SAP has focused on providing a number of options to secure processes and data. These options range from security technical controls, system process controls, workflow, and best-practice procedural controls. Providing a granular and comprehensive means to secure based on busines requirements. From a product perspective, SAP has provided adequate technical and best practice controls already integrated into the system to meet most organizations' security requirements. But it should also be noted that most ERP vendors also provide both extensive technical and process controls as well.
So it is not the technical controls that make one ERP solution more secure than others, it is the implemenation of those controls that do. Any system's security effectiveness can only be measured by the comprehensive sum of all the controls that make up the systems security environment. These controls ranging from Operating System and network security to transaction and field security to even check-balance and sum controls all combine to make up the system's security level. Therefore, while SAP does provide best-in-class security functionality, it is only as secure as an organization's desire to make it.