As I consult with clients on security incidents in large organizations, they always puzzled by an incident that shows all their web attacks as originating from either Akamai or Amazon. This is typically due to some reconfiguration of application services to be distributed using a CDN (Content Delivery Network). It is not surprising for organizations like Target after a large breach incident to sift through millions of logs only to find attacks appear to have come either through a trusted service provider (like Akamai) or through a partner.