We feel the need to label applications as either on-premises or cloud. We try to assure ourselves that an application categorized as on-premises will not send or receive data over a public network, and an application categorized as cloud will not install client resources.
The Silent Reality
However, the reality is that most applications categorized as cloud require resources to be installed on the client, and sometimes install those resources silently. This is usually because browsers and HTML aren’t powerful enough to drive the complexity required by those applications.
Therefore, applications categorized as cloud sometimes require native browser plugins, agents, or beacons. Sometimes they require native applications that supplement the browser client, like update utilities, upload utilities, etc. Sometimes the only client is a native application, as is the case with mobile apps.
Installing any of these requires explicit action on the part of IT or the user, but are often overlooked as requirements because the application is categorized as “cloud.”
Client Side Resources
So if prevention or knowledge of an application’s required client-side installations is important to you, you need to do a technical analysis of what is and what is not installed; don’t rely on marketing materials and naïve categorizations. In the absence of such an analysis, assume every application you use requires some type of client-side installation.
David Znidarsic is the founder and president of Stairstep Consulting, where he provides intellectual property consultation services ranging from IP forensics, M&A diligence, information security management, open source usage management, and license management. Learn more about David and Stairstep Consulting at www.stairstepconsulting.com.