Enhancing Nectari security
By default, when you do an installation, you have a web browser that sends queries to the IIS Website (Nectari Web Server) (set on HTTP by default). Right afterward, the website will communicate with IIS, then IIS will do the same with the SQL Server.
From this point, we can secure IIS (highly recommended).
In relation to Excel Add-In, if you secure the website (IIS) and make possible external access, it will be sufficient at least for Chrome.