Is it normal for vendors to request installation of their remote access tools on our systems?

Definitely push back on this request! Allowing a vendor to install their remote access tool can pose serious security risks. Your existing access methods should suffice, especially if they offer monitored sessions. In fact, some vendors might just be looking for convenience rather than needing a specific setup.

Most companies should avoid granting vendors unmonitored access. Any access should be temporary and logged. If they claim they can't work without their tools, ask for clear justifications. Remind them that their data breaches can become your problem.

Yes, unfortunately, many vendors tend to overlook your security posture. They want the easiest way to fulfill their service agreements and might ask for admin access without understanding the implications. I'd suggest pushing back firmly. Implementing a controlled access method like a jump host can help you retain some oversight.

It’s not uncommon for vendors, especially those in the SMB space, to ask for their own remote access tools. They often prioritize their needs over your security concerns. It's best to discuss this with them directly and express your reservations about security before agreeing to anything. Don't let them dictate your policy – negotiate the terms that work for both parties.

It’s very typical for vendors to make such requests, but that doesn't mean you need to agree. You should definitely have a conversation with them to clarify their needs and express your security requirements. If nothing in the contract mentions needing their software, you have every right to say no.