Skip to content
Critical Cloud × Tarian Labs

Continuous Runtime Security Validation:
prove your runtime security still works after production changes.

Annual penetration tests are useful, but they age quickly. By the time a report reaches the board, code may have shipped, cloud infrastructure may have changed and AI features may have entered production. Continuous Runtime Security Validation gives regulated and fast-scaling teams an assurance loop: observe the runtime, detect risk, validate controls, remediate findings, retest and evidence closure.

Managed Runtime Assurance Observe. Detect. Validate. Independent retesting AWS, Azure and Datadog-ready
01
The alliance

Runtime operators and offensive security practitioners, working together.

Critical Cloud

Critical Cloud delivers Managed Runtime Assurance for AI-era software. We operate, secure and govern the cloud, observability and AI runtime layer behind mission-critical products, powered by Datadog where appropriate, so teams can ship fast while production stays reliable, secure, cost-controlled and evidence-ready.

ISO 27001 Cyber Essentials Plus Powered by Datadog accredited Datadog Advanced Partner

Tarian Labs

Tarian Labs provides practitioner-led penetration testing and security assessments for businesses that refuse to be easy targets. Their offensive security capability is shaped by experience across UK defence, government and Critical National Infrastructure environments.

Practitioner-led testing 22 years combined UK defence & CNI experience CREST-registered practitioners

Critical Cloud operates, observes, secures and improves the runtime layer. Tarian Labs independently challenges that runtime through practitioner-led offensive security testing. Findings move into remediation, retesting and evidence of closure.

02
The problem

The evidence gap grows every time production changes.

A point-in-time security test gives you a snapshot. Production does not stand still. New services appear, permissions change, releases go live, infrastructure evolves and detection coverage drifts. The result is stale evidence at the exact moment boards, auditors, regulators and enterprise customers are asking harder questions.

Reports age quickly

Security evidence can be out of date before the next board pack or customer review.

Findings stall

Pen test findings often sit outside the operational backlog, making remediation slower than it should be.

Detection needs validation

Monitoring and security tooling only matter if the controls work against realistic attack paths.

Closure needs proof

Teams need retesting and evidence that fixes were implemented and risk was reduced.

03
The model

Observe. Detect. Validate.

Three capabilities. Two specialist companies. One closed assurance loop.

Observe

Critical Cloud keeps the production runtime observable, monitored and operationally governed across cloud, observability and AI runtime environments. Where Datadog is already in place, we use it as the operating substrate. Where it is not, we work with the available AWS or Azure-native signals and agree the right route during scoping.

Detect

Detection uses the best-fit tooling for the customer's environment. That may include Datadog Cloud Security, Cloud SIEM, CSPM or other Datadog security modules where already adopted or appropriate. For AWS and Azure environments without Datadog, the service can work with native cloud security telemetry and controls.

Validate

Tarian Labs independently challenges the runtime through practitioner-led offensive security testing. This can include cloud and infrastructure assessment, penetration testing, web application testing, API testing, attack-path validation and retesting.

04
The assurance loop

From finding to fix. From fix to proof.

Every engagement follows the same structured loop, from authorisation to evidenced closure.

01

Scope and authorise

Written customer authorisation, agreed scope, rules of engagement and controlled evidence handling.

02

Establish runtime context

Critical Cloud aligns the operating context, available telemetry, cloud environment, Datadog or native tooling, and remediation ownership. Critical Cloud

03

Validate like an attacker

Tarian Labs tests the agreed environment using practitioner-led offensive security methods. Tarian Labs

04

Prioritise findings

Findings are written so engineering teams can act, with severity, evidence and practical remediation context.

05

Remediate with operational support

Critical Cloud supports the path from finding to operational change where authorised and contracted. Critical Cloud

06

Retest independently

Tarian Labs retests to confirm whether fixes hold. Tarian Labs

07

Evidence closure

The customer receives a clear view of what was tested, what was found, what was fixed and what was confirmed.

Neither party marks its own homework.

05
Environment fit

Built for your environment, not just one tool stack.

Already using Datadog Cloud Security

Use your existing security investment as the foundation for validation. We help confirm whether runtime controls, detection coverage and operational workflows hold up against real attack paths.

Using Datadog without security tooling

Start from the observability layer you already have. We can validate current runtime visibility and, where appropriate, identify the Datadog security capabilities that would strengthen the assurance loop.

AWS or Azure without Datadog

Datadog is not a requirement. For cloud environments without Datadog, the service can use native AWS or Azure security signals, cloud controls and practitioner-led assessment to create a practical validation path.

Hybrid, non-cloud or complex environments

Where the environment falls outside the standard cloud pattern, we scope a bespoke validation route. Book a scoping call to talk through your environment.

