Description: Relevance of the subject. Implementation of cloud technology allows to increase efficiency of banking IT by enabling cost saving and improved customer experience. Despite all the benefits there are issues which prevent full scale migration to cloud for banking entities in Ukraine. NBU and legislation limitations, absence of certified trusted cloud service provides and systematic approaches to data and interfaces integrity protection, is not the full list of problems in this area. Banks as entities which store, possess and process personal information subject to banking secrecy are obliged to comply with applicable European, international and national legislation. Considering Euro integration strategic roadmap Ukraine has to adopt European and international requirements as PCI DSS, PSD2, GDPR which is a heavy burden for traditional IT architecture of the bank unless innovative cloud technology is applied. Cloud infrastructure also triggers number of regulatory issues related to confidentiality of client data, as data is physically stored in remote geographical locations out of direct control of respective bank. Such peculiarity is in conflict with the principle that the bank should be in control of customer data in real time. Purpose of the article is to define feasible measures to mitigate the risks related to IT security defined by special features of cloud architecture considering national and European requirements for Banks. Methodological basis of research is modern theoretical methods and systematic approach to design, build, integration and support of cloud service oriented architecture, as well as OWASP and CAPEC standard approaches to cyber attack classification. To address the issues raised it is necessary to ensure strong authentification establish domains of trust, delegate trust to verified third parties and protect the communication channels with modern cryptography means.
Keywords: IT architecture of a Bank, cloud technology, OWASP project, CAPEC classification, PCI DSS standard, PSD2 directive, GDPR regulation, TLS standard, SAML standard, SSO technology, Eelectronic digital signature