In this case SSL is highly recommended. It is also because modern browsers can block the requests if you are running on different domains. The connection to the DB is handled by .NET framework or .NET Core. So this should be OK. The, the communication between Kentico admin and live site app is ensured through special URLs which contains security hash + there is also a session and security cookie.