I would like to encrypt my C drive using bitLocker which is the only partition on my windows 10 computer. Is it better to separate the disk into partitions, for example: a partition for the OS and another one for the data and then encrypt them separately? Or encrypt the whole disk at once?
I have read somewhere that it is good to have your data separated from your OS. Is it more secure to do this? Would it be easier for encryption? Or it would complicate things?
All I can think of for an advantage to separating your OS and Data for encryption would be if your OS was compromised with malware but your Data was still "locked" and encrypted. It's definitely a benefit, but can be more headache than it's worth. If you're looking to prevent data access when the device is physically lost/stolen then it's not going to help much if any there.
Bitlocker works really simply and well as a full disk encryption solution if your PC has a TPM key built in anyways. It even lets you back up your encryption recovery key to your Microsoft Account (hopefully properly secured with two-factor) if you want so you can't lose it. This guide works well as an overview and helps if you have any questions on setup.
Partitioning is not really optimal for any of these cases. Separating data from OS and encrypting the data volume would be perfect if you stored the data in a backup drive. If it's a native drive or a partition, windows will be loading the keys in memory after login, so they are pretty much exposed. This also means that data are vulnerable to different sorts of attacks, even if the pc is in hibernation.
Summing up, it depends on your cause. If you care about encrypting the drive in case you have your laptop stolen, lost etc., encrypt the whole drive at once. It's easier and very effective PROVIDED THAT the laptop will be shut down. But if you care about you sensitive data's security, I suggest an external encrypted drive.
