your clients can find out who each other are.

We ran into this issue awhile back. And turning off some of the modules, like quicksearch (type ahead) and some of the user modules (I forget which, but the mention would be a good one to disable) can do a pretty good job. Not 100%, but makes it harder.

Confirm. There are too many ways to find other users on Confluence who are potentially from a competing company. I used Javascript which was easy but disabling modules is a better option. But you need to disable the People button which is a major piece of Confluence functionality. This part of Confluence just hasn't been thought of at all.

I think you're absolutely right there - there's just so many ways a Confluence  (or JIRA - that's worse in some ways) can leak information about other companies, the VM separation is the only way forwards in some cases.