06
Scope

What the engagement can include

Exact scope depends on your environment and goals, agreed during scoping. Depending on scope, an engagement can include:

  • Joint scoping call with Critical Cloud and Tarian Labs
  • Written authorisation and rules of engagement
  • Runtime visibility and control review
  • Cloud, infrastructure, web application or API validation depending on scope
  • Practitioner-led offensive security testing
  • Severity-ranked findings
  • Executive and technical readout
  • Remediation route and operational backlog support
  • Independent retesting
  • Evidence of closure
  • Optional ongoing validation cadence
07
Independence

Coordinated delivery. Independent validation.

The model is designed to keep responsibilities clear. Operations and testing work best when they are coordinated, but assurance only has credibility when the tester remains independent.

Tarian Labs owns validation

Testing methodology, findings, severity ratings, evidence and retesting.

Critical Cloud owns runtime improvement

Operational remediation support, observability improvement, runtime security operations, runbooks, monitoring, evidence and cloud, Datadog or native tooling changes where authorised.

You stay in control

The customer owns the product, application, model, business logic, risk acceptance and release decisions.

We operate the stack. You own the product.

We operate, secure and govern the runtime layer behind your product. Tarian Labs independently tests it. You keep every decision over your application, your model and your business logic.

08
Who it's for

Designed for teams where runtime evidence matters.

FinTech and financial services

For teams facing board, customer, investor, audit or regulatory scrutiny.

SaaS and technology platforms

For fast-moving teams where release velocity can outpace runtime assurance.

Healthcare and MedTech

For businesses where security, resilience and evidence matter to trust.

AI-native and AI-adopting companies

For teams putting AI features, agents or model-backed workflows into production.

Regulated and audit-sensitive SMBs

For companies that need enterprise-grade assurance without building an enterprise-sized team.

09
Outcomes

What customers get

  • Independent evidence that runtime controls have been tested
  • A practical path from finding to remediation
  • Retesting that confirms whether fixes hold
  • Clear executive and technical reporting
  • Better alignment between security testing and operational improvement
  • Evidence that can support board, audit, regulator, investor or enterprise customer conversations
  • A route to ongoing assurance as the environment changes

We operate and evidence the runtime controls that support your compliance obligations. We don't make compliance claims on your behalf: the obligation, and the risk decisions, stay with you.

Part of Managed Runtime Assurance

Continuous Runtime Security Validation sits alongside our other Managed Runtime Assurance services.

Managed Runtime Assurance

The operating model this service sits within: observability, security, resilience, cost control and evidence for AI-era software.

Critical Support

Our flagship 24×7 incident management and improvement engineering service for AWS and Azure.

Managed Datadog

Ongoing platform operations for teams that want Datadog managed as the observability and security substrate.

FAQ

Is Datadog required?

No. Datadog is a strong operating substrate where it is already in place, or where the customer wants to extend into managed observability and security operations. For AWS and Azure environments without Datadog, the service can work with native cloud tooling and agreed evidence sources.

What if we already use Datadog Cloud Security?

The engagement can validate whether your existing controls, detections and workflows stand up to realistic attack paths. It is designed to help you turn existing tooling into stronger runtime assurance.

What if we use Datadog but not the security products?

We can start with the observability and operating context you already have, then identify whether Datadog security modules, native cloud controls or a different route is the best fit for your environment.

Is this just a penetration test?

No. Practitioner-led testing is a core part of the service, but the value is the full assurance loop: scope, validate, remediate, retest and evidence closure.

Who performs the testing?

Tarian Labs owns the independent testing methodology, findings, severity ratings and retesting.

Who handles remediation?

Critical Cloud supports runtime remediation and operational improvement where authorised and contracted. The customer remains in control of risk acceptance and product decisions.

Do you test your own work?

No. Independence is built into the model. Tarian Labs validates independently, Critical Cloud supports operational change, and Tarian Labs retests and confirms closure.

What about non-cloud or hybrid environments?

These are handled through a scoped engagement. Book a scoping call rather than looking for a fixed package: we'll agree the right route for your environment.

Is testing authorised?

Yes. Testing runs under written customer authorisation, agreed scope, rules of engagement and controlled evidence handling.

Delivered by Critical Cloud, a Powered by Datadog accredited managed provider and Datadog Advanced Partner. Datadog certified one managed provider globally. We are it. ISO 27001 and Cyber Essentials Plus certified.

Ready to prove your runtime security still works?

Book a scoping call with Critical Cloud and Tarian Labs. We will confirm your environment, existing tooling, validation goals and the right route to evidence.