CARDIFF, UK, July 14, 2026 – Critical Cloud has partnered with Tarian Labs to introduce Continuous Runtime Security Validation, a new joint service designed to help fintech organisations continuously demonstrate the security of their production environments. Rather than relying on penetration testing carried out once a year, the service delivers ongoing validation as applications, cloud infrastructure and AI capabilities evolve.
The partnership combines Critical Cloud’s Managed Runtime Assurance approach with Tarian Labs’ practitioner-led offensive security expertise, drawing on experience gained across government, defence and critical national infrastructure sectors.
Managed Runtime Assurance focuses on the ongoing operation of production applications, cloud platforms and AI systems, ensuring they remain observable, secure, resilient, cost-efficient and ready to provide evidence for regulatory requirements. Instead of treating security testing as a one-time exercise, findings are fed directly into remediation, validation and documented closure.
Continuous Runtime Security Validation brings together Critical Cloud’s Datadog-powered managed operating model and Tarian Labs’ offensive security specialists through an Observe, Detect, Validate process. Critical Cloud maintains visibility, monitoring and governance across production cloud, observability and AI runtime environments, while Tarian Labs independently assesses those environments through penetration testing, cloud and infrastructure reviews, web application testing, API assessments and follow-up verification. Identified issues progress into remediation, retesting and documented confirmation that they have been resolved.
The partnership maintains clear separation of responsibilities. Tarian Labs manages testing methodology, findings, severity ratings and retesting, while Critical Cloud is responsible for remediation and ongoing runtime improvements. Every engagement is carried out with customer authorisation, agreed scope, defined rules of engagement and controlled evidence handling.
“Detection without validation is hope, not assurance,” said James Smith, CEO of Critical Cloud. “Fintech organisations need more than a penetration test report that quickly becomes outdated. They need independent evidence that runtime controls remain effective, alongside a managed operating model that turns findings into measurable improvements.”
“Security testing should continue beyond the delivery of a report,” said Kevin Hanford, Co-Founder and CEO of Tarian Labs. “This partnership provides customers with a structured path from offensive testing through remediation, verification and evidence. Critical Cloud manages the runtime environment while Tarian Labs independently validates it. Together, we help organisations demonstrate that identified risks have genuinely been addressed.”
Continuous Runtime Security Validation engagements are now available across the UK and Ireland, with a packaged joint offering planned for release later. Future collaboration will include fintech events in Wales and a live demonstration showcasing the Observe, Detect, Validate process under controlled attack scenarios, including remediation, retesting and evidence of closure.
Critical Cloud is ISO 27001 certified, holds Cyber Essentials Plus accreditation, and is both a Powered by Datadog accredited partner and a Datadog Advanced Partner. Tarian Labs delivers engagements through CREST registered practitioners, with sign-off provided at NCSC-recognised CHECK Team Leader (CSTL-INF) level.




