Critical Cloud and Tarian Labs collaborate on continuous production security validation for fintech
CARDIFF, UK, July 14, 2026 – Critical Cloud and Tarian Labs have announced a new strategic collaboration that brings continuous security validation to production environments for fintech organisations. The new Continuous Runtime Security Validation service is designed to provide ongoing assurance that live systems remain secure as applications, cloud infrastructure and AI technologies change, moving beyond the limitations of traditional point-in-time penetration testing.
The offering combines Critical Cloud’s Managed Runtime Assurance capability with Tarian Labs’ practitioner-led offensive security expertise, developed through extensive work across government, defence and critical national infrastructure.
Managed Runtime Assurance provides continuous oversight of production applications, cloud platforms and AI systems, ensuring they remain observable, resilient, secure, cost-efficient and ready to support regulatory requirements. Rather than treating security testing as a standalone exercise, findings are integrated into remediation, verification and documented evidence of completion.
The Continuous Runtime Security Validation service follows an Observe, Detect, Validate model that combines Critical Cloud’s Datadog-powered managed operations with Tarian Labs’ independent security testing. Critical Cloud provides monitoring, operational governance and visibility across cloud and AI runtime environments, while Tarian Labs conducts penetration testing, infrastructure reviews, cloud assessments, web application testing, API testing and independent retesting. Every identified issue progresses through remediation before verification confirms successful resolution.
Both organisations maintain clear operational independence. Tarian Labs is responsible for testing methodology, findings, severity ratings and retesting, while Critical Cloud manages remediation and continuous runtime improvements. All engagements are performed under customer approval, agreed scope, documented rules of engagement and secure evidence handling procedures.
“Detection without validation is hope, not assurance,” said James Smith, CEO of Critical Cloud. “Production environments are constantly evolving, which means organisations need continuous evidence that their security controls remain effective instead of relying on reports that quickly become outdated.”
“Security testing should provide a pathway to measurable improvement,” said Kevin Hanford, Co-Founder and CEO of Tarian Labs. “This collaboration enables customers to move seamlessly from independent testing through remediation, verification and documented proof that issues have been resolved.”
Continuous Runtime Security Validation engagements are available immediately across the UK and Ireland. The companies also plan to introduce a packaged joint service, support fintech events in Wales and launch a live demonstration environment that showcases the Observe, Detect, Validate process under controlled attack scenarios.
Critical Cloud is ISO 27001 certified, holds Cyber Essentials Plus accreditation, and is both a Powered by Datadog accredited partner and Datadog Advanced Partner. Tarian Labs delivers engagements through CREST registered practitioners with sign-off provided at NCSC-recognised CHECK Team Leader (CSTL-INF) level.