Forest definitely. Because it is tantamount to handing over all accounting to the side :) Data that has passed the corporate perimeter no longer belongs to you and you cannot control its distribution. Our 1C programmer, before starting to work, informs us - and access is opened to him via RDP. Worked - closes.

1s-connect

The one who is engaged in 1C with you, let him decide with the security director. My chief accountant is categorically against any external access to 1C databases.

I myself, as a system administrator, do not use, for a number of reasons, remote work in my networks.

Then you are not a system administrator. Set up your network so that remote access does not break security. Do not forget that remote access can be granted to an account with very limited rights - setting them up is the responsibility of the system administrator. In my case, a remote 1C programmer has access to only one computer and change the 1C configuration. He does not have access to DB 1C, as well as access to other computers.

Implementation of 1s-connect

First you need to figure out what kind of animal it is.
If simplified, this is a Skype + TeamViewer hybrid, i.e. a system that simplifies technical support. Integrates with new 1C configurations. You can ask a question from the program, throw a link to the "problem" document.
Let it go or not. Answer the question of how 1C technical support is carried out, it can greatly simplify and speed it up.
enough people). I even know cases when they raised a 1c connection on their own server for internal use.
If for some reason your personal rooms are closed, you need to sort out the reasons. Well, I came across when the computer is not only not connected to the network, so in order to be able to network for it to work, you need to get a visa from 3 leaders.

You need to look first of all not how, but who gets access. You understand that these comrades somehow get access to the data of your organization and it does not matter, remotely or locally.
And about everything else, they correctly write above that you are a system administrator to ensure the security of a remote connection. If you don't know how, learn.

Judging by the way you structured the question and the fact that you chose the answer of exactly the same frightened system administrator without further clarification, you clearly did not understand the essence of the question. What are the cons here? The disadvantages here are obvious: the evil guys who work for your competitors should no longer personally come to your office under the guise of a service organization, but can get the same information remotely. But what are you doing here? Is that you are responsible and the security service. And if so, why do you give access to your accounting to dubious personalities????? In fact, accountants themselves, without any outside help, can update the configuration and call the 1C support line, where they will be "chewed" any question.
In this matter, you should think about whether there are pluses that you should pay attention to. Are you sure you read about this technology? Personally, I have never bought or installed it, since all clients are happy to give remote access via TeamViewer (in a couple of companies, the system administrators were against it, but their opinion was successfully ignored - a wonderful addition to your fears, isn't it?). But then I went to the description on their website and immediately see: recording of all conversations, logging of all actions of a remote specialist, built-in reports for analyzing connection work.
In my opinion, it is you who should be the first to be glad that you do not need to stand over the head of dubious personalities and carefully look at what they are doing and that they would not inadvertently insert a flash drive. Right there, you don’t even need to personally monitor it - set up a script for analyzing logs, and as soon as a remote specialist starts rummaging through the network or entering folders other than those allowed, immediately cut off access and leave with friends for a preventive conversation.

Well, what can I say .......... We have similar problems, they are solved at the level of the director of the client. And if such questions arise, and also, the client admin starts to check, then we do the following:
1. We deploy a test database on our server;
2. We update / make changes, etc., in short, we fulfill all the client's Wishlist;
3. We give remote access to this database;
4. Connects, the one who accepts the work from us, from the client;
5. Checks and says everything is OK;
6. We send the cf-file;
7. They call from the client side, they say what to do with this file ???
8. We suggest that your admin update the working base itself, because there is no remote work and there is no way to come, the distance is more than 1200 km.
9. Next comes snot, drool, calls, the admin sobs, etc., etc.
10. Bottom line. We get access, we update everything ourselves. Everyone is happy. Admin-not Admin. )))