Yes and no. A VNC client typically shows a user's entire desktop, but this is just showing one application, so it's more Citrix/XenApp like than VNC. But the idea is correct.
I've messed around with these services before, and it's almost always possible to break out of the restricted environment. Depending what you have access too, you can send a keypress for the windows menu, and gain access to the system that way.
Should be amusing when someone else works this out, and everyones dropbox credentials are compromised.
"cloud" is much more than servers. As I explained in my previous post, a cloud is when you can instantiate "servers" in an on-demand and automated fashion. This adds a ton of power than a simple server collocation arrangement, as it allows for pay-as-you-go pricing.
Point is though, there's very little software to actual take advantage of such a system.
Almost every 'cloud' service is just an idiot with a single HTTP server, there's no distributed system, no virtual machines, no 'self healing' system. The end consumer doesn't care, like having 'alloy wheels' on a car- it doesn't matter what the metal alloy is, it just sounds cool, so it sells.
Someone from our IT department wanted to restrict their traffic by their IP address range, and they replied quite truthfully that they can't provide an IP range because they allocate and de-allocate servers as-needed, which makes providing IPs impossible.
Your IT department clearly isn't particularly clever. The IP addresses would still be in an assigned /C or /D block, regardless of them being 'reallocated'. I doubt they even would be, that's just asking for DNS caching problems.