A new partnership between Critical Cloud and Tarian Labs aims to give fintech businesses continuous confidence in the security of their live environments. The companies have launched Continuous Runtime Security Validation, a service that continuously validates production security as cloud infrastructure, applications and AI technologies evolve.
The joint solution combines Critical Cloud’s Managed Runtime Assurance model with the offensive security capabilities of Tarian Labs, whose consultants have experience across government, defence and critical national infrastructure.
Managed Runtime Assurance is designed to ensure production environments remain secure, observable, resilient, cost-efficient and compliant with regulatory expectations. Instead of treating security assessments as isolated events, identified risks become part of an ongoing cycle of remediation, validation and evidence gathering.
The Observe, Detect, Validate framework combines Critical Cloud’s Datadog-powered operational services with Tarian Labs’ independent penetration testing, infrastructure reviews, cloud assessments, web application testing, API testing and follow-up validation. Findings are passed directly into remediation before undergoing independent retesting and documented closure.
The engagement model maintains independence between both organisations. Tarian Labs owns all testing activities, findings, severity ratings and verification, while Critical Cloud manages remediation and runtime optimisation. All work is completed within customer-approved scopes, established rules of engagement and secure evidence handling processes.
“Detection without validation is hope, not assurance,” said James Smith, CEO of Critical Cloud. “Security controls must be proven in production on an ongoing basis rather than assumed to remain effective after a single assessment.”
“Delivering a report is only the beginning,” said Kevin Hanford, Co-Founder and CEO of Tarian Labs. “Customers need a clear process that takes them from identifying weaknesses through remediation and independent confirmation that improvements have been successfully implemented.”
Continuous Runtime Security Validation engagements are available across the UK and Ireland today, with additional packaged services planned. Future collaboration also includes Welsh fintech events and a live demonstration of the Observe, Detect, Validate cycle.
Critical Cloud holds ISO 27001 certification, Cyber Essentials Plus accreditation, and is recognised as a Powered by Datadog accredited partner and Datadog Advanced Partner. Tarian Labs’ services are delivered by CREST registered practitioners with sign-off at NCSC-recognised CHECK Team Leader (CSTL-INF) level.









