"'m quite sure someone from Redmond could RDP/SSH into an Irish machine and do from there everything an Irish technician would do."
If the machines are so badly protected from outside access then there's a problem. I've worked on sites where security of personal data was taken seriously. It was segregated on its own LAN. It was only accessible via the production systems that actually needed it (and operated by people with security clearances) or from the computer room. That approach to data security was the essence of their business. I'd expect any large business dealing with personal information to do likewise if it wants to be trusted.