Sitecore Intranet Site

The latest project where I used Sitecore as an intranet platform definitely had a use case for being a separate instance. While it would have been ideal to share license (as @Gatogordo points out) the organization had very strict security policies concerning network connectivity between the Intranet and internal systems.

If your intranet will have any integrations to internal network systems, you should consider the organization's security policies for a situation where a DMZ server (such as a Sitecore instance serving up a public website) is able to connect to these internal systems (such as a Sharepoint instance).

If there are no concerns on that front, HTTPS + Login requirement + disabling anonymous access via Sitecore security across the entire site should be enough. At its core, an Intranet is often just a website that people view after being logged in, and there may be some content you'll want to share between the sites or even content from the media library.

One final concern is your deployment and maintenance schedule. If you are operating the same Sitecore instances for both Intranet and Internet that means you should understand that you will likely have only one VS solution for both. Deploying a fix for the internet is also potentially affecting your intranet. This isn't a bad thing, but I have seen situations where a client did not want systems impacting each other from a deployment perspective. You can mitigate some downtime issues by using load-balanced CD nodes and also ensuring you have solid regression testing in place.

I would use the same instance: it saves you money (license) and you can share the same users for content editing. They don't need new logins and can edit both sites in the same environment.

For the front, you can easily set security on your new site to enable it as intranet. Just make sure you are running in https - best practice would be to do this for both sites.