We feel the need to label applications as either on-premises or cloud.

We try to assure ourselves that an application categorized as on-premises will not send or receive data over a public network, and an application categorized as cloud will not install client resources.

However, the reality is that most applications categorized as on-premises send data to and receive data from the Internet.

This is usually because most applications rely on highly dynamic content that must be installed and then frequently updated on the client device or computer.

Certainly most mobile applications are just thick native clients that access one or more on-line services. Just look at the apps on your phone and tablet and guess which features, if any, of each of those apps will work if you don’t have a data connection.

Desktop and server applications also often need cloud services to function: zip code to city lookups pass your location to an Internet service, desktop publishing templates, clip art, and help system content are now all accessed remotely, and some applications even “outsource” complex computations to cloud services, sending your data outside your organization.

So if prevention or knowledge of an application’s online access is important to you, you need to do a technical analysis of what is and what is not accessed; don’t rely on marketing materials and naïve categorizations. In the absence of such an analysis, assume every application you use is sending data to and receiving data from the Internet.