IF the people in charge are asking for it, find and suggest a solution that can do it safely.
I'm with you so far.
If they are not willing to pay for your solution, find another, albeit less safe solution and present it with a list of assumed risks. Rinse and repeat until you have a solution they are willing to pay for with risks they are accepting, then do that.
In my experience, any "solution" that you present will be understood to do everything that they wanted.
Even if you say that they cannot have X at $Y. They will give you $Y and then demand X.
When you cannot do so, a contractor will be brought in to set up a flawed implementation that will reduce your security BUT will provide X at a price point that you said could not be done.
Which is why we see this story pop up over and over and over again.