Security by Design: Google Drive vs Atlassian Confluence

Security by design is a practical approach to building and using tools in a way that considers protection and responsible access from the start. Especially when working with internal or sensitive documents, the way a tool handles permissions can make a big difference.

Let’s start with Google Drive. It offers three roles for the "My Drive" section: Viewer, Commenter and Editor. These roles are easy to use, but they come with significant risks. Editors can delete anything even if they didn’t create it. There is no way to separate writing access from deletion rights, which can lead to mistakes or confusion about responsibilities.

Atlassian Confluence offers a more structured permission model. It allows for clear separation between roles such as Viewer, Contributor, Delete and Archive. This kind of setup makes it easier to align tool access with real-life responsibilities. For example, someone can be allowed to write content without having permission to delete it.

Another key benefit in Confluence is the use of role-based access control (RBAC). This means administrators can create user groups (like marketing team, HR editors, or project leads) and assign each group only the permissions they need. It keeps things organised, reduces the chance of human error, and supports compliance with frameworks like ISO 27001.

Security by design and by default is about preventing problems. It helps teams work with more confidence and clarity. With the right setup, everyone knows what they can do, and what they are responsible for.

Summary If your organisation handles important information or follows compliance standards such as ISO 27001, it helps to choose tools that support clear access control. Tools that offer RBAC and granular permissions make it easier to protect information, maintain oversight, and support risk mindful collaboration.