It seems to me like the IT staff is very small, inexperienced, or very paranoid from the NT days. The City I work at has an IT staff of 10-12 people and since they have so many people, each being an expert in their position, they can handle securing the system and allowing remote access. If your IT staff only has a few positions, it may be a bigger security risk since they don't have the combined expertise or as many eyes watching the system. But, whatever their size, they know what the system can handle better than you do, and all you should do is ask the question if it can be done and if not, put in a request that they find a way to implement it.