There is always a balancing act between security and usability. The most secure systems are those disconnected from the network, powered off and locked in a vault, but they are also useless. I fight our IS people almost daily, but luckily I administer the firewalls so I usually win .
It sounds like your Data Security people might be a tad over-enthusiastic, but not atypical.
I think that you might need to build some personal relationships with them. the CISO here (Kirk Bailey, founder of the Agora security forum) has spoken extensively on the importance of building strong personal relationships between security folks. Part of the relationship building process might be to invite them to conversations with your NMS vendor so they can make sure their views reach the product/account managers.
In another life I worked with the security folks to get the organization PCI certification (and re-certification), and SW was a key element to that (the NCM policy engine in particular). After helping them out they are then much more willing to help me out, after all we're all on the same team: protecting access to resource regardless of if the cause was malicious, random, or care.