CARDIFF, UK, July 14, 2026 – Fintech organisations can now access an ongoing approach to validating production security following a new collaboration between Critical Cloud and Tarian Labs. The Continuous Runtime Security Validation service is designed to provide continuous assurance that live environments remain secure as technology changes, instead of depending on periodic penetration testing.
The combined service links Critical Cloud’s Managed Runtime Assurance capability with Tarian Labs’ offensive security specialists, whose expertise has been developed through projects supporting government, defence and critical national infrastructure.
Managed Runtime Assurance delivers accountable oversight of production applications, cloud infrastructure and AI systems, helping organisations maintain security, resilience, observability, cost efficiency and compliance readiness. Security assessments become part of a continuous operational workflow, with remediation, verification and documented closure replacing one-off reporting.
The Continuous Runtime Security Validation model combines Critical Cloud’s Datadog-powered managed operations with Tarian Labs’ independent security testing through an Observe, Detect, Validate framework. Critical Cloud oversees monitoring, governance and operational visibility, while Tarian Labs conducts penetration testing, cloud and infrastructure assessments, web application testing, API testing and follow-up validation. Findings are passed into remediation before being retested and formally closed.
Both organisations maintain distinct responsibilities throughout every engagement. Tarian Labs remains responsible for testing methodology, findings, severity ratings and verification, while Critical Cloud manages remediation activities and runtime improvements. Customer approval, agreed scope, documented rules of engagement and secure evidence handling apply throughout.
“Detection without validation is hope, not assurance,” said James Smith, CEO of Critical Cloud. “Businesses operating in regulated financial markets need continuous proof that their production security controls remain effective, not simply a report produced months earlier.”
“Effective security programmes continue after testing has finished,” said Kevin Hanford, Co-Founder and CEO of Tarian Labs. “This collaboration connects independent security testing with remediation and validation so organisations can demonstrate that vulnerabilities have been addressed.”
The service is now available for customers across the UK and Ireland. The companies also plan to introduce a packaged joint offering, support fintech events in Wales and launch a demonstration environment that showcases the complete Observe, Detect, Validate process under controlled attack conditions.
Critical Cloud is certified to ISO 27001, has achieved Cyber Essentials Plus, and is recognised as a Powered by Datadog accredited partner and Datadog Advanced Partner. Tarian Labs’ services are delivered by CREST registered practitioners with final sign-off at NCSC-recognised CHECK Team Leader (CSTL-INF) level.
