2025: Year in review

December 9, 2025 in Blog

feature-image

Thank You, 2025 — You’ve Been Good to Us!

As the year draws to a close, everyone is looking forward to what’s ahead. But before we say goodbye to 2025, we want to express our appreciation. This year has brought us many moments worth remembering.

Our Service Highlight: The Next-Gen SBOM Tool

If you know us, you know this: umbrella.associates has always stood for personal guidance and independent expertise. Our goal is to build your tailored identity security strategy — tools come second.

Working closely with our clients, we experience firsthand the challenges organizations face in the security domain. Too often, the risks of complex IT processes are underestimated. In 2025, one area stood out in particular: the software supply chain. Challenge accepted.

So we asked ourselves how we could help companies overcome this hurdle more effectively. The result: our Application Supply Guard.

With it, security teams can uncover risks in three simple steps. Unlike traditional SBOM tools, our managed service digs deeper by analyzing actual binary artifacts. The output is a complete Software Bill of Materials (SBOM). On top of that, every component is automatically matched against CVE databases to identify known vulnerabilities — resulting in a security report that provides a solid basis for targeted mitigation.

More information on our Application Supply Guard is available here.

A Top Topic — Today and Tomorrow: Authorization

Authorization remained one of the most underestimated security topics in 2025 — and simultaneously one of the most crucial. While many companies already have a strong grasp of identity, things get far more complex when answering the real question: Which action may an authenticated user perform, in which context, down to the individual resource — and in real time?

We had the opportunity to explore this topic with developers at the IT Security Summit 2025 in Munich. A particular highlight: our live hacking session demonstrating how the AuthZEN standard enables secure, fine-grained authorization.

Authorization is no longer a technical side note — it has become a core component of any Zero Trust Architecture (ZTA). Anyone discussing modern security concepts cannot ignore FGA.

OPA + SpiceDB: An Open-Source Boost for Modern Authorization

A highlight this year was also the release of our new open-source extension for OPA (Open Policy Agent) and SpiceDB. Both technologies are gaining momentum in the world of modern authorization:

  • OPA acts as a powerful policy engine for rule-based decisions

  • SpiceDB, based on Google Zanzibar, represents fine-grained authorization models in a graph structure

Combining these best-of-breed projects into a hybrid authorizer adds significant technological value to today’s ecosystem of Policy Decision Points.

UA at Events

Staying curious, identifying trends, and welcoming new perspectives — these values shape our year. And events play a big role in that. In 2025, our suitcase was in constant use. Our favorites:

  • RETHINK! IAM – March 23, 2025: Our first time at this small Berlin-based conference — and it left an impression. The “World Café” format combining workshop and roundtable brought deep discussions with rotating participants and moderators.
  • European Identity and Cloud Conference (EIC) – May 6–9, 2025: One of the leading events for digital identities — naturally a must for us and over 1,500 other attendees.
  • Identiverse – June 3–6, 2025: A fixture in the calendar for our Co-Founder Sebastian Rohr. This year in Las Vegas, he captivated the audience with his talk: “Making Sense of CRA, DORA and NIS2 in the Identity Space.”
  • ‘6G Conference – July 1–3, 2025:* Back in Berlin, this event centered on Digital Twins and the Asset Administration Shell (AAS) for industry. We contributed our own piece as well — with our [Rollercoaster Demo] (https://www.umbrella.associates/news/digital-twin-industrieanzeiger/).
  • cidaas Connect – October 23–24, 2025: Sebastian’s second passion — besides working at UA — is moderating. The organizers know this well and booked him for several panel discussions.
  • Industrial AI and Digital Identities in Data Ecosystems – November 4, 2025: Hosted by the Federal Ministry for Economic Affairs & Energy. A day dedicated to the future of digital identities in Germany, including discussions around national identity wallets.

Team Events

We know our success wouldn’t be possible without our strong team. That’s why we invest in dedicated time together — through our Umbrella Quarterly Events, where we spend a full day in a conference venue in the Rhine-Main region. Workshops and personal exchange are always at the heart of it.

And of course, our annual workation trip, which took us to sunny Valencia in 2025. The perfect October weather boosted our creativity — and ultimately sparked the idea for our Application Supply Guard.

Here’s to the Next Twelve Months

What can we say? 2025 was an excellent year in many ways. Now we’re ready for the festive season — and excited for new customer projects, meaningful partnerships, and team moments both in Germany and in warmer destinations.

Thank you to all our customers and partners for your trust and collaboration.

Looking ahead to the new year? How about giving your identity security a boost? We’re here to help!


Let's talk

umbrella.associates

  • Mergenthalerallee 73-75
    65760 Eschborn/Frankfurt
  • +49 (0) 6196 204 8237

Navigation

We take your security to the next level

...and boldly go, where new identities need protection. Be it your employees or customers, your partners or admins or even your devices and machinery. We create the management plane that covers YOUR identity needs!

© 2026 umbrella.associates