Yes, it is both possible and advisable to restrict access to the content in your online Process Library via AD or IP address range restrictions or both.
Where the Process Library is installed on-premises it is part of the corporate intranet and is protected by whatever security is in place for this.