This question centers around securing files in a document library. I am designing an external SharePoint web site for users to log into. All users and groups are part of a single Windows domain. I will be sharing files with users based on which security group they belong to. I need to ensure that files that are meant to be seen by one group are not viewable/searchable by anyone else not in that group. My first thought is to setup a separate site collection for each group (all using the same Web Application) containing a unique library for that group. However I could also just have one site collection that has a library for each group. I could also just have one library that uses folder level security based on group membership or I could assign permissions directly to the files. It is critical that one group does not see the other groups files or be able to search on them. It should look like the user is logging into a personalized site that only contains their files.
What is the best security practice for setting up this SharePoint site. I know there are factors other than security to consider (and I would like to hear about those as well) but my focus right now is mainly on data security.