T 4.67 Failure of directory services

Technical failures due to hardware or software problems can lead to the failure of a directory service or parts thereof. One possible result is that it may be temporarily impossible to access the data stored in the directory. In extreme cases, it can even lead to losses of data, which can in turn impair business processes and internal workflows. If functioning copies of the system that has failed are available, then it will still be possible to gain access, but the access performance may be limited under certain circumstances depending on the network topology selected.

A technical defect in a central cryptographic module can have a significant impact on the operability of a directory service if it then becomes impossible to access the directory service components any more. The cryptographic keys, for example those needed to secure a data transmission route for a directory service, could have been deleted, especially if they were only stored in volatile memory. The result is that it will be temporarily impossible to guarantee confidentiality. This is especially critical if the failure is not noticed and encryption cannot be executed any more due to the malfunction even though the operator of the directory service bases its guarantee of the confidentiality of the data on the cryptographic module. It may be impossible to encrypt data while the cryptographic module needed is unavailable, which could then lead to availability problems for the directory service or additional applications that process the decrypted data.