How do you handle a situation where a TeamLogic IT client is demanding a solution that goes against best security practices?