Co-authored by Simon Karpen and Joel Duisman – Technical Consultants

In many companies, wikis have moved from ad-hoc tools used by engineers, to serving as key pieces of documentation infrastructure. This change in role brings a change in requirements; instead of simplicity and ease of setup, we now have to think about security and compliance. Wikis also need to integrate with enterprise authentication systems, and frequently have security and compliance requirements.

Many companies are also using wikis as a tool to interact with customers and developers. These wikis are very different from a true enterprise wiki; they’re externally facing, hold only public information, and are designed to foster discussions and contributions.

Commonly Used Software

While Wikipedia (itself a wiki) lists dozens of available software packages (see, there are principally four commonly used wikis. These include:

TWiki — — open source, Perl

Mediawiki — — open-source, PHP

Confluence — — commercial, Java

DokuWiki — — open-source, PHP

Additionally, there are numerous niche players and pieces of software with limited Wiki-like or Wiki-related functionality (e.g. Jive, Microsoft Sharepoint). These solutions do not offer the same collaborative feel so, the corporate market for true Wikis remains relatively narrow.

Enterprise Features

When using a wiki in the enterprise, particularly in an environment with significant compliance and/or security requirements, some key features include:

  • Authentication and Authorization Integration
  • Active Directory, LDAP
  • Kerberos
  • Permissions based on centralized groups / roles
  • Manageability — backup, recovery, overall supportability
  • Audit trail / logging — monitor changes, and possibly accesses
  • Availability of Support — first party (author / seller) support is preferable
  • User friendly interface — WYSIWYG editing, solid online help
  • Data storage model — allows for scaling and disaster recovery
  • Foreign Language Localization

Beyond simple access logging, a desirable feature (not necessarily available in any off-the-shelf solutions), is to detect and alert on or stop data exfiltration. Data exfiltration is when information is removed, sometimes in bulk, from the corporate site. This feature can be a very important tool in safeguarding intellectual property, documentation, and possibly customer information. Unfortunately, in the wiki space, this is not really a well-developed capability.

How They Stack Up


There is, of course, no best wiki; the best wiki for the job depends on the use case, target audience, and security requirements.

Public Wiki

The leading candidate for a public wiki, especially at scale, is MediaWiki. It’s battle-tested (Wikipedia), has the tools for managing a large number of external users and contributors, and is built on scalable, industry-standard back-end technologies.

TWiki and DokuWiki are also reasonable choices, for simple use cases with a limited audience (i.e. developer documentation, not end-user / general audience interaction)

Confluence’s enterprise-grade security and per-user licensing model make it unsuitable for a public wiki.

Enterprise Wiki

Confluence is the canonical choice for an enterprise wiki. Relative to the available open-source wikis, Confluence provides:

  • A significantly more comprehensive permission model
  • This includes having “no permission” show up as nonexistent, instead of “permission denied”, which helps prevent information leakage
  • Access control at the page/tree level, with automatic protection for images and other content
  • Deeper and broader integration with enterprise authentication
  • A true WYSIWYG editor, accessible to non-technical users
  • A strong audit log of all content and permission changes

Confluence is a licensed product so there is an annual maintenance cost that can vary from several hundred to several thousand dollars annually plus the initial purchase price. However, the cost is relatively small compared to the other costs of running a Wiki service.


Authentication — the process of determining the identity of an individual or role

Authorization — the process of providing permission or access

Compliance — the state in which something is in accordance with established guidelines and/or specifications

Data exfiltration — the unauthorized transfer of data from a computer or network

Enterprise — describes all the people working for a given company or governmental entity

Open Source — refers to any technology where the right to use and modify code is freely granted without cost

Public — describes open and often unauthenticated access

Security — the stated goal of compliance, measured by the ability to enforce business rules

Wiki — a tool that allows a large number of users to share (create, update and delete) content on a website

WYSIWYG — shorthand for What You See Is What You Get, a feature of document editing where the person receives an exact visualization of the final product while editing