We have a network admin that rules over our network. He does not allow others access to administrative passwords and tries to do everything himself. He truly thinks the network is his. He works non stop even logging in remotely once he arrives home after work and continues working. His strategy is keep all other IT staff out of network management and run it all and provide so much value (working from home at nights for free) so that he will be considered indispensable.
If something were to happen to him, or if he were to go rouge on the network, we would be in serious trouble. He will not train anyone else in how to manage our particular network setup and holds all the passwords.
Also, he is so rude and condescending to those that need technical help that no one wants to deal with him.
He is actually a real risk to us both from a security standpoint and productivity standpoint.
I am looking for ways to resolve this situation tactfully while limiting risk to the organization. I am not in a position of authority to replace him. My goal is to submit to upper management recommendations for IT management. This could be in the form of new policies (access and password), part of a disaster preparedness/recovery plan, or some other method. My goal is to point out this weakness in our organization with out attacking him directly.
Are there any books or papers that address such issues? Any suggestions and would be greatly appreciated as well.
